The high-interaction “honeypots” are running as LXC (Linux containers). LXC provides system-level virtualization which has its own processes and own network space. This means that the containers are able to run linux systems in a isolated and virtual environment. The containers are separated from the Fedora Security Lab Test Bench and are using libvirt for the network.
The containers are placed in a separated network which is running in route mode. This way the network traffic from the containers can pass back and forth without using NAT. The downside is that additional configuration on the clients is needed.
- Network mode: Routed
- Gateway: 10.10.1.1 (MAC address: 52:52:11:11:11:11)
- Network: 10.10.1.0/255
- DHCP: on
- DHCP range: 10.10.1.50 - 10.10.1.60
To access the container network you need to add a static route the this network. libvirt acts as virtual router on your Fedora Security Lab Test Bench and the hosts on the physical network do not know that there is a subnet.
$ sudo route add -net 10.10.1.0 netmask 255.255.255.0 gw [IP address of your FSL Test Bench] dev [Interface]
After adding the route, check if the containers are responding.
6.1.2. Available systems¶
|Container name||MAC address||IP address||Details|
The containers are launched automatically then the Fedora Security Lab Test Bench starts. It makes sense to shut them down if you are running a system which has only limited resources and you are working on different sections.
There are several ways for maintaining the containers. If you have a SSH
connection to your Test Bench, you can use
Show all running containers:
# virsh --connect lxc:/// list --all
# virsh --connect lxc:/// shutdown [container name]
# virsh --connect lxc:/// start [container name]
For more details about
virsh please check the virsh man page.
$ man virsh
or the virsh command reference.
For managing the containers in a GUI way launch Virtual Machine Manager
virt-manager). The first step is to connect to your Fedora Security Lab
Test Bench. Goto File and choose Add connection... after
Virtual Machine Manager was started. Choose LXC (Linux Containers)
as Hypervisor, SSH as Method, root as Username is ok, and enter the
IP address of Fedora Security Lab Test Bench.
All containers can now be manipulated (shutdown, reboot, etc.) like virtual machine hosted on your local system if you have any.
Virtual Machine Manager will present you a login shell after you have open a container.