HoneyPie | Vagrantfile

Vagrantfile

Vagrant.configure("2") do |config|
  config.vm.box = "cloud-image/debian-13"

  # VM Resources
  config.vm.provider "virtualbox" do |vb|
    vb.memory = "2048"
    vb.cpus = 2
    vb.name = "honeypot"
  end

  # Network Configuration
  # Forwarding the UI port (31097) and some common honeypot ports for testing
  config.vm.network "forwarded_port", guest: 31097, host: 31097 # Dashboard
  config.vm.network "forwarded_port", guest: 2222, host: 2222 # SSH Honeypot
  config.vm.network "forwarded_port", guest: 8000, host: 8000 # HTTP Honeypot
  config.vm.network "forwarded_port", guest: 2323, host: 2323 # Telnet Honeypot
  config.vm.network "forwarded_port", guest: 3389, host: 3389 # RDP Honeypot

  # For full honeypot functionality (packet capture), bridged networking is recommended.
  # Uncomment the line below to enable bridged networking.
  # config.vm.network "public_network"

  # Use a private network for easier access
  config.vm.network "private_network", type: "dhcp"

  # Share the project directory
  config.vm.synced_folder ".", "/opt/honeypot"

  # Provisioning
  config.vm.provision "shell", inline: <<-SHELL
    set -e
    export DEBIAN_FRONTEND=noninteractive

    echo "Updating package lists..."
    apt-get update

    echo "Installing dependencies..."
    apt-get install -y \
      git \
      libpcap-dev \
      build-essential \
      make \
      jq \
      curl \
      ca-certificates \
      libssl-dev \
      pkg-config \
      libcap2-bin \
      nftables \
      unzip

    # Install Go 1.25.7
    GO_VERSION="1.25.7"
    if ! command -v go &> /dev/null || [[ "$(go version | awk '{print $3}')" != "go${GO_VERSION}" ]]; then
      echo "Installing Go ${GO_VERSION}..."
      curl -LO "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz"
      rm -rf /usr/local/go && tar -C /usr/local -xzf "go${GO_VERSION}.linux-amd64.tar.gz"
      rm "go${GO_VERSION}.linux-amd64.tar.gz"
      ln -sf /usr/local/go/bin/go /usr/bin/go
      ln -sf /usr/local/go/bin/gofmt /usr/bin/gofmt
    fi

    # Install DuckDB shared library
    DUCKDB_VERSION="1.4.4"
    echo "Installing DuckDB library ${DUCKDB_VERSION}..."
    curl -LO "https://github.com/duckdb/duckdb/releases/download/v${DUCKDB_VERSION}/libduckdb-linux-amd64.zip"
    unzip -o libduckdb-linux-amd64.zip -d /usr/local/lib
    rm libduckdb-linux-amd64.zip
    ldconfig

    # Setup environment variables for Go
    echo 'export PATH=$PATH:/usr/local/go/bin' >> /home/vagrant/.bashrc
    echo 'export CGO_ENABLED=1' >> /home/vagrant/.bashrc

    # Build the project
    cd /opt/honeypot
    echo "Building honeypot..."
    go build -o honeypot .

    # Set capabilities for the binary
    # setcap doesn't work in VirtualBox, so we'll run as root
    #
    # echo "Setting network capabilities..."
    # setcap cap_net_raw,cap_net_admin,cap_net_bind_service=eip ./honeypot

    # Add systemd service for honeypot
    echo "Copying systemd service and firewall script..."
    cp systemd/honeypot.service /etc/systemd/system/honeypot.service
    cp systemd/honeypot-firewall.sh /usr/local/bin/honeypot-firewall.sh
    chmod +x /usr/local/bin/honeypot-firewall.sh

    echo "Configuring nftables..."
    # Replace /etc/nftables.conf to allow SSH on port 22
    echo '#!/usr/sbin/nft -f' > /etc/nftables.conf
    echo 'flush ruleset' >> /etc/nftables.conf
    echo 'table inet filter {' >> /etc/nftables.conf
    echo '  chain input {' >> /etc/nftables.conf
    echo '    type filter hook input priority 0; policy drop;' >> /etc/nftables.conf
    echo '    ct state established,related accept' >> /etc/nftables.conf
    echo '    iifname "lo" accept' >> /etc/nftables.conf
    echo '    tcp dport 22 accept comment "Allow SSH"' >> /etc/nftables.conf
    echo '  }' >> /etc/nftables.conf
    echo '  chain forward {' >> /etc/nftables.conf
    echo '    type filter hook forward priority 0; policy drop;' >> /etc/nftables.conf
    echo '  }' >> /etc/nftables.conf
    echo '  chain output {' >> /etc/nftables.conf
    echo '    type filter hook output priority 0; policy accept;' >> /etc/nftables.conf
    echo '  }' >> /etc/nftables.conf
    echo '}' >> /etc/nftables.conf

    # Change systemd service to run as root
    echo "Changing systemd service to run as user vagrant"
    sed -i 's/User=honeypot/User=vagrant/' /etc/systemd/system/honeypot.service

    # Replace interface in config
    INTERFACE=$(ip -o -4 addr show | awk '$4 ~ /^192\.168\.56/ {print $2}')
    echo "Set packet logger interface to ${INTERFACE}"

    jq \
      --arg iface "$INTERFACE" \
      '.interface = $iface
      | .bpf_expression = ""' \
      /opt/honeypot/config.json > /opt/honeypot/config.json.tmp \
    && mv /opt/honeypot/config.json.tmp /opt/honeypot/config.json

    # Enable and start the service
    systemctl daemon-reload
    echo "Enabling and starting nftables"
    systemctl enable nftables
    systemctl start nftables
    echo "Enabling and starting honeypot"
    systemctl enable honeypot
    systemctl start honeypot

    # Get local IP address
    LOCAL_IP=$(ip addr show $INTERFACE | grep 'inet ' | awk '{print $2}' | cut -d/ -f1)
    echo "Local IP address: ${LOCAL_IP}"

    echo "---------------------------------------------------------------------"
    echo "Vagrant setup complete!"
    echo "The HONEYPIE Dashboard will be running on http://${LOCAL_IP}:31097"
    echo "The password is: 'secure'"
    echo "Configuration file: /opt/honeypot/config.json"
    echo "---------------------------------------------------------------------"
  SHELL
end