This repository contains Terraform code to set up an Azure honeypot environment for Security Information and Event Management (SIEM) lab purposes. The code provisions an Ubuntu virtual machine with various open ports to simulate a vulnerable system and attract potential attackers. video guide
- Azure subscription
- Terraform installed
- Azure CLI installed
- SSH key pair (public and private keys)
-
Clone this repository:
-
Navigate to the repository directory:
-
Copy your SSH public key to the
~/.ssh/id_rsa.pubpath or update thepublic_keyline inmain.tfwith the path to your public key. -
Run
terraform initto initialize the Terraform working directory. -
Run
terraform applyto create the Azure resources. Review the execution plan and enteryesto confirm. -
After the deployment is complete, Terraform will output the public IP address and SSH command to connect to the virtual machine.
The variables.tf file contains the default values for various resources. You can modify these values according to your requirements. For example, you can change the resource group name, location, virtual machine size, and more.
After Configuration and Deployment, you can connect to the virtual machine using the SSH command provided by Terraform. To find the command run terraform output. For example, it will look like this:
- Login to Web Server:
- Username:
azureuser - Password:
hellohoney
- Username:
SSH Command:
SSH Command (After Restart for Honey Install):
ssh -p 64295 [email protected]
VM Public IP: 40.117.199.224
Web Server Login URL: https://40.117.199.224:64297
To remove all the created resources, run terraform destroy and confirm by entering yes.
This lab environment is designed to simulate a vulnerable system and attract potential attackers for educational purposes. It is recommended to use this setup in a controlled environment and not expose it to the public internet. Additionally, ensure to clean up the resources after completing the lab to avoid any potential misuse.
This project is licensed under the MIT License.