-
Notifications
You must be signed in to change notification settings - Fork 629
Uninstalling Honeypots
Jason Trost edited this page Aug 10, 2016
·
5 revisions
This page covers how to uninstall honeypots and sensors that MHN installs. This is a Work in progress.
With most honeypots deployed using MHN, uninstalling means you simply remove the supervisor config, call supervisorctl update and then remove the /opt/$HONEYPOT directory and any logs in /var/log/ pertaining to the honeypot.
Some specific examples:
if [[ `lsb_release -cs` == "trusty" ]] ;
then
apt-get remove -y dionaea-phibo;
else
apt-get remove -y dionaea ;
fi
rm -rf /var/dionaea/wwwroot /var/dionaea/binaries /var/dionaea/log /etc/dionaea/dionaea.conf /etc/supervisor/conf.d/dionaea.conf
supervisorctl update
# as root
rm /etc/supervisor/conf.d/p0f.conf
supervisorctl update
rm -rf /var/empty/p0f /opt/p0f /var/log/p0f.*
# as root
rm /etc/supervisor/conf.d/snort.conf
supervisorctl update
rm -rf /opt/snort/ rm /etc/cron.daily/update_snort_rules.sh