spacer [an error occurred while processing this directive]
About the Project
Research Alliance
Our Book

Honeywall CDROM

The purpose of this section is to give you a technical summary of how the CDROM works, and critical issues you will need to consider. Please submit all bugs/corrections for this documentation or the Honeywall CDROM to our Bugzilla Server.

Last Modified: 25 May, 2007

2.0 Technical Summary

  1. How It Works
  2. Key Considerations
  3. Default Users


2.1 How It Works
The Honeywall CDROM installs a honeywall to your local hard drive, overwriting and destroying any previously installed information. Your honeywall is based on Fedora Core 6 that has been miminized for security reasons and had additional Honeywall RPM's added. This gateway becomes a layer 2 bridging device that capture, controls, and analyzes all inbound and outbound traffic to your honeypots. Keep in mind, the CDROM only creates your honeywall gateway, you still have to provide the honeypots.

Installation should be as simple as booting from the CDROM then hitting the Enter key, allowing the fully automated install process to begin. After installation, you will have to go through an Intial Setup process to configure your honeywall gateway for the first time. Once configured and deployed, you have three options on how to administer the system, a command line utility called hwctl, a dialog menu, and the GUI based browser interface called Walleye. In addition, Walleye supports a data analysis interface, however remote access is required for this Walleye, as the honeywall does not support any local windowing capabilities. Also, your honeywall can be configured to automatically updates itself every day using yum(8) to check for, download, and install all the latest OS and honeywall RPM's.


2.2 Key Considerations
These are key issues when decdiding to deploy your Honeywall.

  • The minimum number of Network Interface Cards is two: one card to connect to the internal, honeynet network and another to connect to the external network/Internet. If you want to have remote management and automated updating capabilities, including the use of the Walleye web interface, then you must have a 3rd NIC installed (this is highly recommended).


2.3 Default Users
Once installed, your honeywall will have default users. The password for ALL of these accounts is honey. Its HIGHLY recommended you change these passwords. You can change the local OS passwords during the initial configuration process; the Walleye password can be changed the first time you log into the web interface.

  • Default local OS user is roo.
  • Default local OS privileged user is root.
  • Default user for Walleye web interface is roo.

<-Back Home Next->

Back to Top