Started running a Honeypot that will allow attackers to SSH in and run certain commands, it will record these commands in a log. It will also allow the attacker to use the
curl commands and capture these files for later analysis.
I set this up last night and have a single hit thus far. Looking forward to analysing the results next week!