cowrie/cowrie
1
0
Fork 0
mirror of https://github.com/cowrie/cowrie.git synced 2025-07-01 18:07:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

allow output plugin config via env variable (#1454)

Browse Source 
* remove debug version check statement
* uncomment all output plugins, but leave them in disabled state. This way they can be configured with environment variables
This commit is contained in:
Michel Oosterhof
2020-11-25 16:18:12 +08:00
committed by GitHub
parent c049ebea49
commit 3caef117f7
3 changed files with 130 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bin/cowrie
View File

@ -25,7 +25,6 @@ first_time_use() {
} }
python_version_warning() { python_version_warning() {
echo "version check"
if python -V 2>&1 | grep -q '^Python 2.'; then if python -V 2>&1 | grep -q '^Python 2.'; then
echo echo
echo "DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020." echo "DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020."

260
etc/cowrie.cfg.dist
View File

@ -705,12 +705,12 @@ listen_endpoints = tcp:2223:interface=0.0.0.0
# Output entries need to start with 'output_' and have the 'enabled' entry. # Output entries need to start with 'output_' and have the 'enabled' entry.
# ============================================================================ # ============================================================================
#[output_xmpp] [output_xmpp]
#enabled=true enabled=false
#server = conference.cowrie.local server = conference.cowrie.local
#user = cowrie@cowrie.local user = cowrie@cowrie.local
#password = cowrie password = cowrie
#muc = hacker_room muc = hacker_room
# JSON based logging module # JSON based logging module
# #
@ -722,11 +722,11 @@ epoch_timestamp = false
# Supports logging to Elasticsearch # Supports logging to Elasticsearch
# This is a simple early release # This is a simple early release
# #
#[output_elasticsearch] [output_elasticsearch]
#enabled = false enabled = false
#host = localhost host = localhost
#port = 9200 port = 9200
#index = cowrie index = cowrie
# type has been deprecated since ES 6.0.0 # type has been deprecated since ES 6.0.0
# use _doc which is the default type. See # use _doc which is the default type. See
# https://stackoverflow.com/a/53688626 for # https://stackoverflow.com/a/53688626 for
@ -764,11 +764,11 @@ epoch_timestamp = false
# You must signup for an api key. # You must signup for an api key.
# Once registered, find your details at: https://isc.sans.edu/myaccount.html # Once registered, find your details at: https://isc.sans.edu/myaccount.html
# #
#[output_dshield] [output_dshield]
#userid = userid_here enabled = false
#auth_key = auth_key_here userid = userid_here
#batch_size = 100 auth_key = auth_key_here
#enabled = false batch_size = 100
# Local Syslog output module # Local Syslog output module
@ -780,10 +780,10 @@ epoch_timestamp = false
# Format can be: # Format can be:
# text, cef # text, cef
# #
#[output_localsyslog] [output_localsyslog]
#enabled = false enabled = false
#facility = USER facility = USER
#format = text format = text
# Text output # Text output
@ -792,10 +792,10 @@ epoch_timestamp = false
# Format can be: # Format can be:
# text, cef # text, cef
# #
#[output_textlog] [output_textlog]
#enabled = false enabled = false
#logfile = ${honeypot:log_path}/audit.log logfile = ${honeypot:log_path}/audit.log
#format = text format = text
# MySQL logging module # MySQL logging module
@ -804,25 +804,25 @@ epoch_timestamp = false
# MySQL logging requires extra software: sudo apt-get install libmysqlclient-dev # MySQL logging requires extra software: sudo apt-get install libmysqlclient-dev
# MySQL logging requires an extra Python module: pip install mysql-python # MySQL logging requires an extra Python module: pip install mysql-python
# #
#[output_mysql] [output_mysql]
#enabled = false enabled = false
#host = localhost host = localhost
#database = cowrie database = cowrie
#username = cowrie username = cowrie
#password = secret password = secret
#port = 3306 port = 3306
#debug = false debug = false
# Rethinkdb output module # Rethinkdb output module
# Rethinkdb output module requires extra Python module: pip install rethinkdb # Rethinkdb output module requires extra Python module: pip install rethinkdb
#[output_rethinkdblog] [output_rethinkdblog]
#enabled = false enabled = false
#host = 127.0.0.1 host = 127.0.0.1
#port = 28015 port = 28015
#table = output table = output
#password = password =
#db = cowrie db = cowrie
# SQLite3 logging module # SQLite3 logging module
# #
@ -830,18 +830,18 @@ epoch_timestamp = false
# docs/sql/sqlite3.sql: # docs/sql/sqlite3.sql:
# sqlite3 <db_file> < docs/sql/sqlite3.sql # sqlite3 <db_file> < docs/sql/sqlite3.sql
# #
#[output_sqlite] [output_sqlite]
#enabled = false enabled = false
#db_file = cowrie.db db_file = cowrie.db
# MongoDB logging module # MongoDB logging module
# #
# MongoDB logging requires an extra Python module: pip install pymongo # MongoDB logging requires an extra Python module: pip install pymongo
# #
#[output_mongodb] [output_mongodb]
#enabled = false enabled = false
#connection_string = mongodb://username:password@host:port/database connection_string = mongodb://username:password@host:port/database
#database = dbname database = dbname
# Splunk HTTP Event Collector (HEC) output module # Splunk HTTP Event Collector (HEC) output module
@ -850,103 +850,93 @@ epoch_timestamp = false
# mandatory fields: url, token # mandatory fields: url, token
# optional fields: index, source, sourcetype, host # optional fields: index, source, sourcetype, host
# #
#[output_splunk] [output_splunk]
#enabled = false enabled = false
#url = https://localhost:8088/services/collector/event url = https://localhost:8088/services/collector/event
#token = 6A0EA6C6-8006-4E39-FC44-C35FF6E561A8 token = 6A0EA6C6-8006-4E39-FC44-C35FF6E561A8
#index = cowrie index = cowrie
#sourcetype = cowrie sourcetype = cowrie
#source = cowrie source = cowrie
# HPFeeds
#
#[output_hpfeeds3]
#enabled = false
#server = hpfeeds.mysite.org
#port = 10000
#identifier = abc123
#secret = secret
#debug = false
# HPFeeds3 # HPFeeds3
# Python3 implementation of HPFeeds # Python3 implementation of HPFeeds
#[output_hpfeeds3] [output_hpfeeds3]
#enabled = false enabled = false
#server = hpfeeds.mysite.org server = hpfeeds.mysite.org
#port = 10000 port = 10000
#identifier = abc123 identifier = abc123
#secret = secret secret = secret
#debug=false debug=false
# VirusTotal output module # VirusTotal output module
# You must signup for an api key. # You must signup for an api key.
# #
#[output_virustotal] [output_virustotal]
#enabled = false enabled = false
#api_key = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef api_key = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
#upload = True upload = True
#debug = False debug = False
#scan_file = True scan_file = True
#scan_url = False scan_url = False
# Cuckoo output module # Cuckoo output module
#[output_cuckoo] [output_cuckoo]
#enabled = false enabled = false
# no slash at the end # no slash at the end
#url_base = http://127.0.0.1:8090 url_base = http://127.0.0.1:8090
#user = user user = user
#passwd = passwd passwd = passwd
# force will upload duplicated files to cuckoo # force will upload duplicated files to cuckoo
#force = 0 force = 0
# upload to MalShare # upload to MalShare
#[output_malshare] [output_malshare]
#enabled = false enabled = false
# This will produce a _lot_ of messages - you have been warned.... # This will produce a _lot_ of messages - you have been warned....
#[output_slack] [output_slack]
#enabled = false enabled = false
#channel = channel_that_events_should_be_posted_in channel = channel_that_events_should_be_posted_in
#token = slack_token_for_your_bot token = slack_token_for_your_bot
#debug = false debug = false
# https://csirtg.io # https://csirtg.io
# You must signup for an api key. # You must signup for an api key.
# #
#[output_csirtg] [output_csirtg]
#enabled = false enabled = false
#username = wes username = wes
#feed = scanners feed = scanners
#description = random scanning activity description = random scanning activity
#token = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef token = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
#[output_socketlog] [output_socketlog]
#enabled = false enabled = false
#address = 127.0.0.1:9000 address = 127.0.0.1:9000
#timeout = 5 timeout = 5
# Upload files that cowrie has captured to an S3 (or compatible bucket) # Upload files that cowrie has captured to an S3 (or compatible bucket)
# Files are stored with a name that is the SHA of their contents # Files are stored with a name that is the SHA of their contents
# #
#[output_s3] [output_s3]
enabled = false
# #
# The AWS credentials to use. # The AWS credentials to use.
# Leave these blank to use botocore's credential discovery e.g .aws/config or ENV variables. # Leave these blank to use botocore's credential discovery e.g .aws/config or ENV variables.
# As per https://github.com/boto/botocore/blob/develop/botocore/credentials.py#L50-L65 # As per https://github.com/boto/botocore/blob/develop/botocore/credentials.py#L50-L65
#access_key_id = AKIDEXAMPLE access_key_id = AKIDEXAMPLE
#secret_access_key = wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY secret_access_key = wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY
# #
# The bucket to store the files in. The bucket must already exist. # The bucket to store the files in. The bucket must already exist.
#bucket = my-cowrie-bucket bucket = my-cowrie-bucket
# #
# The region the bucket is in # The region the bucket is in
#region = eu-west-1 region = eu-west-1
# #
# An alternate endpoint URL. If you self host a pithos instance you can set # An alternate endpoint URL. If you self host a pithos instance you can set
# this to its URL (e.g. https://s3.mydomain.com) - can otherwise be blank # this to its URL (e.g. https://s3.mydomain.com) - can otherwise be blank
@ -957,12 +947,12 @@ epoch_timestamp = false
# where you don't yet have real certificates. # where you don't yet have real certificates.
#verify = no #verify = no
#[output_influx] [output_influx]
#enabled = false enabled = false
#host = 127.0.0.1 host = 127.0.0.1
#port = 8086 port = 8086
#database_name = cowrie database_name = cowrie
#retention_policy_duration = 12w retention_policy_duration = 12w
[output_kafka] [output_kafka]
enabled = false enabled = false
@ -971,47 +961,47 @@ port = 9092
topic = cowrie topic = cowrie
#[output_redis] [output_redis]
#enabled = false enabled = false
#host = 127.0.0.1 host = 127.0.0.1
#port = 6379 port = 6379
# DB of the redis server. Defaults to 0 # DB of the redis server. Defaults to 0
#db = 0 db = 0
# Password of the redis server. Defaults to None # Password of the redis server. Defaults to None
# password = secret # password = secret
# Name of the list to push to or the channel to publish to. Required # Name of the list to push to or the channel to publish to. Required
#keyname = cowrie keyname = cowrie
# Method to use when sending data to redis. # Method to use when sending data to redis.
# Can be one of [lpush, rpush, publish]. Defaults to lpush # Can be one of [lpush, rpush, publish]. Defaults to lpush
#send_method = lpush send_method = lpush
# Perform Reverse DNS lookup # Perform Reverse DNS lookup
#[output_reversedns] [output_reversedns]
#enabled = true enabled = false
# Timeout in seconds # Timeout in seconds
#timeout = 3 timeout = 3
#[output_greynoise] [output_greynoise]
#enabled = true enabled = false
#debug=False debug = false
# Name of the tags separated by comma, for which the IP has to be scanned for. # Name of the tags separated by comma, for which the IP has to be scanned for.
# Example "SHODAN,JBOSS_WORM,CPANEL_SCANNER_LOW" # Example "SHODAN,JBOSS_WORM,CPANEL_SCANNER_LOW"
# If there isn't any specific tag then just leave it "all" # If there isn't any specific tag then just leave it "all"
#tags = all tags = all
# It's optional to have API key, so if you don't want to but # It's optional to have API key, so if you don't want to but
# API key then leave this option commented # API key then leave this option commented
#api_key = 1234567890 #api_key = 1234567890
# Upload all files to a MISP instance of your liking. # Upload all files to a MISP instance of your liking.
# The API key can be found under Event Actions -> Automation # The API key can be found under Event Actions -> Automation
#[output_misp] [output_misp]
#enabled = true enabled = false
#base_url = https://misp.somedomain.com base_url = https://misp.somedomain.com
#api_key = secret_key api_key = secret_key
#verify_cert = true verify_cert = true
#publish_event = true publish_event = true
#debug = false debug = false
# The crashreporter sends data on Python exceptions to api.cowrie.org # The crashreporter sends data on Python exceptions to api.cowrie.org
# To disable set `enabled = false` in cowrie.cfg # To disable set `enabled = false` in cowrie.cfg
@ -1021,8 +1011,8 @@ debug = false
# Reports login attempts to AbuseIPDB. A short guide is in the original # Reports login attempts to AbuseIPDB. A short guide is in the original
# pull request on GitHub: https://github.com/cowrie/cowrie/pull/1346 # pull request on GitHub: https://github.com/cowrie/cowrie/pull/1346
#[output_abuseipdb] [output_abuseipdb]
#enabled = true enabled = false
#api_key = #api_key =
#rereport_after = 24 #rereport_after = 24
#tolerance_window is in minutes #tolerance_window is in minutes

1
src/cowrie/core/config.py
View File

@ -33,6 +33,7 @@ class CowrieConfig(object):
class EnvironmentConfigParser(configparser.ConfigParser): class EnvironmentConfigParser(configparser.ConfigParser):
""" """
ConfigParser with additional option to read from environment variables ConfigParser with additional option to read from environment variables
# TODO: def sections()
""" """
def has_option(self, section, option): def has_option(self, section, option):
if to_environ_key('_'.join((section, option))) in environ: if to_environ_key('_'.join((section, option))) in environ: