This is now a huge patch but several things has get together or are part
of each other so let me try to explain why I made several changes.
INSTALL.md
==========
systemd
-------
This should work on systems with with systemd like Ubuntu 18.04 or
Debian 9. I did not tested it against anything else.
1. I removed authbind from the dependencies because we have now systemd
for running on ports < 1024.
2. We are running a daemon. That user is not supposed to have a homedir
or even worse to have a shell. For security reasons no /bin/bash.
3. cowrie can and should be installed into /opt. The place on linux
where you put software in when you have no clue where to put it.
4. The virtualenv should not be inside the cowrie directory. That's a
different part of running our service but is not shipped with the code.
So the new path should be /opt/cowrie-env.
5. We want to write as less as possible into /opt keep more the linux
way of writing files of a daemon. TTY logs and downloads should be
stored into /var/lib/cowrie/.
(TODO: the date directory contains still files which should be written
into /var/lib/cowrie instead of data/.)
6. The sweet stuff. Installing configurations for systemd, rsyslog and
logrotate (more details for this later in this commit message)
7. Installing a pre-configured cowrie config for systemd and better
linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg)
8. How to start cowrie with systemd now
9. How to catch live traffic. I removed the authbind section from it.
Not needed anymore. I also recommend to reconfigure your ssh and cowrie
service to listen on different ports. This is more easier and quicker
then involing iptables/nftables.
no systemd
----------
1. I removed here also the authbind package because it is mentioned
later in the install instructions and I think it should be installed
when the user is really using that feature.
2. The user here will now also be a system user but with a /bin/bash as
shell. Unfortunally the start/stop script needs a bash to work.
That's a security drawback which systemd doesn't have.
3. Changing the path to /opt
4. I didn't wanted to touch the bin/cowrie script so the virtualenv is
still installed below the cowrie directory. I don't really like this
because like above explained we do not ship the code so it should be a
different directory.
5 and 6 not touched
7. If we follow the instructions we are having now the code in
/opt/cowrie where only root can writes into. So some parts needs to have
other permissions to allow reading and writing by cowrie.
8. Start the cowrie daemon with the right user from the root shell.
9. The section port redirecting is IMHO not optional because otherwise
we would not get much traffic. I have seen people knocking on port 2222
but cowrie should get the traffic from the ssh port.
I also added a note for non experienced users when dealing with the
pre-routing iptables rules.
Configfiles
===========
systemd socket
--------------
Systemd handles now the sockets for port binding. No authbind or other
dirty hacks needed anymore.
systemd service
---------------
Systemd also handles now the service. It takes care that every
dependency is up before cowrie is started. No supervisord needed anymore
rsyslog
-------
Logfiles are now written into /var/log/cowrie. Also the json file can be
logged here into. Permissions are set that cowrie can also writes into
the directory.
logrotate
---------
Every week we rotate the logfiles in /var/log/cowrie and store 4
compressed log files of it before deleting them.
* Expanded MySQL Output Plugin Documentation
Per issue #605, I have updated the MySQL documentation for more clarity and updated requirements-output.txt. I also added a small section in INSTALL.md to mention output plugins and where to find more information.
* Expanded MySQL Output Plugin Documentation
Per issue #605, I have updated the MySQL documentation for more clarity and updated requirements-output.txt. I also added a small section in INSTALL.md to mention output plugins and where to find more information.
* Expanded MySQL Output Plugin Documentation
Per issue #605, I have updated the MySQL Installation README.md for more clarity and updated. I also added a small section in INSTALL.md to mention output plugins and where to find more information.
* * Updating start script to run in the foreground when using supervisord.
* Update install documentation to reference use of supervisord and install on OSX
* Updating index of INSTALL.md to with reference to supervisord
* Adding slack output and db
* Restoring start.sh back to default of AUTHBIND_ENABLED=no and DAEMONIZE=no
* Updating with pretty formatting of json dump
* untested improvements to Install.md
* fixed missing pycrypto in requirements.txt
* table of contents
* removing citation
* beautification
* remove red hat instructions (they were wrong)
* PYTHONPATH might need to be set regardless
* bugfix
* reorganize, sweeping improvements
* finishing touches
