mirror of
https://github.com/cowrie/cowrie.git
synced 2025-07-01 18:07:27 -04:00
aa86048bf2
This is now a huge patch but several things has get together or are part of each other so let me try to explain why I made several changes. INSTALL.md ========== systemd ------- This should work on systems with with systemd like Ubuntu 18.04 or Debian 9. I did not tested it against anything else. 1. I removed authbind from the dependencies because we have now systemd for running on ports < 1024. 2. We are running a daemon. That user is not supposed to have a homedir or even worse to have a shell. For security reasons no /bin/bash. 3. cowrie can and should be installed into /opt. The place on linux where you put software in when you have no clue where to put it. 4. The virtualenv should not be inside the cowrie directory. That's a different part of running our service but is not shipped with the code. So the new path should be /opt/cowrie-env. 5. We want to write as less as possible into /opt keep more the linux way of writing files of a daemon. TTY logs and downloads should be stored into /var/lib/cowrie/. (TODO: the date directory contains still files which should be written into /var/lib/cowrie instead of data/.) 6. The sweet stuff. Installing configurations for systemd, rsyslog and logrotate (more details for this later in this commit message) 7. Installing a pre-configured cowrie config for systemd and better linux integration (TODO: That file should move to /etc/cowrie/cowrie.cfg) 8. How to start cowrie with systemd now 9. How to catch live traffic. I removed the authbind section from it. Not needed anymore. I also recommend to reconfigure your ssh and cowrie service to listen on different ports. This is more easier and quicker then involing iptables/nftables. no systemd ---------- 1. I removed here also the authbind package because it is mentioned later in the install instructions and I think it should be installed when the user is really using that feature. 2. The user here will now also be a system user but with a /bin/bash as shell. Unfortunally the start/stop script needs a bash to work. That's a security drawback which systemd doesn't have. 3. Changing the path to /opt 4. I didn't wanted to touch the bin/cowrie script so the virtualenv is still installed below the cowrie directory. I don't really like this because like above explained we do not ship the code so it should be a different directory. 5 and 6 not touched 7. If we follow the instructions we are having now the code in /opt/cowrie where only root can writes into. So some parts needs to have other permissions to allow reading and writing by cowrie. 8. Start the cowrie daemon with the right user from the root shell. 9. The section port redirecting is IMHO not optional because otherwise we would not get much traffic. I have seen people knocking on port 2222 but cowrie should get the traffic from the ssh port. I also added a note for non experienced users when dealing with the pre-routing iptables rules. Configfiles =========== systemd socket -------------- Systemd handles now the sockets for port binding. No authbind or other dirty hacks needed anymore. systemd service --------------- Systemd also handles now the service. It takes care that every dependency is up before cowrie is started. No supervisord needed anymore rsyslog ------- Logfiles are now written into /var/log/cowrie. Also the json file can be logged here into. Permissions are set that cowrie can also writes into the directory. logrotate --------- Every week we rotate the logfiles in /var/log/cowrie and store 4 compressed log files of it before deleting them.