include docker repos

... skip emobility since it is a dev repo

docker/cowrie/dist/cowrie.cfg

@@ -0,0 +1,472 @@
+#
+# Cowrie configuration file (cowrie.cfg)
+#
+
+# ============================================================================
+# General Honeypot Options
+# ============================================================================
+[honeypot]
+
+# Sensor name is used to identify this Cowrie instance. Used by the database
+# logging modules such as mysql.
+#
+# If not specified, the logging modules will instead use the IP address of the
+# server as the sensor name.
+#
+# (default: not specified)
+#sensor_name=t-pot
+
+# Hostname for the honeypot. Displayed by the shell prompt of the virtual
+# environment
+#
+# (default: svr04)
+hostname = ubuntu
+
+
+# Directory where to save log files in.
+#
+# (default: log)
+log_path = log
+
+
+# Directory where to save downloaded artifacts in.
+#
+# (default: dl)
+download_path = dl
+
+
+# Directory for miscellaneous data files, such as the password database.
+#
+# (default: data_path)
+data_path = data
+
+
+# Directory where virtual file contents are kept in.
+#
+# This is only used by commands like 'cat' to display the contents of files.
+# Adding files here is not enough for them to appear in the honeypot - the
+# actual virtual filesystem is kept in filesystem_file (see below)
+#
+# (default: honeyfs)
+contents_path = honeyfs
+
+
+# File in the Python pickle format containing the virtual filesystem.
+#
+# This includes the filenames, paths, permissions for the Cowrie filesystem,
+# but not the file contents. This is created by the bin/createfs utility from
+# a real template linux installation.
+#
+# (default: fs.pickle)
+filesystem_file = data/fs.pickle
+
+
+# Directory for creating simple commands that only output text.
+#
+# The command must be placed under this directory with the proper path, such
+# as:
+#   txtcmds/usr/bin/vi
+# The contents of the file will be the output of the command when run inside
+# the honeypot.
+#
+# In addition to this, the file must exist in the virtual filesystem
+#
+# (default: txtcmds)
+txtcmds_path = txtcmds
+
+
+# Maximum file size (in bytes) for downloaded files to be stored in 'download_path'.
+# A value of 0 means no limit. If the file size is known to be too big from the start,
+# the file will not be stored on disk at all.
+#
+# (default: 0)
+#download_limit_size = 10485760
+
+
+# TTY logging will log a transcript of the complete terminal interaction in UML
+# compatible format.
+# (default: true)
+ttylog = true
+
+
+
+# ============================================================================
+# Network Specific Options
+# ============================================================================
+
+
+# IP address to bind to when opening outgoing connections. Used by wget and
+# curl commands.
+#
+# (default: not specified)
+#out_addr = 0.0.0.0
+
+
+# Fake address displayed as the address of the incoming connection.
+# This doesn't affect logging, and is only used by honeypot commands such as
+# 'w' and 'last'
+#
+# If not specified, the actual IP address is displayed instead (default
+# behaviour).
+#
+# (default: not specified)
+#fake_addr = 192.168.66.254
+
+
+# The IP address on which this machine is reachable on from the internet.
+# Useful if you use portforwarding or other mechanisms. If empty, Cowrie
+# will determine by itself. Used in 'netstat' output
+#
+#internet_facing_ip = 9.9.9.9
+
+
+# Enable to log the public IP of the honeypot (useful if listening on 127.0.0.1)
+# IP address is obtained by querying http://myip.threatstream.com
+report_public_ip = true
+
+
+
+# ============================================================================
+# Authentication Specific Options
+# ============================================================================
+
+
+# Class that implements the checklogin() method.
+#
+# Class must be defined in cowrie/core/auth.py
+# Default is the 'UserDB' class which uses the password database.
+#
+# Alternatively the 'AuthRandom' class can be used, which will let
+# a user login after a random number of attempts.
+# It will also cache username/password combinations that allow login.
+#
+#auth_class = UserDB
+
+# When AuthRandom is used also set the
+#  auth_class_parameters: <min try>, <max try>, <maxcache>
+#  for example: 2, 5, 10 = allows access after randint(2,5) attempts
+#  and cache 10 combinations.
+#
+auth_class = AuthRandom
+auth_class_parameters = 2, 5, 10
+
+
+# No authentication checking at all
+# enabling 'auth_none' will enable the ssh2 'auth_none' authentication method
+# this allows the requested user in without any verification at all
+#
+# (default: false)
+#auth_none_enabled = false
+
+
+
+# ============================================================================
+# Historical SSH Specific Options
+# historical options in [honeypot] that have not yet been moved to [ssh]
+# ============================================================================
+
+# Source Port to report in logs (useful if you use iptables to forward ports to Cowrie)
+reported_ssh_port = 22
+
+
+
+# ============================================================================
+# SSH Specific Options
+# ============================================================================
+[ssh]
+
+# Enable SSH support
+# (default: true)
+enabled = true
+
+
+# Public and private SSH key files. If these don't exist, they are created
+# automatically.
+rsa_public_key = etc/ssh_host_rsa_key.pub
+rsa_private_key = etc/ssh_host_rsa_key
+dsa_public_key = etc/ssh_host_dsa_key.pub
+dsa_private_key = etc/ssh_host_dsa_key
+
+# SSH Version String
+#
+# Use these to disguise your honeypot from a simple SSH version scan
+# Examples:
+# SSH-2.0-OpenSSH_5.1p1 Debian-5
+# SSH-1.99-OpenSSH_4.3
+# SSH-1.99-OpenSSH_4.7
+# SSH-1.99-Sun_SSH_1.1
+# SSH-2.0-OpenSSH_4.2p1 Debian-7ubuntu3.1
+# SSH-2.0-OpenSSH_4.3
+# SSH-2.0-OpenSSH_4.6
+# SSH-2.0-OpenSSH_5.1p1 Debian-5
+# SSH-2.0-OpenSSH_5.1p1 FreeBSD-20080901
+# SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu5
+# SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu6
+# SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
+# SSH-2.0-OpenSSH_5.5p1 Debian-6
+# SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze1
+# SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze2
+# SSH-2.0-OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503
+# SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
+# SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
+# SSH-2.0-OpenSSH_5.9
+#
+# (default: "SSH-2.0-SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2")
+version = SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
+
+
+# IP addresses to listen for incoming SSH connections.
+#
+# (default: 0.0.0.0) = any IPv4 address
+#listen_addr = 0.0.0.0
+# (use :: for listen to all IPv6 and IPv4 addresses)
+#listen_addr = ::
+
+
+# Port to listen for incoming SSH connections.
+#
+# (default: 2222)
+#listen_port = 22
+
+
+# sftp_enabled enables the sftp subsystem
+sftp_enabled = true
+
+
+# Enable SSH direct-tcpip forwarding
+# (default: true)
+forwarding = true
+
+
+# This enables redirecting forwarding requests to another address
+# Useful for forwarding protocols to other honeypots
+# (default: false)
+forward_redirect = false
+
+
+# Configure where to forward the data to.
+# forward_redirect_<portnumber> = <redirect ip>:<redirect port>
+
+# Redirect http/https
+forward_redirect_80 = 127.0.0.1:8000
+forward_redirect_443 = 127.0.0.1:8443
+
+# To record SMTP traffic, install an SMTP honeypoint.
+# (e.g https://github.com/awhitehatter/mailoney), run
+# python mailoney.py -s yahoo.com -t schizo_open_relay -p 12525
+forward_redirect_25 = 127.0.0.1:12525
+forward_redirect_587 = 127.0.0.1:12525
+
+
+
+# ============================================================================
+# Telnet Specific Options
+# ============================================================================
+[telnet]
+
+# Enable Telnet support, disabled by default
+enabled = true
+
+# IP addresses to listen for incoming Telnet connections.
+#
+# (default: 0.0.0.0) = any IPv4 address
+#listen_addr = 0.0.0.0
+# (use :: for listen to all IPv6 and IPv4 addresses)
+#listen_addr = ::
+
+
+# Port to listen for incoming Telnet connections.
+#
+# (default: 2223)
+#listen_port = 23
+
+# Source Port to report in logs (useful if you use iptables to forward ports to Cowrie)
+reported_port = 23
+
+
+
+# ============================================================================
+# Database logging Specific Options
+# ============================================================================
+
+# XMPP Logging
+# Log to an xmpp server.
+#
+#[database_xmpp]
+#server = sensors.carnivore.it
+#user = anonymous@sensors.carnivore.it
+#password = anonymous
+#muc = dionaea.sensors.carnivore.it
+#signal_createsession = cowrie-events
+#signal_connectionlost = cowrie-events
+#signal_loginfailed = cowrie-events
+#signal_loginsucceeded = cowrie-events
+#signal_command = cowrie-events
+#signal_clientversion = cowrie-events
+#debug=true
+
+
+
+# ============================================================================
+# Output Plugins
+# These provide an extensible mechanism to send audit log entries to third
+# parties. The audit entries contain information on clients connecting to
+# the honeypot.
+# ============================================================================
+
+
+# JSON based logging module
+#
+[output_jsonlog]
+logfile = log/cowrie.json
+
+
+# Supports logging to Elasticsearch
+# This is a simple early release
+#
+#[output_elasticsearch]
+#host = localhost
+#port = 9200
+#index = cowrie
+#type = cowrie
+
+
+# Send login attemp information to SANS DShield
+# See https://isc.sans.edu/ssh.html
+# You must signup for an api key.
+# Once registered, find your details at: https://isc.sans.edu/myaccount.html
+#
+#[output_dshield]
+#userid = userid_here
+#auth_key = auth_key_here
+#batch_size = 100
+
+
+# Local Syslog output module
+#
+# This sends log messages to the local syslog daemon.
+# Facility can be:
+# KERN, USER, MAIL, DAEMON, AUTH, LPR, NEWS, UUCP, CRON, SYSLOG and LOCAL0 to LOCAL7.
+#
+# Format can be:
+# text, cef
+#
+#[output_localsyslog]
+#facility = USER
+#format = text
+
+
+# Text output
+# This writes audit log entries to a text file
+#
+# Format can be:
+# text, cef
+#
+[output_textlog]
+logfile = log/cowrie-textlog.log
+format = text
+
+
+# MySQL logging module
+# Database structure for this module is supplied in doc/sql/mysql.sql
+#
+# MySQL logging requires extra software: sudo apt-get install libmysqlclient-dev
+# MySQL logging requires an extra Python module: pip install mysql-python
+#
+#[output_mysql]
+#host = localhost
+#database = cowrie
+#username = cowrie
+#password = secret
+#port = 3306
+#debug = false
+
+# Rethinkdb output module
+# Rethinkdb output module requires extra Python module: pip install rethinkdb
+
+#[output_rethinkdblog]
+#host = 127.0.0.1
+#port = 28015
+#table = output
+#password =
+#db = cowrie
+
+# SQLite3 logging module
+#
+# Logging to SQLite3 database. To init the database, use the script
+# doc/sql/sqlite3.sql:
+#     sqlite3 <db_file> < doc/sql/sqlite3.sql
+#
+#[output_sqlite]
+#db_file = cowrie.db
+
+# MongoDB logging module
+#
+# MongoDB logging requires an extra Python module: pip install pymongo
+#
+#[output_mongodb]
+#connection_string = mongodb://username:password@host:port/database
+#database = dbname
+
+
+# Splunk SDK output module - Legacy. Requires Splunk API installed
+# This sends logs directly to Splunk using the Python REST SDK
+#
+#[output_splunklegacy]
+#host = localhost
+#port = 8889
+#username = admin
+#password = password
+#index = cowrie
+
+
+# Splunk HTTP Event Collector (HEC) output module
+# Sends JSON directly to Splunk over HTTPS
+# mandatory fields: url, token
+# optional fields: index, source, sourcetype, host
+#
+#[output_splunk]
+#url = https://localhost:8088/services/collector/event
+#token = 6A0EA6C6-8006-4E39-FC44-C35FF6E561A8
+#index = cowrie
+#sourcetype = cowrie
+#source = cowrie
+
+
+# HPFeeds
+#
+#[output_hpfeeds]
+#server = hpfeeds.mysite.org
+#port = 10000
+#identifier = abc123
+#secret = secret
+#debug=false
+
+
+# VirusTotal output module
+# You must signup for an api key.
+#
+#[output_virustotal]
+#api_key = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
+#
+
+#[output_slack]
+# This will produce a _lot_ of messages - you have been warned....
+#channel = channel_that_events_should_be_posted_in
+#token = slack_token_for_your_bot
+##debug=true
+
+
+# https://csirtg.io
+# You must signup for an api key.
+#
+#[output_csirtg]
+#username=wes
+#feed=scanners
+#description=random scanning activity
+#token=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
+
+
+#[output_socketlog]
+#address = 127.0.0.1:9000
+#timeout = 5

docker/cowrie/dist/userdb.txt

@@ -0,0 +1 @@
+root:0:password