diff --git a/docker/cowrie/Dockerfile b/docker/cowrie/Dockerfile index d2742913..68fb0eff 100644 --- a/docker/cowrie/Dockerfile +++ b/docker/cowrie/Dockerfile @@ -5,6 +5,7 @@ ADD dist/ /root/dist/ # Get and install dependencies & packages RUN apk -U --no-cache add \ + bash \ build-base \ git \ gmp-dev \ @@ -24,11 +25,14 @@ RUN apk -U --no-cache add \ addgroup -g 2000 cowrie && \ adduser -S -s /bin/ash -u 2000 -D -g 2000 cowrie && \ -# Install cowrie from git - git clone --depth=1 https://github.com/micheloosterhof/cowrie /home/cowrie/cowrie/ -b v1.3.0 && \ - cd /home/cowrie/cowrie && \ - pip install --no-cache-dir --upgrade cffi pip && \ - pip install --no-cache-dir --upgrade -r requirements.txt && \ +# Install cowrie + mkdir -p /home/cowrie && \ + cd /home/cowrie && \ + git clone --depth=1 https://github.com/micheloosterhof/cowrie -b 1.5.3 && \ + cd cowrie && \ + mkdir -p log && \ + pip install --upgrade pip && \ + pip install --upgrade -r requirements.txt && \ # Setup configs setcap cap_net_bind_service=+ep /usr/bin/python2.7 && \ @@ -36,9 +40,9 @@ RUN apk -U --no-cache add \ chown cowrie:cowrie -R /home/cowrie/* /usr/lib/python2.7/site-packages/twisted/plugins && \ # Start Cowrie once to prevent dropin.cache errors upon container start caused by read-only filesystem - su - cowrie -c "export PYTHONPATH=/home/cowrie/cowrie && \ - cd /home/cowrie/cowrie && \ - /usr/bin/twistd --uid=2000 --gid=2000 -y cowrie.tac --pidfile cowrie.pid cowrie &" && \ + su - cowrie -c "export PYTHONPATH=/home/cowrie/cowrie:/home/cowrie/cowrie/src && \ + cd /home/cowrie/cowrie && \ + /usr/bin/twistd --uid=2000 --gid=2000 -y cowrie.tac --pidfile cowrie.pid cowrie &" && \ sleep 10 && \ # Clean up @@ -49,6 +53,7 @@ RUN apk -U --no-cache add \ libffi-dev \ mpc1-dev \ mpfr-dev \ + openssl-dev \ python-dev \ py-mysqldb \ py-pip && \ @@ -57,7 +62,7 @@ RUN apk -U --no-cache add \ rm -rf /home/cowrie/cowrie/cowrie.pid # Start cowrie -ENV PYTHONPATH /home/cowrie/cowrie +ENV PYTHONPATH /home/cowrie/cowrie:/home/cowrie/cowrie/src WORKDIR /home/cowrie/cowrie USER cowrie:cowrie CMD ["/usr/bin/twistd", "--nodaemon", "-y", "cowrie.tac", "--pidfile", "/tmp/cowrie/cowrie.pid", "cowrie"] diff --git a/docker/cowrie/dist/cowrie.cfg b/docker/cowrie/dist/cowrie.cfg index 2124f5e4..9b9c2d17 100644 --- a/docker/cowrie/dist/cowrie.cfg +++ b/docker/cowrie/dist/cowrie.cfg @@ -1,14 +1,44 @@ [honeypot] hostname = ubuntu +log_path = log +download_path = dl report_public_ip = true +share_path= share/cowrie +state_path = /tmp/cowrie/data +etc_path = etc +contents_path = honeyfs +txtcmds_path = txtcmds +ttylog = true +ttylog_path = log/tty +interactive_timeout = 180 +authentication_timeout = 120 +backend = shell auth_class = AuthRandom auth_class_parameters = 2, 5, 10 reported_ssh_port = 22 data_path = /tmp/cowrie/data +[shell] +filesystem = share/cowrie/fs.pickle +processes = share/cowrie/cmdoutput.json +arch = linux-x64-lsb +kernel_version = 3.2.0-4-amd64 +kernel_build_string = #1 SMP Debian 3.2.68-1+deb7u1 +hardware_platform = x86_64 +operating_system = GNU/Linux + [ssh] +enabled = true +rsa_public_key = etc/ssh_host_rsa_key.pub +rsa_private_key = etc/ssh_host_rsa_key +dsa_public_key = etc/ssh_host_dsa_key.pub +dsa_private_key = etc/ssh_host_dsa_key version = SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 listen_endpoints = tcp:22:interface=0.0.0.0 +sftp_enabled = true +forwarding = true +forward_redirect = false +forward_tunnel = false [telnet] enabled = true @@ -18,8 +48,10 @@ reported_port = 23 [output_jsonlog] enabled = true logfile = log/cowrie.json +epoch_timestamp = false [output_textlog] enabled = false logfile = log/cowrie-textlog.log format = text + diff --git a/docker/cowrie/docker-compose.yml b/docker/cowrie/docker-compose.yml index 0bd54a70..7fc90ebf 100644 --- a/docker/cowrie/docker-compose.yml +++ b/docker/cowrie/docker-compose.yml @@ -18,7 +18,7 @@ services: ports: - "22:22" - "23:23" - image: "dtagdevsec/cowrie:1811" + image: "dtagdevsec/cowrie:1903" read_only: true volumes: - /data/cowrie/downloads:/home/cowrie/cowrie/dl