dockerfiles/unmaintained/cowrie/README.md

### wonderfall/cowrie

#### What is this?
Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and the shell interaction performed by the attacker. Cowrie is based on Kippo.

#### Build-time variables
- **MPFR_VERSION** : GNU MPFR version.
- **MPC_VERSION** : GNU MPC version.
- **GPG_** : fingerprints of signing keys.
- **SHA_** : fingerprints of tarballs

#### Environment variables
- **UID** *(default : 991)*
- **GID** *(default : 991)*

#### How to configure
You should provide your own configuration file from this base : https://raw.githubusercontent.com/micheloosterhof/cowrie/master/cowrie.cfg.dist
You can mount this single file to your Docker container.

#### Volumes
- **/cowrie/dl** : where downloads are stored.
- **/cowrie/log** : cowrie and tty sessions logs.
- **/cowrie/cowrie.cfg** : cowrie configuration file. **Provide yours!**
- **/custom** : customize cowrie structure with your own files

#### Docker compose (example)
```
cowrie:
  image: wonderfall/cowrie
  links:                           ### MySQL output
    - cowrie-db:cowrie-db          ### MySQL output
  ports:
    - "2222:2222"
  volumes:
    - /mnt/cowrie/dl:/cowrie/dl
    - /mnt/cowrie/log:/cowrie/log
    - /mnt/cowrie/custom:/custom
    - /mnt/cowrie/cowrie.cfg:/cowrie/cowrie.cfg
  environment:
    - GID=1000
    - UID=1000

### MySQL output
# First, you'll have to initialise tables with a .sql file
# mkdir -p /mnt/cowrie/sql
# wget https://raw.githubusercontent.com/micheloosterhof/cowrie/master/doc/sql/mysql.sql -P /mnt/cowrie/sql/cowrie.sql
# It needs also to be configured in the cowrie.cfg file

cowrie-db:
  image: mariadb:10
  volumes:
    - /mnt/cowrie/db:/var/lib/mysql
    - /mnt/cowrie/sql:/docker-entrypoint-initdb.d
  environment:
    - MYSQL_ROOT_PASSWORD=supersecretpassword
    - MYSQL_DATABASE=cowrie
    - MYSQL_USER=cowrie
    - MYSQL_PASSWORD=supersecretpassword
```
UNMAINTENED 2017-12-04 14:54:24 +01:00			`### wonderfall/cowrie`

			`#### What is this?`
			`Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and the shell interaction performed by the attacker. Cowrie is based on Kippo.`

			`#### Build-time variables`
			`- MPFR_VERSION : GNU MPFR version.`
			`- MPC_VERSION : GNU MPC version.`
			`- GPG_ : fingerprints of signing keys.`
			`- SHA_ : fingerprints of tarballs`

			`#### Environment variables`
			`- UID (default : 991)`
			`- GID (default : 991)`

			`#### How to configure`
			`You should provide your own configuration file from this base : https://raw.githubusercontent.com/micheloosterhof/cowrie/master/cowrie.cfg.dist`
			`You can mount this single file to your Docker container.`

			`#### Volumes`
			`- /cowrie/dl : where downloads are stored.`
			`- /cowrie/log : cowrie and tty sessions logs.`
			`- /cowrie/cowrie.cfg : cowrie configuration file. Provide yours!`
			`- /custom : customize cowrie structure with your own files`

			`#### Docker compose (example)`
			```
			`cowrie:`
			`image: wonderfall/cowrie`
			`links: ### MySQL output`
			`- cowrie-db:cowrie-db ### MySQL output`
			`ports:`
			`- "2222:2222"`
			`volumes:`
			`- /mnt/cowrie/dl:/cowrie/dl`
			`- /mnt/cowrie/log:/cowrie/log`
			`- /mnt/cowrie/custom:/custom`
			`- /mnt/cowrie/cowrie.cfg:/cowrie/cowrie.cfg`
			`environment:`
			`- GID=1000`
			`- UID=1000`

			`### MySQL output`
			`# First, you'll have to initialise tables with a .sql file`
			`# mkdir -p /mnt/cowrie/sql`
			`# wget https://raw.githubusercontent.com/micheloosterhof/cowrie/master/doc/sql/mysql.sql -P /mnt/cowrie/sql/cowrie.sql`
			`# It needs also to be configured in the cowrie.cfg file`

			`cowrie-db:`
			`image: mariadb:10`
			`volumes:`
			`- /mnt/cowrie/db:/var/lib/mysql`
			`- /mnt/cowrie/sql:/docker-entrypoint-initdb.d`
			`environment:`
			`- MYSQL_ROOT_PASSWORD=supersecretpassword`
			`- MYSQL_DATABASE=cowrie`
			`- MYSQL_USER=cowrie`
			`- MYSQL_PASSWORD=supersecretpassword`
			```