hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-07-01 14:45:38 +00:00
Code Issues Projects Releases Wiki Activity

remove lufi and cowrie

Browse Source
This commit is contained in:
Wonderfall
2016-04-30 10:44:36 +02:00
parent 24868449c2
commit 500508bebf
7 changed files with 0 additions and 250 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
cowrie/Dockerfile
View File

@ -1,47 +0,0 @@
FROM alpine:3.3
MAINTAINER Wonderfall <wonderfall@mondedie.fr>
ENV HOSTNAME=svr04 DL_LIMIT=10485760 FACING_IP=9.9.9.9 JSON_LOG=False CUSTOM=False GID=1000 UID=1000
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& apk -U add \
build-base \
libffi \
libffi-dev \
openssl \
openssl-dev \
python \
python-dev \
py-pip \
tar \
tini@commuedge \
gosu@testing \
&& pip install --no-cache \
pyasn1 \
service_identity \
pyOpenSSL \
twisted==15.4.0 \
pycrypto \
cryptography \
&& apk del \
build-base \
libffi-dev \
openssl-dev \
python-dev \
py-pip \
&& rm -f /var/cache/apk/*
RUN mkdir /cowrie && cd /cowrie \
&& wget -qO- https://github.com/micheloosterhof/cowrie/archive/master.tar.gz \
| tar xz --strip 1 \
&& mv cowrie.cfg.dist cowrie.cfg \
&& sed -i "s|download_path = dl|download_path = /dl|g" cowrie.cfg \
&& sed -i "s|log_path = log|log_path = /log|g" cowrie.cfg
COPY run.sh /usr/local/bin/run.sh
RUN chmod +x /usr/local/bin/run.sh
VOLUME /dl /log /honeyfs /data /txtcmds /utils
EXPOSE 2222
CMD ["tini","--","run.sh"]

49
cowrie/README.md
View File

@ -1,49 +0,0 @@
## wonderfall/cowrie
![](https://i.goopics.net/lO.jpg)
#### What is this?
Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and the shell interaction performed by the attacker. Cowrie is based on Kippo.
#### Environment variables
- **HOSTNAME** is the hostname displayed in the honeypot.
- **DL_LIMIT** is the maximum size (in bytes!) of a stored downloaded file (0 = no limit).
- **FACING_IP** is your IP (you have to set it manually because cowrie fails to detect it when running in Docker).
- **JSON_LOG** equals False by default, so json logging is disabled. If you want this feature enabled, set `$JSON_LOG` to True (or anything else...).
#### Volumes
- **/dl** : where downloads are stored.
- **/log** : cowrie and tty sessions logs.
#### Custom mode
`$CUSTOM` can be interpreted as a custom mode. You have access, if set to True, to :
- **honeyfs dir** (/honeyfs) : file contents for the fake filesystem, feel free to copy a real system here
- **data dir** (/data) : fake filesystem + users database
- **txtcmds dir** (/txtcmds) : modify, or add new text commands (if new, must be added to the fake fs)
- **utils dir** (/utils) : useful for fake fs creation
You have to know that, once these directories are polluted by the run.sh script, nothing will be done for you. You'll have to update manually (except utils) and things may break in the future. Always backup your changes. If you just want to run the honeypot without any customisation, do not enable this mode.
#### Docker compose (example)
```
cowrie:
image: wonderfall/cowrie
ports:
- "2222:2222"
volumes:
- /mnt/cowrie/dl:/dl
- /mnt/cowrie/log:/log
### IF CUSTOM MODE
#- /mnt/cowrie/honeyfs:/honeyfs
#- /mnt/cowrie/data:/data
#- /mnt/cowrie/txtcmds:/txtcmds
#- /mnt/cowrie/utils:/utils
environment:
- HOSTNAME=foobar
- DL_LIMIT=2048
- FACING_IP=9.9.9.9
- JSON_LOG=False
- CUSTOM=False
- GID=1000
- UID=1000
```

41
cowrie/run.sh
View File

@ -1,41 +0,0 @@
#!/bin/sh
cd /cowrie
sed -i "s/hostname = svr04/hostname = $HOSTNAME/g" cowrie.cfg
sed -i "s/#download_limit_size = 10485760/download_limit_size = $DL_LIMIT/g" cowrie.cfg
sed -i "s/#internet_facing_ip = 9.9.9.9/internet_facing_ip = $FACING_IP/g" cowrie.cfg
if [ "$JSON_LOG" == "False" ]; then
sed -i "s/\[output_jsonlog\]/#\[output_jsonlog\]/g" cowrie.cfg
sed -i "s|logfile = log/cowrie.json|#logfile = log/cowrie.json|g" cowrie.cfg
fi
if [ "$CUSTOM" == "True"]; then
sed -i "s|contents_path = honeyfs|contents_path = /honeyfs|g" cowrie.cfg
sed -i "s|data_path = data|data_path = /data|g" cowrie.cfg
sed -i "s|txtcmds_path = txtcmds|txtcmds_path = /txtcmds|g" cowrie.cfg
if [ -d honeyfs ] && [ ! -d /honeyfs/etc ]; then
mv honeyfs/* /honeyfs
fi
if [ -d data ] && [ ! -f /data/userdb.txt ]; then
mv data/* /data
fi
if [ -d txtcmds ] && [ ! -d /txtcmds/bin ]; then
mv txtcmds/* /txtcmds
fi
if [ -d utils ]; then
rm -rf /utils/*
mv utils/* /utils
fi
rm -rf honeyfs data txtcmds utils
ln -s /data data #fix
chown -R $UID:$GID /honeyfs /data /txtcmds /utils
fi
mkdir /log/tty
chown -R $UID:$GID /cowrie /dl /log
gosu $UID:$GID twistd -n -l /log/cowrie.log cowrie