remove lufi and cowrie

2025-04-20 04:19:18 +00:00 · 2016-04-30 10:44:36 +02:00 · 2016-04-30 10:44:36 +02:00 · 500508bebf
commit 500508bebf
parent 24868449c2
7 changed files with 0 additions and 250 deletions
--- a/cowrie/Dockerfile
+++ b/cowrie/Dockerfile
@ -1,47 +0,0 @@
 FROM alpine:3.3
 MAINTAINER Wonderfall <wonderfall@mondedie.fr>
 ENV HOSTNAME=svr04 DL_LIMIT=10485760 FACING_IP=9.9.9.9 JSON_LOG=False CUSTOM=False GID=1000 UID=1000
 RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
 && echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
 && apk -U add \
    build-base \
    libffi \
    libffi-dev \
    openssl \
    openssl-dev \
    python \
    python-dev \
    py-pip \
    tar \
    tini@commuedge \
    gosu@testing \
 && pip install --no-cache \
    pyasn1 \
    service_identity \
    pyOpenSSL \
    twisted==15.4.0 \
    pycrypto \
    cryptography \
 && apk del \
    build-base \
    libffi-dev \
    openssl-dev \
    python-dev \
    py-pip \
 && rm -f /var/cache/apk/*
 RUN mkdir /cowrie && cd /cowrie \
 && wget -qO- https://github.com/micheloosterhof/cowrie/archive/master.tar.gz \
  | tar xz --strip 1 \
 && mv cowrie.cfg.dist cowrie.cfg \
 && sed -i "s|download_path = dl|download_path = /dl|g" cowrie.cfg \
 && sed -i "s|log_path = log|log_path = /log|g" cowrie.cfg
 COPY run.sh /usr/local/bin/run.sh
 RUN chmod +x /usr/local/bin/run.sh
 VOLUME /dl /log /honeyfs /data /txtcmds /utils
 EXPOSE 2222
 CMD ["tini","--","run.sh"]
--- a/cowrie/README.md
+++ b/cowrie/README.md
@ -1,49 +0,0 @@
 ## wonderfall/cowrie
 ![](https://i.goopics.net/lO.jpg)
 #### What is this?
 Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and the shell interaction performed by the attacker. Cowrie is based on Kippo.
 #### Environment variables
 - **HOSTNAME** is the hostname displayed in the honeypot. 
 - **DL_LIMIT** is the maximum size (in bytes!) of a stored downloaded file (0 = no limit). 
 - **FACING_IP** is your IP (you have to set it manually because cowrie fails to detect it when running in Docker). 
 - **JSON_LOG** equals False by default, so json logging is disabled. If you want this feature enabled, set `$JSON_LOG` to True (or anything else...).
 #### Volumes
 - **/dl** : where downloads are stored.
 - **/log** : cowrie and tty sessions logs.
 #### Custom mode
 `$CUSTOM` can be interpreted as a custom mode. You have access, if set to True, to :
 - **honeyfs dir** (/honeyfs) : file contents for the fake filesystem, feel free to copy a real system here
 - **data dir** (/data) : fake filesystem + users database
 - **txtcmds dir** (/txtcmds) : modify, or add new text commands (if new, must be added to the fake fs)
 - **utils dir** (/utils) : useful for fake fs creation
 You have to know that, once these directories are polluted by the run.sh script, nothing will be done for you. You'll have to update manually (except utils) and things may break in the future. Always backup your changes. If you just want to run the honeypot without any customisation, do not enable this mode.
 #### Docker compose (example)
 ```
 cowrie:
  image: wonderfall/cowrie
  ports:
    - "2222:2222"
  volumes:
    - /mnt/cowrie/dl:/dl
    - /mnt/cowrie/log:/log
    ### IF CUSTOM MODE
    #- /mnt/cowrie/honeyfs:/honeyfs
    #- /mnt/cowrie/data:/data
    #- /mnt/cowrie/txtcmds:/txtcmds
    #- /mnt/cowrie/utils:/utils
  environment:
    - HOSTNAME=foobar
    - DL_LIMIT=2048
    - FACING_IP=9.9.9.9
    - JSON_LOG=False
    - CUSTOM=False
    - GID=1000
    - UID=1000
 ```
--- a/cowrie/run.sh
+++ b/cowrie/run.sh
@ -1,41 +0,0 @@
 #!/bin/sh
 cd /cowrie
 sed -i "s/hostname = svr04/hostname = $HOSTNAME/g" cowrie.cfg
 sed -i "s/#download_limit_size = 10485760/download_limit_size = $DL_LIMIT/g" cowrie.cfg
 sed -i "s/#internet_facing_ip = 9.9.9.9/internet_facing_ip = $FACING_IP/g" cowrie.cfg
 if [ "$JSON_LOG" == "False" ]; then
    sed -i "s/\[output_jsonlog\]/#\[output_jsonlog\]/g" cowrie.cfg
    sed -i "s|logfile = log/cowrie.json|#logfile = log/cowrie.json|g" cowrie.cfg
 fi
 if [ "$CUSTOM" == "True"]; then
    sed -i "s|contents_path = honeyfs|contents_path = /honeyfs|g" cowrie.cfg
    sed -i "s|data_path = data|data_path = /data|g" cowrie.cfg
    sed -i "s|txtcmds_path = txtcmds|txtcmds_path = /txtcmds|g" cowrie.cfg
    if [ -d honeyfs ] && [ ! -d /honeyfs/etc ]; then
        mv honeyfs/* /honeyfs
    fi
    if [ -d data ] && [ ! -f /data/userdb.txt ]; then
        mv data/* /data
    fi
    if [ -d txtcmds ] && [ ! -d /txtcmds/bin ]; then
        mv txtcmds/* /txtcmds
    fi
    if [ -d utils ]; then
        rm -rf /utils/*
        mv utils/* /utils
    fi
    rm -rf honeyfs data txtcmds utils
    ln -s /data data #fix
    chown -R $UID:$GID /honeyfs /data /txtcmds /utils
 fi
 mkdir /log/tty
 chown -R $UID:$GID /cowrie /dl /log
 gosu $UID:$GID twistd -n -l /log/cowrie.log cowrie
--- a/lufi/Dockerfile
+++ b/lufi/Dockerfile
@ -1,38 +0,0 @@
 FROM debian:jessie
 MAINTAINER Wonderfall <wonderfall@mondedie.fr>
 ENV TINI_VER=0.9.0 \
    USERID=1000 \
    GROUPID=1000 \
    SECRET=ZyCnLAhYKBIJrukuKZZJ \
    CONTACT=contact@domain.tld \
    MAX_FILE_SIZE=1000000000 \
    WEBROOT=/ \
    DOMAIN=domain.tld
 RUN apt-get update && apt-get install -y --no-install-recommends --no-install-suggests \
    wget \
    perl \
    build-essential \
    ca-certificates \
 && cpan install Carton \
 && mkdir /lufi && cd /lufi \
 && wget -qO- https://github.com/ldidry/lufi/archive/master.tar.gz | tar xz --strip 1 \
 && carton install \
 && wget -q https://github.com/krallin/tini/releases/download/v$TINI_VER/tini_$TINI_VER.deb -P /tmp \
 && dpkg -i /tmp/tini_$TINI_VER.deb \ 
 && apt-get purge -y \
    wget \
    build-essential \
    ca-certificates \
 && apt-get autoremove --purge -y && apt-get clean \
 && rm -rf /var/lib/apt/lists/* /root/.cpan* /lufi/local/cache/* /lufi/utilities /tmp/*
 COPY run.sh /usr/local/bin/run.sh
 COPY lufi.conf /lufi/lufi.conf
 RUN chmod +x /usr/local/bin/run.sh
 EXPOSE 8080
 VOLUME /data /files
 CMD ["tini","--","run.sh"]
--- a/lufi/README.md
+++ b/lufi/README.md
@ -1,43 +0,0 @@
 ## wonderfall/lufi
 ![](https://pix.schrodinger.io/H1JZuROt/zh7BXdOK.png)
 #### What is this?
 Lufi means Let's Upload that FIle.
 Is that all? No. All the files are encrypted by the browser! It means that your files never leave your computer unencrypted. The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP.
 #### Environment variables
 - **GROUPID** : lufi group id. *(default : 1000)*
 - **USERID** : lufi user id. *(default : 1000)*
 - **SECRET** : random string used to encrypt cookies. *(default : ZyCnLAhYKBIJrukuKZZJ)*
 - **CONTACT** : lufi contact. *(default : contact@domain.tld)*
 - **MAX_FILE_SIZE** : maximum file size of an uploaded file in bytes. *(default : 1GB)*
 - **WEBROOT** : webroot of lufi. *(default : /)*
 - **DOMAIN** : domain used with lufi. *(default : domain.tld)*
 *Tip : you can use the following command to generate SECRET.*
 `cat /dev/urandom | tr -dc 'a-zA-Z' | fold -w 20 | head -n 1`
 #### Volumes
 - **/data** : where lufi's database is stored.
 - **/files** : location of uploaded files.
 #### Reverse proxy
 https://github.com/Wonderfall/dockerfiles/tree/master/reverse
 #### Docker-compose (example)
 ```
 lufi:
  image: wonderfall/lufi
  environment:
    - GROUPID=1000
    - USERID=1000
    - SECRET=EFDLZGzfvzvbpdghZZopg
    - CONTACT=john.doe@domain.tld
    - WEBROOT=/
    - MAX_FILE_SIZE=1000000000
    - DOMAIN=domain.tld
  volumes:
    - /mnt/lufi/files:/files
    - /mnt/lufi/data:/data
 ```
--- a/lufi/lufi.conf
+++ b/lufi/lufi.conf
@ -1,21 +0,0 @@
 {
    hypnotoad => {
        listen => ['http://0.0.0.0:8080'],
        proxy  => 1,
    },
    contact           => '<contact>',
    secrets           => ['<secret>'],
    length            => 8,
    provis_step       => 5,
    provisioning      => 100,
    token_length      => 32,
    max_file_size     => <max_file_size>,
    #piwik_img        => 'https://piwik.example.org/piwik.php?idsite=1&amp;rec=1',
    default_delay     => 1,
    max_delay         => 0,
    prefix            => '<webroot>',
    allowed_domains   => ['http://<domain>', 'https://<domain>'],
    fixed_domain      => '<domain>',
    db_path           => '/data/lufi.db',
    upload_dir        => '/files',
 };
--- a/lufi/run.sh
+++ b/lufi/run.sh
@ -1,11 +0,0 @@
 #!/bin/bash
 deluser lufi
 addgroup --gid $GROUPID lufi
 adduser --system --shell /bin/sh --no-create-home --ingroup lufi --uid $USERID lufi
 sed -i -e 's/<contact>/'$CONTACT'/g' \
       -e 's/<secret>/'$SECRET'/g' \
       -e 's/<max_file_size>/'$MAX_FILE_SIZE'/g' \
       -e 's/<domain>/'$DOMAIN'/g' \
       -e 's|<webroot>|'$WEBROOT'|g' /lufi/lufi.conf
 chown -R lufi:lufi /lufi /data /files
 cd /lufi && su lufi -c "carton exec hypnotoad -f /lufi/script/lufi"