diff --git a/cowrie/Dockerfile b/cowrie/Dockerfile index 13bfe57..ed52fdb 100644 --- a/cowrie/Dockerfile +++ b/cowrie/Dockerfile @@ -7,12 +7,7 @@ ARG GPG_MPFR="07F3 DBBE CC1A 3960 5078 094D 980C 1976 98C3 739D" ARG GPG_MPC="AD17 A21E F8AE D8F1 CC02 DBD9 F7D5 C9BF 765C 61E3" ARG SHA1_MPC="b8be66396c726fdc36ebb0f692ed8a8cca3bcc66" -ENV UID=1000 \ - GID=1000 \ - HOSTNAME=svr04 \ - DL_LIMIT=10485760 \ - FACING_IP=9.9.9.9 \ - JSON_LOG=False +ENV UID=991 GID=991 RUN BUILD_DEPS=" \ build-base \ @@ -70,7 +65,7 @@ COPY run.sh /usr/local/bin/run.sh RUN chmod +x /usr/local/bin/run.sh -VOLUME /cowrie/log /cowrie/dl /cowrie/custom +VOLUME /cowrie/log /cowrie/dl /custom EXPOSE 2222 diff --git a/cowrie/README.md b/cowrie/README.md index b7ab31e..de3210d 100644 --- a/cowrie/README.md +++ b/cowrie/README.md @@ -1,4 +1,4 @@ -## wonderfall/cowrie +x## wonderfall/cowrie #### What is this? Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and the shell interaction performed by the attacker. Cowrie is based on Kippo. @@ -10,15 +10,18 @@ Cowrie is a medium interaction SSH honeypot designed to log brute force attacks - **SHA_** : fingerprints of tarballs #### Environment variables -- **HOSTNAME** : the hostname displayed in the honeypot. -- **DL_LIMIT** : the maximum size (in bytes!) of a stored downloaded file (0 = no limit). -- **FACING_IP** : your IP (you have to set it manually because cowrie fails to detect it when running in Docker). -- **JSON_LOG** : disables json logging if set to False. +- **UID** *(default : 991)* +- **GID** *(default : 991)* + +#### How to configure +You should provide your own configuration file from this base : https://raw.githubusercontent.com/micheloosterhof/cowrie/master/cowrie.cfg.dist +You can mount this single file to your Docker container. #### Volumes - **/cowrie/dl** : where downloads are stored. - **/cowrie/log** : cowrie and tty sessions logs. -- **/cowrie/custom** : feel free to customize cowrie structure. +- **/cowrie/cowrie.cfg** : cowrie configuration file. **Provide yours!** +- **/custom** : customize cowrie structure with your own files #### Docker compose (example) ``` @@ -27,13 +30,11 @@ cowrie: ports: - "2222:2222" volumes: - - /mnt/cowrie/dl:/dl - - /mnt/cowrie/log:/log + - /mnt/cowrie/dl:/cowrie/dl + - /mnt/cowrie/log:/cowrie/log + - /mnt/cowrie/custom:/custom + - /mnt/cowrie/cowrie.cfg:/cowrie/cowrie.cfg environment: - - HOSTNAME=foobar - - DL_LIMIT=2048 - - FACING_IP=9.9.9.9 - - JSON_LOG=False - GID=1000 - UID=1000 ``` diff --git a/cowrie/run.sh b/cowrie/run.sh index 6ab4945..e4321e0 100644 --- a/cowrie/run.sh +++ b/cowrie/run.sh @@ -1,18 +1,9 @@ #!/bin/sh cd /cowrie -sed -i -e "s/hostname = svr04/hostname = ${HOSTNAME}/g" \ - -e "s/#download_limit_size = 10485760/download_limit_size = ${DL_LIMIT}/g" \ - -e "s/#internet_facing_ip = 9.9.9.9/internet_facing_ip = ${FACING_IP}/g" cowrie.cfg - -if [ "${JSON_LOG}" == "False" ]; then - sed -i -e "s/\[output_jsonlog\]/#\[output_jsonlog\]/g" \ - -e "s|logfile = log/cowrie.json|#logfile = log/cowrie.json|g" cowrie.cfg -fi - -rm twistd.pid -mkdir -p /cowrie/log/tty -cp -R /cowrie/custom/* /cowrie +rm twistd.pid &>/dev/null +mkdir -p /cowrie/log/tty &>/dev/null +cp -R /custom/* /cowrie &>/dev/null chown -R $UID:$GID /cowrie COWRIEDIR=$(dirname $0)