bump cowrie to 1.5.3

docker/cowrie/Dockerfile

@@ -5,6 +5,7 @@ ADD dist/ /root/dist/
 
 # Get and install dependencies & packages
 RUN apk -U --no-cache add \
+                       bash \
                        build-base \
                        git \
                        gmp-dev \
@@ -24,11 +25,14 @@ RUN apk -U --no-cache add \
     addgroup -g 2000 cowrie && \
     adduser -S -s /bin/ash -u 2000 -D -g 2000 cowrie && \
 
-# Install cowrie from git
+# Install cowrie
-    git clone --depth=1 https://github.com/micheloosterhof/cowrie /home/cowrie/cowrie/ -b v1.3.0 && \
+    mkdir -p /home/cowrie && \
-    cd /home/cowrie/cowrie && \
+    cd /home/cowrie && \
-    pip install --no-cache-dir --upgrade cffi pip && \
+    git clone --depth=1 https://github.com/micheloosterhof/cowrie -b 1.5.3 && \
-    pip install --no-cache-dir --upgrade -r requirements.txt && \
+    cd cowrie && \
+    mkdir -p log && \
+    pip install --upgrade pip && \
+    pip install --upgrade -r requirements.txt && \
 
 # Setup configs
     setcap cap_net_bind_service=+ep /usr/bin/python2.7 && \
@@ -36,7 +40,7 @@ RUN apk -U --no-cache add \
     chown cowrie:cowrie -R /home/cowrie/* /usr/lib/python2.7/site-packages/twisted/plugins && \
 
 # Start Cowrie once to prevent dropin.cache errors upon container start caused by read-only filesystem
-    su - cowrie -c "export PYTHONPATH=/home/cowrie/cowrie && \
+    su - cowrie -c "export PYTHONPATH=/home/cowrie/cowrie:/home/cowrie/cowrie/src && \
                     cd /home/cowrie/cowrie && \
                     /usr/bin/twistd --uid=2000 --gid=2000 -y cowrie.tac --pidfile cowrie.pid cowrie &" && \
     sleep 10 && \
@@ -49,6 +53,7 @@ RUN apk -U --no-cache add \
                     libffi-dev \
                     mpc1-dev \
                     mpfr-dev \
+                    openssl-dev \
                     python-dev \
                     py-mysqldb \
                     py-pip && \
@@ -57,7 +62,7 @@ RUN apk -U --no-cache add \
     rm -rf /home/cowrie/cowrie/cowrie.pid
 
 # Start cowrie
-ENV PYTHONPATH /home/cowrie/cowrie
+ENV PYTHONPATH /home/cowrie/cowrie:/home/cowrie/cowrie/src
 WORKDIR /home/cowrie/cowrie
 USER cowrie:cowrie
 CMD ["/usr/bin/twistd", "--nodaemon", "-y", "cowrie.tac", "--pidfile", "/tmp/cowrie/cowrie.pid", "cowrie"]

docker/cowrie/dist/cowrie.cfg

@@ -1,14 +1,44 @@
 [honeypot]
 hostname = ubuntu
+log_path = log
+download_path = dl
 report_public_ip = true
+share_path= share/cowrie
+state_path = /tmp/cowrie/data
+etc_path = etc
+contents_path = honeyfs
+txtcmds_path = txtcmds
+ttylog = true
+ttylog_path = log/tty
+interactive_timeout = 180
+authentication_timeout = 120
+backend = shell
 auth_class = AuthRandom
 auth_class_parameters = 2, 5, 10
 reported_ssh_port = 22
 data_path = /tmp/cowrie/data
 
+[shell]
+filesystem = share/cowrie/fs.pickle 
+processes = share/cowrie/cmdoutput.json
+arch = linux-x64-lsb
+kernel_version = 3.2.0-4-amd64
+kernel_build_string = #1 SMP Debian 3.2.68-1+deb7u1
+hardware_platform = x86_64
+operating_system = GNU/Linux
+
 [ssh]
+enabled = true
+rsa_public_key = etc/ssh_host_rsa_key.pub
+rsa_private_key = etc/ssh_host_rsa_key
+dsa_public_key = etc/ssh_host_dsa_key.pub
+dsa_private_key = etc/ssh_host_dsa_key
 version = SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
 listen_endpoints = tcp:22:interface=0.0.0.0
+sftp_enabled = true
+forwarding = true
+forward_redirect = false
+forward_tunnel = false
 
 [telnet]
 enabled = true
@@ -18,8 +48,10 @@ reported_port = 23
 [output_jsonlog]
 enabled = true
 logfile = log/cowrie.json
+epoch_timestamp = false
 
 [output_textlog]
 enabled = false
 logfile = log/cowrie-textlog.log
 format = text
+

docker/cowrie/docker-compose.yml

@@ -18,7 +18,7 @@ services:
     ports:
      - "22:22"
      - "23:23"
-    image: "dtagdevsec/cowrie:1811"
+    image: "dtagdevsec/cowrie:1903"
     read_only: true
     volumes:
      - /data/cowrie/downloads:/home/cowrie/cowrie/dl