diff --git a/docker/cowrie/Dockerfile b/docker/cowrie/Dockerfile index fab410f1..d4e56572 100644 --- a/docker/cowrie/Dockerfile +++ b/docker/cowrie/Dockerfile @@ -1,10 +1,10 @@ FROM alpine - +# # Include dist ADD dist/ /root/dist/ - +# # Get and install dependencies & packages -RUN apk -U --no-cache add \ +RUN apk -U add \ bash \ build-base \ git \ @@ -15,38 +15,37 @@ RUN apk -U --no-cache add \ mpfr-dev \ openssl \ openssl-dev \ - python \ - python-dev \ - py-bcrypt \ - py-mysqldb \ - py-pip \ - py-requests \ - py-setuptools && \ - + python3 \ + python3-dev \ + py3-bcrypt \ + py3-mysqlclient \ + py3-requests \ + py3-setuptools && \ +# # Setup user addgroup -g 2000 cowrie && \ adduser -S -s /bin/ash -u 2000 -D -g 2000 cowrie && \ - +# # Install cowrie mkdir -p /home/cowrie && \ cd /home/cowrie && \ - git clone --depth=1 https://github.com/micheloosterhof/cowrie -b 1.5.3 && \ + git clone --depth=1 https://github.com/micheloosterhof/cowrie -b v2.0.0 && \ cd cowrie && \ mkdir -p log && \ - pip install --upgrade pip && \ - pip install --upgrade -r requirements.txt && \ - + pip3 install --upgrade pip && \ + pip3 install --upgrade -r requirements.txt && \ +# # Setup configs - setcap cap_net_bind_service=+ep /usr/bin/python2.7 && \ + setcap cap_net_bind_service=+ep /usr/bin/python3.7 && \ cp /root/dist/cowrie.cfg /home/cowrie/cowrie/cowrie.cfg && \ - chown cowrie:cowrie -R /home/cowrie/* /usr/lib/python2.7/site-packages/twisted/plugins && \ - + chown cowrie:cowrie -R /home/cowrie/* /usr/lib/python3.7/site-packages/twisted/plugins && \ +# # Start Cowrie once to prevent dropin.cache errors upon container start caused by read-only filesystem su - cowrie -c "export PYTHONPATH=/home/cowrie/cowrie:/home/cowrie/cowrie/src && \ cd /home/cowrie/cowrie && \ /usr/bin/twistd --uid=2000 --gid=2000 -y cowrie.tac --pidfile cowrie.pid cowrie &" && \ sleep 10 && \ - +# # Clean up apk del --purge build-base \ git \ @@ -56,13 +55,12 @@ RUN apk -U --no-cache add \ mpc1-dev \ mpfr-dev \ openssl-dev \ - python-dev \ - py-mysqldb \ - py-pip && \ - rm -rf /root/* && \ + python3-dev \ + py3-mysqlclient && \ + rm -rf /root/* /tmp/* && \ rm -rf /var/cache/apk/* && \ rm -rf /home/cowrie/cowrie/cowrie.pid - +# # Start cowrie ENV PYTHONPATH /home/cowrie/cowrie:/home/cowrie/cowrie/src WORKDIR /home/cowrie/cowrie diff --git a/docker/cowrie/Dockerfile.old b/docker/cowrie/Dockerfile.old new file mode 100644 index 00000000..fab410f1 --- /dev/null +++ b/docker/cowrie/Dockerfile.old @@ -0,0 +1,70 @@ +FROM alpine + +# Include dist +ADD dist/ /root/dist/ + +# Get and install dependencies & packages +RUN apk -U --no-cache add \ + bash \ + build-base \ + git \ + gmp-dev \ + libcap \ + libffi-dev \ + mpc1-dev \ + mpfr-dev \ + openssl \ + openssl-dev \ + python \ + python-dev \ + py-bcrypt \ + py-mysqldb \ + py-pip \ + py-requests \ + py-setuptools && \ + +# Setup user + addgroup -g 2000 cowrie && \ + adduser -S -s /bin/ash -u 2000 -D -g 2000 cowrie && \ + +# Install cowrie + mkdir -p /home/cowrie && \ + cd /home/cowrie && \ + git clone --depth=1 https://github.com/micheloosterhof/cowrie -b 1.5.3 && \ + cd cowrie && \ + mkdir -p log && \ + pip install --upgrade pip && \ + pip install --upgrade -r requirements.txt && \ + +# Setup configs + setcap cap_net_bind_service=+ep /usr/bin/python2.7 && \ + cp /root/dist/cowrie.cfg /home/cowrie/cowrie/cowrie.cfg && \ + chown cowrie:cowrie -R /home/cowrie/* /usr/lib/python2.7/site-packages/twisted/plugins && \ + +# Start Cowrie once to prevent dropin.cache errors upon container start caused by read-only filesystem + su - cowrie -c "export PYTHONPATH=/home/cowrie/cowrie:/home/cowrie/cowrie/src && \ + cd /home/cowrie/cowrie && \ + /usr/bin/twistd --uid=2000 --gid=2000 -y cowrie.tac --pidfile cowrie.pid cowrie &" && \ + sleep 10 && \ + +# Clean up + apk del --purge build-base \ + git \ + gmp-dev \ + libcap \ + libffi-dev \ + mpc1-dev \ + mpfr-dev \ + openssl-dev \ + python-dev \ + py-mysqldb \ + py-pip && \ + rm -rf /root/* && \ + rm -rf /var/cache/apk/* && \ + rm -rf /home/cowrie/cowrie/cowrie.pid + +# Start cowrie +ENV PYTHONPATH /home/cowrie/cowrie:/home/cowrie/cowrie/src +WORKDIR /home/cowrie/cowrie +USER cowrie:cowrie +CMD ["/usr/bin/twistd", "--nodaemon", "-y", "cowrie.tac", "--pidfile", "/tmp/cowrie/cowrie.pid", "cowrie"] diff --git a/docker/cowrie/dist/cowrie.cfg b/docker/cowrie/dist/cowrie.cfg index 9b9c2d17..d25e62d5 100644 --- a/docker/cowrie/dist/cowrie.cfg +++ b/docker/cowrie/dist/cowrie.cfg @@ -2,7 +2,6 @@ hostname = ubuntu log_path = log download_path = dl -report_public_ip = true share_path= share/cowrie state_path = /tmp/cowrie/data etc_path = etc @@ -13,6 +12,8 @@ ttylog_path = log/tty interactive_timeout = 180 authentication_timeout = 120 backend = shell +timezone = UTC +report_public_ip = true auth_class = AuthRandom auth_class_parameters = 2, 5, 10 reported_ssh_port = 22 @@ -21,11 +22,13 @@ data_path = /tmp/cowrie/data [shell] filesystem = share/cowrie/fs.pickle processes = share/cowrie/cmdoutput.json -arch = linux-x64-lsb +#arch = linux-x64-lsb +arch = bsd-aarch64-lsb, bsd-aarch64-msb, bsd-bfin-msb, bsd-mips-lsb, bsd-mips-msb, bsd-mips64-lsb, bsd-mips64-msb, bsd-powepc-msb, bsd-powepc64-lsb, bsd-riscv64-lsb, bsd-sparc-msb, bsd-sparc64-msb, bsd-x32-lsb, bsd-x64-lsb, linux-aarch64-lsb, linux-aarch64-msb, linux-alpha-lsb, linux-am33-lsb, linux-arc-lsb, linux-arc-msb, linux-arm-lsb, linux-arm-msb, linux-avr32-lsb, linux-bfin-lsb, linux-c6x-lsb, linux-c6x-msb, linux-cris-lsb, linux-frv-msb, linux-h8300-msb, linux-hppa-msb, linux-hppa64-msb, linux-ia64-lsb, linux-m32r-msb, linux-m68k-msb, linux-microblaze-msb, linux-mips-lsb, linux-mips-msb, linux-mips64-lsb, linux-mips64-msb, linux-mn10300-lsb, linux-nios-lsb, linux-nios-msb, linux-powerpc-lsb, linux-powerpc-msb, linux-powerpc64-lsb, linux-powerpc64-msb, linux-riscv64-lsb, linux-s390x-msb, linux-sh-lsb, linux-sh-msb, linux-sparc-msb, linux-sparc64-msb, linux-tilegx-lsb, linux-tilegx-msb, linux-tilegx64-lsb, linux-tilegx64-msb, linux-x64-lsb, linux-x86-lsb, linux-xtensa-msb, osx-x32-lsb, osx-x64-lsb kernel_version = 3.2.0-4-amd64 kernel_build_string = #1 SMP Debian 3.2.68-1+deb7u1 hardware_platform = x86_64 operating_system = GNU/Linux +ssh_version = OpenSSH_7.9p1, OpenSSL 1.1.1a 20 Nov 2018 [ssh] enabled = true @@ -33,12 +36,18 @@ rsa_public_key = etc/ssh_host_rsa_key.pub rsa_private_key = etc/ssh_host_rsa_key dsa_public_key = etc/ssh_host_dsa_key.pub dsa_private_key = etc/ssh_host_dsa_key -version = SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 +#version = SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 +version = SSH-2.0-OpenSSH_7.9p1 +ciphers = aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc +macs = hmac-sha2-512,hmac-sha2-384,hmac-sha2-56,hmac-sha1,hmac-md5 +compression = zlib@openssh.com,zlib,none listen_endpoints = tcp:22:interface=0.0.0.0 sftp_enabled = true forwarding = true forward_redirect = false forward_tunnel = false +auth_none_enabled = false +auth_keyboard_interactive_enabled = true [telnet] enabled = true @@ -55,3 +64,6 @@ enabled = false logfile = log/cowrie-textlog.log format = text +[output_crashreporter] +enabled = false +debug = false