Cowrie Honeypot
Installing Cowrie
nano /etc/ssh/sshd_config
## Replace port 22 with the highest port 22222 and restart ssh
systemctl restart ssh
systemctl status sshNow install cowrie honeypot on ubuntu
apt update
apt-get install git python-virtualenv libssl-dev build-essential libpython-dev python2.7-minimal authbindAdd a user Cowrie
adduser --disabled-password cowrieLogin in to the new user account Cowrie
su - cowrieDownload the code for cowrie.
git clone http://github.com/micheloosterhof/cowrieMove into cowrie folder and create a new virtual environment for the tool by running the command below.
cd cowrie/
virtualenv cowrie-env
source cowrie-env/bin/activateInstall the packages of Python that Cowrie needs to run
pip install --upgrade pip
pip install --upgrade -r requirements.txtCreate a copy of cowrie.cfg.dist so that we can edit that config file.
cd etc/
cp cowrie.cfg.dist cowrie.cfgEdit the config file by changing the hostname first and then enable telnet using any of the editors.
nano cowrie.cfg
Redirect traffic of port 22 and 23 to the high ports 2222 and 2223 using iptables
iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222
iptables -t nat -A PREROUTING -p tcp --dport 23 -j REDIRECT --to-port 2223Start/Stop cowrie.
bin/cowrie start
bin/cowrie stopTo see the logs in realtime in honeypot use below command.
tail -f /var/log/cowrie/cowrie.logInstalling using Docker
https://hub.docker.com/r/cowrie/cowriedocker pull cowrie/cowrie
docker run -p 2222:2222/tcp cowrie/cowrieConfiguring Cowrie in Docker
Cowrie in Docker can be configured using environment variables. The variable starts with COWRIE_ then has the section name in capitals, followed by the stanza in capitals. An example is below to enable telnet support:
COWRIE_TELNET_ENABLED=yesAlternatively, Cowrie in Docker can use an etc volume to store configuration data. Create cowrie.cfg inside the etc volume with the following contents to enable telnet in your Cowrie Honeypot in Docker:
[telnet]
enabled = yesLast updated