Cowrie Honeypot
Installing Cowrie
nano /etc/ssh/sshd_config
## Replace port 22 with the highest port 22222 and restart ssh
systemctl restart ssh
systemctl status sshNow install cowrie honeypot on ubuntu
apt update
apt-get install git python-virtualenv libssl-dev build-essential libpython-dev python2.7-minimal authbindAdd a user Cowrie
adduser --disabled-password cowrieLogin in to the new user account Cowrie
su - cowrieDownload the code for cowrie.
git clone http://github.com/micheloosterhof/cowrieMove into cowrie folder and create a new virtual environment for the tool by running the command below.
cd cowrie/
virtualenv cowrie-env
source cowrie-env/bin/activateInstall the packages of Python that Cowrie needs to run
Create a copy of cowrie.cfg.dist so that we can edit that config file.
Edit the config file by changing the hostname first and then enable telnet using any of the editors.
Redirect traffic of port 22 and 23 to the high ports 2222 and 2223 using iptables
Start/Stop cowrie.
To see the logs in realtime in honeypot use below command.
Installing using Docker
Configuring Cowrie in Docker
Cowrie in Docker can be configured using environment variables. The variable starts with COWRIE_ then has the section name in capitals, followed by the stanza in capitals. An example is below to enable telnet support:
Alternatively, Cowrie in Docker can use an etc volume to store configuration data. Create cowrie.cfg inside the etc volume with the following contents to enable telnet in your Cowrie Honeypot in Docker:
Last updated