cowrie / docker-cowrie Goto Github PK

View Code? Open in Web Editor NEW

82.0 82.0 36.0 68 KB

Cowrie Docker GitHub repository

Home Page: https://www.cowrie.org/

cowrie deception docker honeypot ssh telnet

docker-cowrie's Introduction

Cowrie

Welcome to the Cowrie GitHub repository

This is the official repository for the Cowrie SSH and Telnet Honeypot effort.

What is Cowrie

Cowrie is a medium to high interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. In medium interaction mode (shell) it emulates a UNIX system in Python, in high interaction mode (proxy) it functions as an SSH and telnet proxy to observe attacker behavior to another system.

Cowrie is maintained by Michel Oosterhof.

Documentation

The Documentation can be found here.

Slack

You can join the Cowrie community at the following Slack workspace.

Features

Choose to run as an emulated shell (default):
- Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
- Possibility of adding fake file contents so the attacker can cat files such as /etc/passwd. Only minimal file contents are included
- Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection
Or proxy SSH and telnet to another system
- Run as a pure telnet and ssh proxy with monitoring
- Or let Cowrie manage a pool of QEMU emulated servers to provide the systems to login to

For both settings:

Session logs are stored in an UML Compatible format for easy replay with the bin/playlog utility.
SFTP and SCP support for file upload
Support for SSH exec commands
Logging of direct-tcp connection attempts (ssh proxying)
Forward SMTP connections to SMTP Honeypot (e.g. mailoney)
JSON logging for easy processing in log management solutions

Docker

Docker versions are available.

To get started quickly and give Cowrie a try, run:

$ docker run -p 2222:2222 cowrie/cowrie:latest
$ ssh -p 2222 root@localhost

On Docker Hub: https://hub.docker.com/r/cowrie/cowrie

Configuring Cowrie in Docker

Cowrie in Docker can be configured using environment variables. The variables start with COWRIE then have the section name in capitals, followed by the stanza in capitals. An example is below to enable telnet support:

COWRIE_TELNET_ENABLED=yes

Alternatively, Cowrie in Docker can use an etc volume to store configuration data. Create cowrie.cfg inside the etc volume with the following contents to enable telnet in your Cowrie Honeypot in Docker:

[telnet]
enabled = yes

Requirements

Software required to run locally:

Python 3.9+
python-virtualenv

For Python dependencies, see requirements.txt.

Files of interest:

etc/cowrie.cfg - Cowrie's configuration file. Default values can be found in etc/cowrie.cfg.dist.
share/cowrie/fs.pickle - fake filesystem
etc/userdb.txt - credentials to access the honeypot
honeyfs/ - file contents for the fake filesystem - feel free to copy a real system here or use bin/fsctl
honeyfs/etc/issue.net - pre-login banner
honeyfs/etc/motd - post-login banner
var/log/cowrie/cowrie.json - transaction output in JSON format
var/log/cowrie/cowrie.log - log/debug output
var/lib/cowrie/tty/ - session logs, replayable with the bin/playlog utility.
var/lib/cowrie/downloads/ - files transferred from the attacker to the honeypot are stored here
share/cowrie/txtcmds/ - file contents for simple fake commands
bin/createfs - used to create the fake filesystem
bin/playlog - utility to replay session logs

Contributors

Many people have contributed to Cowrie over the years. Special thanks to:

Upi Tamminen (desaster) for all his work developing Kippo on which Cowrie was based
Dave Germiquet (davegermiquet) for TFTP support, unit tests, new process handling
Olivier Bilodeau (obilodeau) for Telnet support
Ivan Korolev (fe7ch) for many improvements over the years.
Florian Pelgrim (craneworks) for his work on code cleanup and Docker.
Guilherme Borges (sgtpepperpt) for SSH and telnet proxy (GSoC 2019)
And many many others.

docker-cowrie's People

Contributors

Stargazers

Watchers

docker-cowrie's Issues

Corrupted log entries when username is involved in latest cowrie docker image

Hi @micheloosterhof! I experience an issue with broken authentication records using the cowrie/cowrie:latest image. The issue persists for at least 1 month (when I deployed it the first time) and up until now.
Here is the command line I'm using:

docker run -p 22:2222 -p 23:2223 -e COWRIE_TELNET_ENABLED=yes -v /home/ubuntu/honeypot/logs:/cowrie/cowrie-git/var/log/cowrie/ -v /home/ubuntu/honeypot/samples:/cowrie/cowrie-git/var/lib/cowrie/downloads cowrie/cowrie

Here is an example stdout log snippet with 2 errors (the first and the last lines):

2021-06-11T10:51:33+0000 [stdout#info] jsonlog: Can't serialize: '{'eventid': 'cowrie.client.kex', 'hassh': '2f300334eb474e4d5ef932343447dd80', 'hasshAlgorithms': '[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,[email protected],arcfour256,arcfour128,aes128-cbc,arcfour,3des-cbc;[email protected],hmac-sha2-256,hmac-sha1,hmac-sha1-96;none', 'kexAlgs': [b'[email protected]', b'ecdh-sha2-nistp256', b'ecdh-sha2-nistp384', b'ecdh-sha2-nistp521', b'diffie-hellman-group14-sha1', b'diffie-hellman-group1-sha1'], 'keyAlgs': [b'[email protected]', b'[email protected]', b'[email protected]', b'[email protected]', b'[email protected]', b'[email protected]', b'ecdsa-sha2-nistp256', b'ecdsa-sha2-nistp384', b'ecdsa-sha2-nistp521', b'ssh-rsa', b'ssh-dss', b'ssh-ed25519'], 'encCS': [b'aes128-ctr', b'aes192-ctr', b'aes256-ctr', b'[email protected]', b'arcfour256', b'arcfour128', b'aes128-cbc', b'arcfour', b'3des-cbc'], 'macCS': [b'[email protected]', b'hmac-sha2-256', b'hmac-sha1', b'hmac-sha1-96'], 'compCS': [b'none'], 'langCS': [b''], 'message': 'SSH client hassh fingerprint: 2f300334eb474e4d5ef932343447dd80', 'sensor': 'dda70ef8e80a', 'timestamp': '2021-06-11T10:51:33.923804Z', 'src_ip': '78.128.113.150', 'session': '79d7d0a46cee'}'
2021-06-11T10:51:33+0000 [cowrie.ssh.transport.HoneyPotSSHTransport#debug] kex alg=b'[email protected]' key alg=b'ssh-rsa'
2021-06-11T10:51:33+0000 [cowrie.ssh.transport.HoneyPotSSHTransport#debug] outgoing: b'aes128-ctr' b'hmac-sha1' b'none'
2021-06-11T10:51:33+0000 [cowrie.ssh.transport.HoneyPotSSHTransport#debug] incoming: b'aes128-ctr' b'hmac-sha1' b'none'
2021-06-11T10:51:34+0000 [cowrie.ssh.transport.HoneyPotSSHTransport#debug] NEW KEYS
2021-06-11T10:51:34+0000 [cowrie.ssh.transport.HoneyPotSSHTransport#debug] starting service b'ssh-userauth'
2021-06-11T10:51:34+0000 [cowrie.ssh.userauth.HoneyPotSSHUserAuthServer#debug] b'root' trying auth b'none'
2021-06-11T10:51:34+0000 [cowrie.ssh.userauth.HoneyPotSSHUserAuthServer#debug] b'root' trying auth b'password'
2021-06-11T10:51:34+0000 [HoneyPotSSHTransport,37,78.128.113.150] Could not read etc/userdb.txt, default database activated
2021-06-11T10:51:34+0000 [stdout#info] jsonlog: Can't serialize: '{'eventid': 'cowrie.login.success', 'username': b'root', 'password': b'admin', 'message': "login attempt [b'root'/b'admin'] succeeded", 'sensor': 'dda70ef8e80a', 'timestamp': '2021-06-11T10:51:34.241754Z', 'src_ip': '78.128.113.150', 'session': '79d7d0a46cee'}'

And here are a few of the many broken JSON entries in the cowrie.json. As you can see, they don't follow the JSON format and the username and password values are not available:

{"eventid":"cowrie.client.kex","hassh":"2f300334eb474e4d5ef932343447dd80","hasshAlgorithms":"[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,[email protected],arcfour256,arcfour128,aes128-cbc,arcfour,3des-cbc;[email protected],hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":[{"eventid":"cowrie.login.success","username":{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ya.ru","dst_port":80,"src_ip":"92.118.36.4","src_port":0,"message":"direct-tcp connection request to ya.ru:80 from 0.0.0.0:0","sensor":"dda70ef8e80a","timestamp":"2021-06-11T10:43:02.863361Z","session":"fc8657d24108"}

{"eventid":"cowrie.login.success","username":{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"05944c27d909","timestamp":"2021-06-11T00:00:17.447110Z","src_ip":"60.171.154.30","session":"bf66dfc101ed"}

Needs HEALTHCHECK

Raspberry Pi 3 - compatibility issue

Hi,

I tried to use cowrie docker image to run on Raspberry Pi 3, apparently the image is not compatible with ARM architecture. I got this error:

cowrie_cowrie_1 is up-to-date
Attaching to cowrie_cowrie_1
cowrie_1  | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1  | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1  | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1  | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1  | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1  | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1  | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1  | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1  | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1  | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_cowrie_1 exited with code 1

I know it is not the problem of cowrie, but it is more with Docker related problem.

output_mysql generates incorrect SQL queries

running inside latest docker on ubuntu20.04 host with docker-cowrie commit e39a583 getting issues at console:

2021-05-22T19:53:12+0000 [-] Timeout reached in CowrieTelnetTransport
2021-05-22T19:53:12+0000 [-] Process ended. Telnet Session disconnected: [Failure instance: Traceback (failure with no frames): <class 'twisted.internet.error.ProcessTerminated'>: A process has ended with a probable error condition: process ended with exit code 1.
	]
2021-05-22T19:53:12+0000 [twisted.internet.defer#critical] Unhandled error in Deferred:
2021-05-22T19:53:12+0000 [twisted.internet.defer#critical]
	Traceback (most recent call last):
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 517, in errback
	    self._startRunCallbacks(fail)
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 580, in _startRunCallbacks
	    self._runCallbacks()
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 662, in _runCallbacks
	    current.result = callback(current.result, *args, **kw)
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 1514, in gotResult
	    current_context.run(_inlineCallbacks, r, g, status)
	--- <exception caught here> ---
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 1443, in _inlineCallbacks
	    result = current_context.run(result.throwExceptionIntoGenerator, g)
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/failure.py", line 500, in throwExceptionIntoGenerator
	    return g.throw(self.type, self.value, self.tb)
	  File "/cowrie/cowrie-git/src/cowrie/output/mysql.py", line 98, in write
	    f"SELECT `id`\" \"FROM `sensors`\" \"WHERE `ip` = {self.sensor}"
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/threadpool.py", line 238, in inContext
	    result = inContext.theWork()  # type: ignore[attr-defined]
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/threadpool.py", line 255, in <lambda>
	    ctx, func, *args, **kw
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/context.py", line 118, in callWithContext
	    return self.currentContext().callWithContext(ctx, func, *args, **kw)
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/context.py", line 83, in callWithContext
	    return func(*args, **kw)
	  File "/cowrie/cowrie-git/src/cowrie/output/mysql.py", line 31, in _runInteraction
	    return adbapi.ConnectionPool._runInteraction(self, interaction, *args, **kw)
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/enterprise/adbapi.py", line 456, in _runInteraction
	    compat.reraise(excValue, excTraceback)
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/deprecate.py", line 298, in deprecatedFunction
	    return function(*args, **kwargs)
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/compat.py", line 403, in reraise
	    raise exception.with_traceback(traceback)
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/enterprise/adbapi.py", line 446, in _runInteraction
	    result = interaction(trans, *args, **kw)
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/enterprise/adbapi.py", line 459, in _runQuery
	    trans.execute(*args, **kw)
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/MySQLdb/cursors.py", line 206, in execute
	    res = self._query(query)
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/MySQLdb/cursors.py", line 319, in _query
	    db.query(q)
	  File "/cowrie/cowrie-env/lib/python3.7/site-packages/MySQLdb/connections.py", line 259, in query
	    _mysql.connection.query(self, query)
	MySQLdb._exceptions.ProgrammingError: (1064, 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'" "WHERE `ip` = 246f7ad57fab\' at line 1')

sniffed what was sent to mysql server:

root@mix:/var/log/mysql# ngrep -d ens3 port 3306 |grep -i sensors
  9....SELECT `id`" "FROM `sensors`" "WHERE `ip` = c10236e10d2c
  9....SELECT `id`" "FROM `sensors`" "WHERE `ip` = d7f5ebafab52
  9....SELECT `id`" "FROM `sensors`" "WHERE `ip` = 3ecb3109d841
  9....SELECT `id`" "FROM `sensors`" "WHERE `ip` = c10236e10d2c
  9....SELECT `id`" "FROM `sensors`" "WHERE `ip` = 3ecb3109d841
  9....SELECT `id`" "FROM `sensors`" "WHERE `ip` = 3ecb3109d841
  9....SELECT `id`" "FROM `sensors`" "WHERE `ip` = 3ecb3109d841
  9....SELECT `id`" "FROM `sensors`" "WHERE `ip` = 3ecb3109d841

there seems to be a formatting issue at first sight.

MySQL output engine won't work within docker

Recently I've been moving cowrie into docker, with following docker run command:

docker run --name lol --rm \
        -p 2222:2222/tcp \
        -v "cowrie-etc:/cowrie/cowrie-git/etc" \
        cowrie/cowrie

The cowrie-etc volume contains the following mysql config:

[output_mysql]
enabled = true
host = 172.17.0.1
database = YAY
username = YAY
password = YAY
port = 3306
debug = false

However, cowrie throws the following exception on start:

Unhandled Error
Traceback (most recent call last):
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/application/app.py", line 678, in run
runApp(config)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/scripts/twistd.py", line 30, in runApp
runner.run()
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/application/app.py", line 372, in run
self.application = self.createOrGetApplication()
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/application/app.py", line 434, in createOrGetApplication
ser = plg.makeService(self.config.subOptions)
--- <exception caught here> ---
File "/cowrie/cowrie-git/src/twisted/plugins/cowrie_plugin.py", line 148, in makeService
globals(), locals(), ['output']).Output()
File "/cowrie/cowrie-git/src/cowrie/output/mysql.py", line 6, in <module>
import MySQLdb
File "/cowrie/cowrie-env/lib/python3.7/site-packages/MySQLdb/__init__.py", line 24, in <module>
version_info, _mysql.version_info, _mysql.__file__
builtins.NameError: name '_mysql' is not defined
2021-03-25T12:38:35+0000 [-] Python Version 3.7.3 (default, Jul 25 2020, 13:03:44) [GCC 8.3.0]
2021-03-25T12:38:35+0000 [-] Twisted Version 21.2.0
2021-03-25T12:38:35+0000 [-] Cowrie Version 2.2.0
2021-03-25T12:38:35+0000 [-] Unhandled Error
Traceback (most recent call last):
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/application/app.py", line 678, in run
runApp(config)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/scripts/twistd.py", line 30, in runApp
runner.run()
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/application/app.py", line 372, in run
self.application = self.createOrGetApplication()
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/application/app.py", line 434, in createOrGetApplication
ser = plg.makeService(self.config.subOptions)
--- <exception caught here> ---
File "/cowrie/cowrie-git/src/twisted/plugins/cowrie_plugin.py", line 148, in makeService
globals(), locals(), ['output']).Output()
File "/cowrie/cowrie-git/src/cowrie/output/mysql.py", line 6, in <module>
import MySQLdb
File "/cowrie/cowrie-env/lib/python3.7/site-packages/MySQLdb/__init__.py", line 24, in <module>
version_info, _mysql.version_info, _mysql.__file__
builtins.NameError: name '_mysql' is not defined
2021-03-25T12:38:35+0000 [-] Failed to load output engine: mysql

After digging a bit deeper, I just found the libmariadb.so.3 appears to be missing.

docker exec -it lol bash
. ~/cowrie-env/bin/activate
python -c "import MySQLdb"

Produces the following exception:

Traceback (most recent call last):
  File "/cowrie/cowrie-env/lib/python3.7/site-packages/MySQLdb/__init__.py", line 18, in <module>
    from . import _mysql
ImportError: libmariadb.so.3: cannot open shared object file: No such file or directory

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/cowrie/cowrie-env/lib/python3.7/site-packages/MySQLdb/__init__.py", line 24, in <module>
    version_info, _mysql.version_info, _mysql.__file__
NameError: name '_mysql' is not defined

I have no idea what's happening, since the Dockerfile already installed default-libmysqlclient-dev which should have install related libraries.
I've searched lib folders for this file, but with no luck. Any help is appreciated.

Locale US.UTF-8 missing

When building the image the following is outputted.

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
        LANGUAGE = "en_US.UTF-8",
        LC_ALL = "en_US.UTF-8",
        LANG = "en_US.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

ENV LC_ALL=en_US.UTF-8 \
    LANG=en_US.UTF-8 \
    LANGUAGE=en_US.UTF-8

still required in the Dockerfile to resolve issues mentioned?

Running locale -a within the debian:buster-slim container shows

C
C.UTF-8
POSIX

are available, should we use C.UTF-8 instead or do we need to install en_US.UTF-8 to prevent any issues?

Thanks,
Luke

JSON logging failing with error: jsonlog: Can't serialize

Hi All,

need your help

I have deployed cowrie honeypot, I am getting logs in the below format, can you please me to get logs in json format instead of a string.

2021-05-18T14:26:24.763743919Z stdout F 2021-05-18T14:26:24+0000 [stdout#info] jsonlog: Can't serialize: '{'eventid': 'cowrie.login.success', 'username': b'root', 'password': b'kumar', 'message': "login attempt [b'root'/b'kumar'] succeeded", 'sensor': 'cowrie-app-667d44f77-kcdzb', 'timestamp': '2021-05-18T14:26:24.763361Z', 'src_ip': '192.0.2.1', 'session': '24221d408f3c'}'

one latest VC, I am not getting Src_ip and user name and password fields only getting direct user details and password, old cowries has above logs but its in string format.
Can you please help me to get it in json format

Many thanks in advance.

line 25: DEPLOY_KEY: unbound variable

I keep getting this error while trying to run the 'stingar/cowrie' docker version of cowrie on a Raspberry pi 4 / armv7 install.

This command: sudo docker run stingar/cowrie:master

All I can read up on it is that it relates to a ssh key on the developers side of the project of github?

This was the website I got it from:

https://hub.docker.com/r/stingar/cowrie/tags

Using this: docker pull stingar/cowrie:master

I'm not sure how else to fix it on my side of things. Hopefully this is the correct github page to post this as well.

No attackers ip in the log

Sending logs with docker logging driver:

    logging:
      driver: syslog
      options:
        syslog-address: "tcp://localhost:1330"

current log:

Dec 18 10:14:24 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:14:24+0000 [HoneyPotSSHTransport,171,172.20.0.1] connection lost
Dec 18 10:14:24 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:14:24+0000 [HoneyPotSSHTransport,171,172.20.0.1] Connection lost after 1 seconds
Dec 18 10:23:07 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:07+0000 [cowrie.ssh.factory.CowrieSSHFactory] No moduli, no diffie-hellman-group-exchange-sha1
Dec 18 10:23:07 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:07+0000 [cowrie.ssh.factory.CowrieSSHFactory] No moduli, no diffie-hellman-group-exchange-sha256
Dec 18 10:23:07 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:07+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 172.20.0.1:51514 (172.20.0.2:2222) [session: ab99da750ef5]
Dec 18 10:23:07 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:07+0000 [HoneyPotSSHTransport,172,172.20.0.1] Remote SSH version: b'SSH-2.0-libssh-0.6.3'
Dec 18 10:23:07 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:07+0000 [HoneyPotSSHTransport,172,172.20.0.1] SSH client hassh fingerprint: 51cba57125523ce4b9db67714a90bf6e
Dec 18 10:23:07 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:07+0000 [HoneyPotSSHTransport,172,172.20.0.1] kex alg, key alg: b'ecdh-sha2-nistp256' b'ssh-rsa'
Dec 18 10:23:07 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:07+0000 [HoneyPotSSHTransport,172,172.20.0.1] outgoing: b'aes256-ctr' b'hmac-sha1' b'none'
Dec 18 10:23:07 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:07+0000 [HoneyPotSSHTransport,172,172.20.0.1] incoming: b'aes256-ctr' b'hmac-sha1' b'none'
Dec 18 10:23:08 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:08+0000 [HoneyPotSSHTransport,172,172.20.0.1] NEW KEYS
Dec 18 10:23:08 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:08+0000 [HoneyPotSSHTransport,172,172.20.0.1] starting service b'ssh-userauth'
Dec 18 10:23:08 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:08+0000 [SSHService b'ssh-userauth' on HoneyPotSSHTransport,172,172.20.0.1] b'nexus' trying auth b'password'
Dec 18 10:23:08 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:08+0000 [SSHService b'ssh-userauth' on HoneyPotSSHTransport,172,172.20.0.1] Could not read etc/userdb.txt, default database activated
Dec 18 10:23:08 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:08+0000 [SSHService b'ssh-userauth' on HoneyPotSSHTransport,172,172.20.0.1] login attempt [b'nexus'/b'nexusnexus'] failed
Dec 18 10:23:09 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:09+0000 [-] b'nexus' failed auth b'password'
Dec 18 10:23:09 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:09+0000 [-] unauthorized login: 
Dec 18 10:23:09 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:09+0000 [HoneyPotSSHTransport,172,172.20.0.1] Got remote error, code 11
Dec 18 10:23:09 my_server_ip cbd73376dd7d[8014]: 	reason: b'Bye Bye'
Dec 18 10:23:09 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:09+0000 [HoneyPotSSHTransport,172,172.20.0.1] connection lost
Dec 18 10:23:09 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:09+0000 [HoneyPotSSHTransport,172,172.20.0.1] Connection lost after 1 seconds

172.20.0.1 - docker network interface

Read only mount for /cowrie/cowrie-git/etc is not supported

Currently, the docker file backups the config.cfg.dist into a directory before to expose the volume, and after docker try to move backuped file to the mounted directory:

RUN cp ${COWRIE_HOME}/cowrie-git/etc/cowrie.cfg.dist ${COWRIE_HOME}/cowrie-git
VOLUME [ "/cowrie/cowrie-git/var", "/cowrie/cowrie-git/etc" ]
RUN mv ${COWRIE_HOME}/cowrie-git/cowrie.cfg.dist ${COWRIE_HOME}/cowrie-git/etc

However if the volume is mounted in read only mode, the "mv" command will fail.

Failing to build wheels for cryptography package on arm device

I'm currently trying to build an image based on this repo for my raspberry pi 4.
I cloned the repository and tryed building the image with 'make all'.
This however fails at the steps where is tries to build wheels for the packages bcrypt & cryptography

Make log:

docker build -t cowrie:devel .
Sending build context to Docker daemon  23.04kB
Step 1/27 : ARG ARCH=
Step 2/27 : FROM ${ARCH}debian:buster-slim as builder
 ---> de61cd3ba365
Step 3/27 : LABEL maintainer="Michel Oosterhof <[email protected]>"
 ---> Using cache
 ---> 5746fcd36426
Step 4/27 : WORKDIR /
 ---> Using cache
 ---> 574292dee636
Step 5/27 : ENV COWRIE_GROUP=cowrie     COWRIE_USER=cowrie     COWRIE_HOME=/cowrie
 ---> Using cache
 ---> 41ca3c752d4c
Step 6/27 : ENV LC_ALL=en_US.UTF-8     LANG=en_US.UTF-8     LANGUAGE=en_US.UTF-8
 ---> Using cache
 ---> 7cea05733a51
Step 7/27 : RUN groupadd -r -g 1000 ${COWRIE_GROUP} &&     useradd -r -u 1000 -d ${COWRIE_HOME} -m -g ${COWRIE_GROUP} ${COWRIE_USER}
 ---> Using cache
 ---> 852edfea6269
Step 8/27 : RUN export DEBIAN_FRONTEND=noninteractive;     apt-get update &&     apt-get install -y         -o APT::Install-Suggests=false         -o APT::Install-Recommends=false       python3-pip       libssl-dev       ca-certificates       libffi-dev       python3-dev       python3-venv       python3       gcc       git       build-essential       python3-virtualenv       libsnappy-dev       default-libmysqlclient-dev &&     rm -rf /var/lib/apt/lists/*
 ---> Using cache
 ---> 21516b7b3aa6
Step 9/27 : USER ${COWRIE_USER}
 ---> Using cache
 ---> 6d205a4df692
Step 10/27 : RUN git clone --separate-git-dir=/tmp/cowrie.git https://github.com/cowrie/cowrie ${COWRIE_HOME}/cowrie-git &&     cd ${COWRIE_HOME} &&       python3 -m venv cowrie-env &&       . cowrie-env/bin/activate &&       pip install --no-cache-dir --upgrade pip &&       pip install --no-cache-dir --upgrade cffi &&       pip install --no-cache-dir --upgrade setuptools &&       pip install --no-cache-dir --upgrade -r ${COWRIE_HOME}/cowrie-git/requirements.txt &&       pip install --no-cache-dir --upgrade -r ${COWRIE_HOME}/cowrie-git/requirements-output.txt
 ---> Running in 637303e72ac2
Cloning into '/cowrie/cowrie-git'...
Checking out files: 100% (384/384), done.
Collecting pip
  Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)
Installing collected packages: pip
  Found existing installation: pip 18.1
    Uninstalling pip-18.1:
      Successfully uninstalled pip-18.1
Successfully installed pip-21.1.1
Collecting cffi
  Downloading cffi-1.14.5.tar.gz (475 kB)
Collecting pycparser
  Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)
Using legacy 'setup.py install' for cffi, since package 'wheel' is not installed.
Installing collected packages: pycparser, cffi
    Running setup.py install for cffi: started
    Running setup.py install for cffi: finished with status 'done'
Successfully installed cffi-1.14.5 pycparser-2.20
Requirement already satisfied: setuptools in ./cowrie-env/lib/python3.7/site-packages (40.8.0)
Collecting setuptools
  Downloading setuptools-56.2.0-py3-none-any.whl (785 kB)
Installing collected packages: setuptools
  Attempting uninstall: setuptools
    Found existing installation: setuptools 40.8.0
    Uninstalling setuptools-40.8.0:
      Successfully uninstalled setuptools-40.8.0
Successfully installed setuptools-56.2.0
Collecting appdirs==1.4.4
  Downloading appdirs-1.4.4-py2.py3-none-any.whl (9.6 kB)
Collecting attrs==20.3.0
  Downloading attrs-20.3.0-py2.py3-none-any.whl (49 kB)
Collecting bcrypt==3.2.0
  Downloading bcrypt-3.2.0.tar.gz (42 kB)
  Installing build dependencies: started
  Installing build dependencies: finished with status 'done'
  Getting requirements to build wheel: started
  Getting requirements to build wheel: finished with status 'done'
    Preparing wheel metadata: started
    Preparing wheel metadata: finished with status 'done'
Collecting configparser==5.0.2
  Downloading configparser-5.0.2-py3-none-any.whl (19 kB)
Collecting cryptography==3.4.7
  Downloading cryptography-3.4.7.tar.gz (546 kB)
  Installing build dependencies: started
  Installing build dependencies: finished with status 'done'
  Getting requirements to build wheel: started
  Getting requirements to build wheel: finished with status 'done'
    Preparing wheel metadata: started
    Preparing wheel metadata: finished with status 'done'
Collecting packaging==20.9
  Downloading packaging-20.9-py2.py3-none-any.whl (40 kB)
Collecting pyasn1_modules==0.2.8
  Downloading pyasn1_modules-0.2.8-py2.py3-none-any.whl (155 kB)
Collecting pyopenssl==20.0.1
  Downloading pyOpenSSL-20.0.1-py2.py3-none-any.whl (54 kB)
Collecting pyparsing==2.4.7
  Downloading pyparsing-2.4.7-py2.py3-none-any.whl (67 kB)
Collecting python-dateutil==2.8.1
  Downloading python_dateutil-2.8.1-py2.py3-none-any.whl (227 kB)
Collecting service_identity==18.1.0
  Downloading service_identity-18.1.0-py2.py3-none-any.whl (11 kB)
Collecting tftpy==0.8.0
  Downloading tftpy-0.8.0.tar.gz (32 kB)
Collecting treq==21.1.0
  Downloading treq-21.1.0-py2.py3-none-any.whl (64 kB)
Collecting twisted==21.2.0
  Downloading Twisted-21.2.0-py3-none-any.whl (3.1 MB)
Collecting six>=1.4.1
  Downloading six-1.16.0-py2.py3-none-any.whl (11 kB)
Requirement already satisfied: cffi>=1.1 in ./cowrie-env/lib/python3.7/site-packages (from bcrypt==3.2.0->-r /cowrie/cowrie-git/requirements.txt (line 3)) (1.14.5)
Collecting pyasn1<0.5.0,>=0.4.6
  Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)
Collecting hyperlink>=21.0.0
  Downloading hyperlink-21.0.0-py2.py3-none-any.whl (74 kB)
Collecting requests>=2.1.0
  Downloading requests-2.25.1-py2.py3-none-any.whl (61 kB)
Collecting incremental
  Downloading incremental-21.3.0-py2.py3-none-any.whl (15 kB)
Collecting Automat>=0.8.0
  Downloading Automat-20.2.0-py2.py3-none-any.whl (31 kB)
Collecting zope.interface>=4.4.2
  Downloading zope.interface-5.4.0.tar.gz (249 kB)
Collecting constantly>=15.1
  Downloading constantly-15.1.0-py2.py3-none-any.whl (7.9 kB)
Requirement already satisfied: pycparser in ./cowrie-env/lib/python3.7/site-packages (from cffi>=1.1->bcrypt==3.2.0->-r /cowrie/cowrie-git/requirements.txt (line 3)) (2.20)
Collecting idna>=2.5
  Downloading idna-3.1-py3-none-any.whl (58 kB)
Collecting urllib3<1.27,>=1.21.1
  Downloading urllib3-1.26.4-py2.py3-none-any.whl (153 kB)
Collecting idna>=2.5
  Downloading idna-2.10-py2.py3-none-any.whl (58 kB)
Collecting chardet<5,>=3.0.2
  Downloading chardet-4.0.0-py2.py3-none-any.whl (178 kB)
Collecting certifi>=2017.4.17
  Downloading certifi-2020.12.5-py2.py3-none-any.whl (147 kB)
Requirement already satisfied: setuptools in ./cowrie-env/lib/python3.7/site-packages (from zope.interface>=4.4.2->twisted==21.2.0->-r /cowrie/cowrie-git/requirements.txt (line 14)) (56.2.0)
Using legacy 'setup.py install' for tftpy, since package 'wheel' is not installed.
Using legacy 'setup.py install' for zope.interface, since package 'wheel' is not installed.
Building wheels for collected packages: bcrypt, cryptography
  Building wheel for bcrypt (PEP 517): started
  Building wheel for bcrypt (PEP 517): finished with status 'done'
  Created wheel for bcrypt: filename=bcrypt-3.2.0-cp37-cp37m-linux_armv7l.whl size=57888 sha256=023858dec4ca52d3a2d8dd5f4fd9e1fb1368803e49b0d50c81afb1cdd48b7159
  Stored in directory: /tmp/pip-ephem-wheel-cache-dp9hiy06/wheels/c8/ef/5b/5866ddf8e9944d7968fcb3782ad6a68f234bdd13ec3b04ee7c
  Building wheel for cryptography (PEP 517): started
  Building wheel for cryptography (PEP 517): finished with status 'error'
  ERROR: Command errored out with exit status 1:
   command: /cowrie/cowrie-env/bin/python3 /cowrie/cowrie-env/lib/python3.7/site-packages/pip/_vendor/pep517/in_process/_in_process.py build_wheel /tmp/tmp2j9iwgan
       cwd: /tmp/pip-install-u11k6qm1/cryptography_ce2a7c4c62234713bf1820f2ce1192b0
  Complete output (165 lines):
  running bdist_wheel
  running build
  running build_py
  creating build
  creating build/lib.linux-armv7l-3.7
  creating build/lib.linux-armv7l-3.7/cryptography
  copying src/cryptography/__about__.py -> build/lib.linux-armv7l-3.7/cryptography
  copying src/cryptography/utils.py -> build/lib.linux-armv7l-3.7/cryptography
  copying src/cryptography/exceptions.py -> build/lib.linux-armv7l-3.7/cryptography
  copying src/cryptography/fernet.py -> build/lib.linux-armv7l-3.7/cryptography
  copying src/cryptography/__init__.py -> build/lib.linux-armv7l-3.7/cryptography
  creating build/lib.linux-armv7l-3.7/cryptography/x509
  copying src/cryptography/x509/oid.py -> build/lib.linux-armv7l-3.7/cryptography/x509
  copying src/cryptography/x509/name.py -> build/lib.linux-armv7l-3.7/cryptography/x509
  copying src/cryptography/x509/extensions.py -> build/lib.linux-armv7l-3.7/cryptography/x509
  copying src/cryptography/x509/certificate_transparency.py -> build/lib.linux-armv7l-3.7/cryptography/x509
  copying src/cryptography/x509/base.py -> build/lib.linux-armv7l-3.7/cryptography/x509
  copying src/cryptography/x509/ocsp.py -> build/lib.linux-armv7l-3.7/cryptography/x509
  copying src/cryptography/x509/general_name.py -> build/lib.linux-armv7l-3.7/cryptography/x509
  copying src/cryptography/x509/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/x509
  creating build/lib.linux-armv7l-3.7/cryptography/hazmat
  copying src/cryptography/hazmat/_der.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat
  copying src/cryptography/hazmat/_types.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat
  copying src/cryptography/hazmat/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat
  copying src/cryptography/hazmat/_oid.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat
  creating build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
  copying src/cryptography/hazmat/primitives/poly1305.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
  copying src/cryptography/hazmat/primitives/_asymmetric.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
  copying src/cryptography/hazmat/primitives/padding.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
  copying src/cryptography/hazmat/primitives/constant_time.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
  copying src/cryptography/hazmat/primitives/_cipheralgorithm.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
  copying src/cryptography/hazmat/primitives/hashes.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
  copying src/cryptography/hazmat/primitives/_serialization.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
  copying src/cryptography/hazmat/primitives/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
  copying src/cryptography/hazmat/primitives/keywrap.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
  copying src/cryptography/hazmat/primitives/hmac.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
  copying src/cryptography/hazmat/primitives/cmac.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
  creating build/lib.linux-armv7l-3.7/cryptography/hazmat/backends
  copying src/cryptography/hazmat/backends/interfaces.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends
  copying src/cryptography/hazmat/backends/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends
  creating build/lib.linux-armv7l-3.7/cryptography/hazmat/bindings
  copying src/cryptography/hazmat/bindings/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/bindings
  creating build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
  copying src/cryptography/hazmat/primitives/asymmetric/rsa.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
  copying src/cryptography/hazmat/primitives/asymmetric/ed25519.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
  copying src/cryptography/hazmat/primitives/asymmetric/padding.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
  copying src/cryptography/hazmat/primitives/asymmetric/ed448.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
  copying src/cryptography/hazmat/primitives/asymmetric/utils.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
  copying src/cryptography/hazmat/primitives/asymmetric/x25519.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
  copying src/cryptography/hazmat/primitives/asymmetric/dsa.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
  copying src/cryptography/hazmat/primitives/asymmetric/dh.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
  copying src/cryptography/hazmat/primitives/asymmetric/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
  copying src/cryptography/hazmat/primitives/asymmetric/x448.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
  copying src/cryptography/hazmat/primitives/asymmetric/ec.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
  creating build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/kdf
  copying src/cryptography/hazmat/primitives/kdf/kbkdf.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/kdf
  copying src/cryptography/hazmat/primitives/kdf/hkdf.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/kdf
  copying src/cryptography/hazmat/primitives/kdf/concatkdf.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/kdf
  copying src/cryptography/hazmat/primitives/kdf/x963kdf.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/kdf
  copying src/cryptography/hazmat/primitives/kdf/pbkdf2.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/kdf
  copying src/cryptography/hazmat/primitives/kdf/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/kdf
  copying src/cryptography/hazmat/primitives/kdf/scrypt.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/kdf
  creating build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/ciphers
  copying src/cryptography/hazmat/primitives/ciphers/algorithms.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/ciphers
  copying src/cryptography/hazmat/primitives/ciphers/modes.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/ciphers
  copying src/cryptography/hazmat/primitives/ciphers/aead.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/ciphers
  copying src/cryptography/hazmat/primitives/ciphers/base.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/ciphers
  copying src/cryptography/hazmat/primitives/ciphers/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/ciphers
  creating build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/twofactor
  copying src/cryptography/hazmat/primitives/twofactor/hotp.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/twofactor
  copying src/cryptography/hazmat/primitives/twofactor/utils.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/twofactor
  copying src/cryptography/hazmat/primitives/twofactor/totp.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/twofactor
  copying src/cryptography/hazmat/primitives/twofactor/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/twofactor
  creating build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/serialization
  copying src/cryptography/hazmat/primitives/serialization/pkcs7.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/serialization
  copying src/cryptography/hazmat/primitives/serialization/pkcs12.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/serialization
  copying src/cryptography/hazmat/primitives/serialization/base.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/serialization
  copying src/cryptography/hazmat/primitives/serialization/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/serialization
  copying src/cryptography/hazmat/primitives/serialization/ssh.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/serialization
  creating build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/ciphers.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/poly1305.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/rsa.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/x509.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/ed25519.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/encode_asn1.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/decode_asn1.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/ed448.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/utils.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/hashes.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/x25519.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/dsa.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/aead.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/backend.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/ocsp.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/dh.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/x448.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/hmac.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/ec.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  copying src/cryptography/hazmat/backends/openssl/cmac.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
  creating build/lib.linux-armv7l-3.7/cryptography/hazmat/bindings/openssl
  copying src/cryptography/hazmat/bindings/openssl/_conditional.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/bindings/openssl
  copying src/cryptography/hazmat/bindings/openssl/binding.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/bindings/openssl
  copying src/cryptography/hazmat/bindings/openssl/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/bindings/openssl
  running egg_info
  writing src/cryptography.egg-info/PKG-INFO
  writing dependency_links to src/cryptography.egg-info/dependency_links.txt
  writing requirements to src/cryptography.egg-info/requires.txt
  writing top-level names to src/cryptography.egg-info/top_level.txt
  adding license file 'LICENSE.APACHE' (matched pattern 'LICEN[CS]E*')
  adding license file 'LICENSE.PSF' (matched pattern 'LICEN[CS]E*')
  adding license file 'LICENSE.BSD' (matched pattern 'LICEN[CS]E*')
  adding license file 'LICENSE' (matched pattern 'LICEN[CS]E*')
  reading manifest file 'src/cryptography.egg-info/SOURCES.txt'
  reading manifest template 'MANIFEST.in'
  no previously-included directories found matching 'docs/_build'
  warning: no previously-included files found matching 'vectors'
  warning: no previously-included files matching '*' found under directory 'vectors'
  warning: no previously-included files matching '*' found under directory '.github'
  warning: no previously-included files found matching 'release.py'
  warning: no previously-included files found matching '.coveragerc'
  warning: no previously-included files found matching 'codecov.yml'
  warning: no previously-included files found matching '.readthedocs.yml'
  warning: no previously-included files found matching 'dev-requirements.txt'
  warning: no previously-included files found matching 'tox.ini'
  warning: no previously-included files found matching 'mypy.ini'
  warning: no previously-included files matching '*' found under directory '.zuul.d'
  warning: no previously-included files matching '*' found under directory '.zuul.playbooks'
  writing manifest file 'src/cryptography.egg-info/SOURCES.txt'
  copying src/cryptography/py.typed -> build/lib.linux-armv7l-3.7/cryptography
  running build_ext
  generating cffi module 'build/temp.linux-armv7l-3.7/_padding.c'
  creating build/temp.linux-armv7l-3.7
  generating cffi module 'build/temp.linux-armv7l-3.7/_openssl.c'
  running build_rust

      =============================DEBUG ASSISTANCE=============================
      If you are seeing a compilation error please try the following steps to
      successfully install cryptography:
      1) Upgrade to the latest pip and try again. This will fix errors for most
         users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip
      2) Read https://cryptography.io/en/latest/installation.html for specific
         instructions for your platform.
      3) Check our frequently asked questions for more information:
         https://cryptography.io/en/latest/faq.html
      4) Ensure you have a recent Rust toolchain installed:
         https://cryptography.io/en/latest/installation.html#rust
      5) If you are experiencing issues with Rust for *this release only* you may
         set the environment variable `CRYPTOGRAPHY_DONT_BUILD_RUST=1`.
      =============================DEBUG ASSISTANCE=============================

  error: can't find Rust compiler

  If you are using an outdated pip version, it is possible a prebuilt wheel is available for this package but pip is not able to install from it. Installing from the wheel would avoid the need for a Rust compiler.

  To update pip, run:

      pip install --upgrade pip

  and then retry package installation.

  If you did intend to build this package from source, try installing a Rust compiler from your system package manager and ensure it is on the PATH during installation. Alternatively, rustup (available at https://rustup.rs) is the recommended way to download and update the Rust compiler toolchain.

  This package requires Rust >=1.41.0.
  ----------------------------------------
  ERROR: Failed building wheel for cryptography
Successfully built bcrypt
Failed to build cryptography
ERROR: Could not build wheels for cryptography which use PEP 517 and cannot be installed directly
The command '/bin/sh -c git clone --separate-git-dir=/tmp/cowrie.git https://github.com/cowrie/cowrie ${COWRIE_HOME}/cowrie-git &&     cd ${COWRIE_HOME} &&       python3 -m venv cowrie-env &&       . cowrie-env/bin/activate &&       pip install --no-cache-dir --upgrade pip &&       pip install --no-cache-dir --upgrade cffi &&       pip install --no-cache-dir --upgrade setuptools &&       pip install --no-cache-dir --upgrade -r ${COWRIE_HOME}/cowrie-git/requirements.txt &&       pip install --no-cache-dir --upgrade -r ${COWRIE_HOME}/cowrie-git/requirements-output.txt' returned a non-zero code: 1
make: *** [Makefile:20: build] Fehler 1

How do you use playlog and other features if it's a container?

I can get cowrie to run, but how do I use any of its other features?

Cowrie log files with docker-compose

I am trying to persist the cowrie log files running on docker. My docker compose file is:

honey:
image: cowrie/cowrie:latest
restart: always
ports:
- "2222:2222"
- "2223:2223"
volumes:
- "./logs:/var"
- ./configs:/etc"

The etc folder is correctly mapped, however, the var folder is empty. I did not touch the cowrie.cfg configuration file at the moment. What am I missing?

Raspberry Pi support

I was unable to build the image on Raspberry Pi 3:

    Preparing wheel metadata: started
    Preparing wheel metadata: finished with status 'error'
    ERROR: Complete output from command /cowrie/cowrie-env/bin/python3 /cowrie/cowrie-env/lib/python3.5/site-packages/pip/_vendor/pep517/_in_process.py prepare_metadata_for_build_wheel /tmp/tmpk982pkrt:
    ERROR: Traceback (most recent call last):
      File "/cowrie/cowrie-env/lib/python3.5/site-packages/pip/_vendor/pep517/_in_process.py", line 207, in <module>
        main()
      File "/cowrie/cowrie-env/lib/python3.5/site-packages/pip/_vendor/pep517/_in_process.py", line 197, in main
        json_out['return_val'] = hook(**hook_input['kwargs'])
      File "/cowrie/cowrie-env/lib/python3.5/site-packages/pip/_vendor/pep517/_in_process.py", line 69, in prepare_metadata_for_build_wheel
        return hook(metadata_directory, config_settings)
      File "/tmp/pip-build-env-1wbut0kg/overlay/lib/python3.5/site-packages/poetry/masonry/api.py", line 49, in prepare_metadata_for_build_wheel
        builder._write_metadata_file(f)
      File "/tmp/pip-build-env-1wbut0kg/overlay/lib/python3.5/site-packages/poetry/masonry/builders/wheel.py", line 314, in _write_metadata_file
        fp.write(decode(self.get_metadata_content()))
    UnicodeEncodeError: 'ascii' codec can't encode character '\xe9' in position 178: ordinal not in range(128)
    ----------------------------------------
ERROR: Command "/cowrie/cowrie-env/bin/python3 /cowrie/cowrie-env/lib/python3.5/site-packages/pip/_vendor/pep517/_in_process.py prepare_metadata_for_build_wheel /tmp/tmpk982pkrt" failed with error code 1 in /tmp/pip-install-jpxknzh3/pendulum
The command '/bin/sh -c git clone --separate-git-dir=/tmp/cowrie.git http://github.com/cowrie/cowrie ${COWRIE_HOME}/cowrie-git &&     cd ${COWRIE_HOME} &&       python3 -m venv cowrie-env &&       . cowrie-env/bin/activate &&       pip install --no-cache-dir --upgrade pip &&       pip install --no-cache-dir --upgrade cffi &&       pip install --no-cache-dir --upgrade setuptools &&       pip install --no-cache-dir --upgrade -r ${COWRIE_HOME}/cowrie-git/requirements.txt &&       pip install --no-cache-dir --upgrade -r ${COWRIE_HOME}/cowrie-git/requirements-output.txt' returned a non-zero code: 1
Makefile:10: recipe for target 'build' failed
make: *** [build] Error 1

Would it be possible to provide a pre-built ARM-image on the Docker Hub? The Raspi is ideal for a small standalone honeypot.

Problem with unable to modify configuration file

I can get Cowrie up and running, but I'm modifying the configuration file: cowrie/etc/cowrie.cfg.dist After dist, commit the docker, and when run has the new image, the previous modifications to the configuration file, are not saved. I hope the author can make a response to this situation. Thank you for making such an excellent product！

How to use mysql to log in docker-cowrie?

Can docker-cowrie replace cowire completely?
When I enter the container, there is no mysql command。

Needs Update on Docker Image on Docker Hub

MySQL module is operational only if you build a docker container from the source by git clone.

The fix is already done by last commit aa65a14

However, on Docker hub the last updated was 3 months ago.

Can you push an updated docker container?

Failed to load output engine: hpfeeds

2018-11-19T06:55:53+0000 [-] Python Version 3.5.3 (default, Sep 27 2018, 17:25:39) [GCC 6.3.0 20170516]
2018-11-19T06:55:53+0000 [-] Twisted Version 18.9.0
2018-11-19T06:55:53+0000 [-] Loaded output engine: jsonlog
2018-11-19T06:55:53+0000 [-] Early version of hpfeeds-output, untested!
2018-11-19T06:55:53+0000 [-] hpfeeds client init broker 106.75.178.69:10000, identifier bdc2c520-ea3d-11e8-bed7-52540059f14b
2018-11-19T06:55:53+0000 [-] Unhandled Error
	Traceback (most recent call last):
	  File "/cowrie/cowrie-env/lib/python3.5/site-packages/twisted/application/app.py", line 674, in run
	    runApp(config)
	  File "/cowrie/cowrie-env/lib/python3.5/site-packages/twisted/scripts/twistd.py", line 25, in runApp
	    runner.run()
	  File "/cowrie/cowrie-env/lib/python3.5/site-packages/twisted/application/app.py", line 381, in run
	    self.application = self.createOrGetApplication()
	  File "/cowrie/cowrie-env/lib/python3.5/site-packages/twisted/application/app.py", line 448, in createOrGetApplication
	    ser = plg.makeService(self.config.subOptions)
	--- <exception caught here> ---
	  File "/cowrie/cowrie-git/src/twisted/plugins/cowrie_plugin.py", line 127, in makeService
	    globals(), locals(), ['output']).Output()
	  File "/cowrie/cowrie-git/src/cowrie/output/hpfeeds.py", line 258, in __init__
	    cowrie.core.output.Output.__init__(self)
	  File "/cowrie/cowrie-git/src/cowrie/core/output.py", line 97, in __init__
	    self.start()
	  File "/cowrie/cowrie-git/src/cowrie/output/hpfeeds.py", line 267, in start
	    self.client = hpclient(server, port, ident, secret, debug)
	  File "/cowrie/cowrie-git/src/cowrie/output/hpfeeds.py", line 129, in __init__
	    self.connect()
	  File "/cowrie/cowrie-git/src/cowrie/output/hpfeeds.py", line 143, in connect
	    self.handle_established()
	  File "/cowrie/cowrie-git/src/cowrie/output/hpfeeds.py", line 161, in handle_established
	    self.read()
	  File "/cowrie/cowrie-git/src/cowrie/output/hpfeeds.py", line 184, in read
	    for opcode, data in self.unpacker:
	builtins.TypeError: iter() returned non-iterator of type 'FeedUnpack'
	
2018-11-19T06:55:53+0000 [-] Failed to load output engine: hpfeeds
2018-11-19T06:55:53+0000 [twisted.scripts._twistd_unix.UnixAppLogger#info] twistd 18.9.0 (/cowrie/cowrie-env/bin/python3 3.5.3) starting up.
2018-11-19T06:55:53+0000 [twisted.scripts._twistd_unix.UnixAppLogger#info] reactor class: twisted.internet.epollreactor.EPollReactor.
2018-11-19T06:55:53+0000 [-] CowrieSSHFactory starting on 2222
2018-11-19T06:55:53+0000 [cowrie.ssh.factory.CowrieSSHFactory#info] Starting factory <cowrie.ssh.factory.CowrieSSHFactory object at 0x7f9846ca7860>
2018-11-19T06:55:53+0000 [-] Ready to accept SSH connections

No more FTP when connected

There used to be a FTP client installed in the Cowrie container. Was this removed deliberately or was this removed by accident? I was not able to find any changes which would have caused this.

Forbidden access to S3-compatible Object Storage

Describe the bug

After configuring the S3 output, when cowrie tries to check for the existence of a file it fails with a 403 Forbidden error.

To Reproduce
Steps to reproduce the behavior:

Deploy an S3-compatible object storage (in my case MinIO)
Create a bucket (for example cowrie)
Define and apply access policies to bucket by the user:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetObject",
        "s3:ListBucket",
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::cowrie/*"
      ],
      "Sid": ""
    }
  ]
}

Configure cowrie to upload files to S3 (obviously changing MYKEY, MYSECRETACCESSKEY, MY-REGION and the endpoint URL to correct values)

[output_s3]
enabled = true
access_key_id = MYKEY
secret_access_key = MYSECRETACCESSKEY
bucket = cowrie
region = MY-REGION
endpoint = https://s3.example.com:9000

Launch a docker-cowrie container
Simulate downloading files with wget and/or curl
Exit and reconnect to cowrie to trigger the file uploading

The logs show the following 403 Forbidden error:

2020-03-23T17:03:52+0000 [twisted.internet.defer#critical] Unhandled error in Deferred:
2020-03-23T17:03:52+0000 [twisted.internet.defer#critical]
        Traceback (most recent call last):
          File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 501, in errback
            self._startRunCallbacks(fail)
          File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 568, in _startRunCallbacks
            self._runCallbacks()
          File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 654, in _runCallbacks
            current.result = callback(current.result, *args, **kw)
          File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 1475, in gotResult
            _inlineCallbacks(r, g, status)
        --- <exception caught here> ---
          File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks
            result = result.throwExceptionIntoGenerator(g)
          File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator
            return g.throw(self.type, self.value, self.tb)
          File "/cowrie/cowrie-git/src/cowrie/output/s3.py", line 77, in upload
            exists = yield self._object_exists_remote(shasum)
          File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks
            result = result.throwExceptionIntoGenerator(g)
          File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator
            return g.throw(self.type, self.value, self.tb)
          File "/cowrie/cowrie-git/src/cowrie/output/s3.py", line 62, in _object_exists_remote
            Key=shasum,
          File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/threadpool.py", line 250, in inContext
            result = inContext.theWork()
          File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/threadpool.py", line 266, in <lambda>
            inContext.theWork = lambda: context.call(ctx, func, *args, **kw)
          File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/context.py", line 122, in callWithContext
            return self.currentContext().callWithContext(ctx, func, *args, **kw)
          File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/context.py", line 85, in callWithContext
            return func(*args,**kw)
          File "/cowrie/cowrie-env/lib/python3.7/site-packages/botocore/client.py", line 316, in _api_call
            return self._make_api_call(operation_name, kwargs)
          File "/cowrie/cowrie-env/lib/python3.7/site-packages/botocore/client.py", line 626, in _make_api_call
            raise error_class(parsed_response, operation_name)
        botocore.exceptions.ClientError: An error occurred (403) when calling the HeadObject operation: Forbidden

Expected behavior

The file should be correctly uploaded to the bucket.

Additional context

I digged into the code for the s3 output and literally copied the steps made to connect and check for a file existence on S3 (the HeadObject operation that fails), which are the following:

from botocore.session import get_session
s = get_session()
s.set_credentials('MYKEY', 'MYSECRETACCESSKEY')
c = s.create_client('s3', region_name='MY-REGION', endpoint_url='https://s3.example.com:9000', verify=True)
c.head_object(Bucket='cowrie', Key='87950f295806b70d88a6853a51d5cef5d61d1721a412765fb610a6f5bcc144fd')

executing it in a simple python virtual environment with botocore installed (same version as in the docker-cowrie image) results in, as expected, a 404 Not Found exception:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "C:\Users\kuax\dev\exys\tmp\s3cmd\venv\lib\site-packages\botocore\client.py", line 316, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "C:\Users\kuax\dev\exys\tmp\s3cmd\venv\lib\site-packages\botocore\client.py", line 626, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (404) when calling the HeadObject operation: Not Found

This makes me think that it isn't an issue with using the S3-compatible object storage, but there might be something in docker-cowrie?

Not sure what else to test at this point though... I even tried hard-coding the configuration in the s3.py file, just to check if it is an error with the loading of the configuration, but no, the error remains...

SQL logging error

Hello! I am having an issue with getting docker-cowrie to tie in with another mysql container. You can see my full configuration here. The issue comes when (I presume) cowrie is trying to write to the sql database. I'm not sure if this is an issue with my specific docker configuration, or with docker-cowrie itself.

Here is the error that is happening:

2021-05-03T20:43:52+0000 [twisted.internet.defer#critical]
Traceback (most recent call last):
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/base.py", line 1292, in mainLoop
self.runUntilCurrent()
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/base.py", line 886, in runUntilCurrent
f(*a, **kw)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 501, in errback
self._startRunCallbacks(fail)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 568, in _startRunCallbacks
self._runCallbacks()
--- <exception caught here> ---
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 654, in _runCallbacks
current.result = callback(current.result, *args, **kw)
File "/cowrie/cowrie-git/src/cowrie/output/mysql.py", line 80, in sqlerror
if error.value[0] in (1146, 1406):
builtins.TypeError: 'OperationalError' object is not subscriptable```

cowrie / docker-cowrie Goto Github PK

docker-cowrie's Introduction

Cowrie

Welcome to the Cowrie GitHub repository

What is Cowrie

Documentation

Slack

Features

Docker

Configuring Cowrie in Docker

Requirements

Files of interest:

Contributors

docker-cowrie's People

Contributors

Stargazers

Watchers

Forkers

docker-cowrie's Issues

Recommend Projects

Recommend Topics

Recommend Org