Comments (14)
So looking at https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html the head object
seem to require s3:getObject
which you give, so I think you give the right acces rights.
from docker-cowrie.
this could help: https://aws.amazon.com/premiumsupport/knowledge-center/s3-troubleshoot-403/ ?
from docker-cowrie.
Does your policy need a principal entry?
from docker-cowrie.
What if you try it from a non-dockered cowrie?
from docker-cowrie.
Does your policy need a principal entry?
It doesn't seem so (referring in this specific case to the MinIO documentation on users and access control). Policies are applied to users in a second step.
from docker-cowrie.
What if you try it from a non-dockered cowrie?
I'll try that 👍
from docker-cowrie.
Yup, I can confirm that in a non-dockerized cowrie instance everything works fine 👍 at least the whole S3 setup wasn't for nothing 😅
That's weird though... does Docker's network adapter change request headers? 🤔
from docker-cowrie.
from docker-cowrie.
from docker-cowrie.
botocore is 1.15.x on both environments, while awscli is not present in either... The system time issue sounds interesting. I'll try to tap a request that arrives on the backend to check what parameters it is sent, might help with debugging that.
from docker-cowrie.
Well... sure enough I start tapping and today everything works as expected even in the dockerized cowrie 😒. Coincidentally yesterday we entered summer time here in Central Europe... so I tried messing with the system clock manually and restarting the Docker daemon (since apparently "Docker uses the same clock as the host and the [container] cannot change it", see this SO answer) and yes, that is indeed the issue... Tbh I thought the S3 signature mechanism would be based only on the data received in the headers (timestamp included) 🤔 , so it never crossed my mind that time differences between machines could be an issue.
All this means that the timing of your answer was perfect 😄 had I tried running a non-dockerized cowrie instance last week it wouldn't have worked.
Now I only have to find a way to keep cowrie deployments and the S3 backend always in sync, but that's not a cowrie issue 👍
Thanks a lot for the support @micheloosterhof and in general for your work on cowrie 🙏
from docker-cowrie.
Actually, I think I jumped to conclusions too fast. Last week I would be able to access S3 from a simple virtual environment, but not from inside the container. Yet the host was the same, so something must be still off with Docker...
from docker-cowrie.
from docker-cowrie.
Yes, I'll most likely do that.
I unfortunately haven't been able to exactly reproduce last week's conditions by manually changing the system clock... If I do that I get a 403 in both cases now 🤔 bah, who knows...
In any case thank you!
from docker-cowrie.
Related Issues (20)
- How to use mysql to log in docker-cowrie?
- Problem with unable to modify configuration file HOT 4
- Locale US.UTF-8 missing HOT 2
- Read only mount for /cowrie/cowrie-git/etc is not supported
- line 25: DEPLOY_KEY: unbound variable HOT 2
- MySQL output engine won't work within docker HOT 4
- Needs Update on Docker Image on Docker Hub HOT 1
- SQL logging error HOT 10
- JSON logging failing with error: jsonlog: Can't serialize HOT 19
- Failing to build wheels for cryptography package on arm device HOT 7
- output_mysql generates incorrect SQL queries HOT 20
- Corrupted log entries when username is involved in latest cowrie docker image HOT 5
- No more FTP when connected
- Failed to load output engine: hpfeeds HOT 7
- Cowrie log files with docker-compose HOT 1
- How do you use playlog and other features if it's a container? HOT 1
- No attackers ip in the log HOT 2
- Needs HEALTHCHECK
- Raspberry Pi support HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-cowrie.