cowrie / docker-cowrie Goto Github PK
View Code? Open in Web Editor NEWCowrie Docker GitHub repository
Home Page: https://www.cowrie.org/
Cowrie Docker GitHub repository
Home Page: https://www.cowrie.org/
Recently I've been moving cowrie into docker, with following docker run command:
docker run --name lol --rm \
-p 2222:2222/tcp \
-v "cowrie-etc:/cowrie/cowrie-git/etc" \
cowrie/cowrie
The cowrie-etc
volume contains the following mysql config:
[output_mysql]
enabled = true
host = 172.17.0.1
database = YAY
username = YAY
password = YAY
port = 3306
debug = false
However, cowrie throws the following exception on start:
Unhandled Error
Traceback (most recent call last):
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/application/app.py", line 678, in run
runApp(config)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/scripts/twistd.py", line 30, in runApp
runner.run()
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/application/app.py", line 372, in run
self.application = self.createOrGetApplication()
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/application/app.py", line 434, in createOrGetApplication
ser = plg.makeService(self.config.subOptions)
--- <exception caught here> ---
File "/cowrie/cowrie-git/src/twisted/plugins/cowrie_plugin.py", line 148, in makeService
globals(), locals(), ['output']).Output()
File "/cowrie/cowrie-git/src/cowrie/output/mysql.py", line 6, in <module>
import MySQLdb
File "/cowrie/cowrie-env/lib/python3.7/site-packages/MySQLdb/__init__.py", line 24, in <module>
version_info, _mysql.version_info, _mysql.__file__
builtins.NameError: name '_mysql' is not defined
2021-03-25T12:38:35+0000 [-] Python Version 3.7.3 (default, Jul 25 2020, 13:03:44) [GCC 8.3.0]
2021-03-25T12:38:35+0000 [-] Twisted Version 21.2.0
2021-03-25T12:38:35+0000 [-] Cowrie Version 2.2.0
2021-03-25T12:38:35+0000 [-] Unhandled Error
Traceback (most recent call last):
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/application/app.py", line 678, in run
runApp(config)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/scripts/twistd.py", line 30, in runApp
runner.run()
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/application/app.py", line 372, in run
self.application = self.createOrGetApplication()
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/application/app.py", line 434, in createOrGetApplication
ser = plg.makeService(self.config.subOptions)
--- <exception caught here> ---
File "/cowrie/cowrie-git/src/twisted/plugins/cowrie_plugin.py", line 148, in makeService
globals(), locals(), ['output']).Output()
File "/cowrie/cowrie-git/src/cowrie/output/mysql.py", line 6, in <module>
import MySQLdb
File "/cowrie/cowrie-env/lib/python3.7/site-packages/MySQLdb/__init__.py", line 24, in <module>
version_info, _mysql.version_info, _mysql.__file__
builtins.NameError: name '_mysql' is not defined
2021-03-25T12:38:35+0000 [-] Failed to load output engine: mysql
After digging a bit deeper, I just found the libmariadb.so.3
appears to be missing.
docker exec -it lol bash
. ~/cowrie-env/bin/activate
python -c "import MySQLdb"
Produces the following exception:
Traceback (most recent call last):
File "/cowrie/cowrie-env/lib/python3.7/site-packages/MySQLdb/__init__.py", line 18, in <module>
from . import _mysql
ImportError: libmariadb.so.3: cannot open shared object file: No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/cowrie/cowrie-env/lib/python3.7/site-packages/MySQLdb/__init__.py", line 24, in <module>
version_info, _mysql.version_info, _mysql.__file__
NameError: name '_mysql' is not defined
I have no idea what's happening, since the Dockerfile already installed default-libmysqlclient-dev
which should have install related libraries.
I've searched lib folders for this file, but with no luck. Any help is appreciated.
I am trying to persist the cowrie log files running on docker. My docker compose file is:
honey:
image: cowrie/cowrie:latest
restart: always
ports:
- "2222:2222"
- "2223:2223"
volumes:
- "./logs:/var"
- ./configs:/etc"
The etc folder is correctly mapped, however, the var folder is empty. I did not touch the cowrie.cfg configuration file at the moment. What am I missing?
Sending logs with docker logging driver:
logging:
driver: syslog
options:
syslog-address: "tcp://localhost:1330"
current log:
Dec 18 10:14:24 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:14:24+0000 [HoneyPotSSHTransport,171,172.20.0.1] connection lost
Dec 18 10:14:24 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:14:24+0000 [HoneyPotSSHTransport,171,172.20.0.1] Connection lost after 1 seconds
Dec 18 10:23:07 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:07+0000 [cowrie.ssh.factory.CowrieSSHFactory] No moduli, no diffie-hellman-group-exchange-sha1
Dec 18 10:23:07 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:07+0000 [cowrie.ssh.factory.CowrieSSHFactory] No moduli, no diffie-hellman-group-exchange-sha256
Dec 18 10:23:07 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:07+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 172.20.0.1:51514 (172.20.0.2:2222) [session: ab99da750ef5]
Dec 18 10:23:07 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:07+0000 [HoneyPotSSHTransport,172,172.20.0.1] Remote SSH version: b'SSH-2.0-libssh-0.6.3'
Dec 18 10:23:07 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:07+0000 [HoneyPotSSHTransport,172,172.20.0.1] SSH client hassh fingerprint: 51cba57125523ce4b9db67714a90bf6e
Dec 18 10:23:07 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:07+0000 [HoneyPotSSHTransport,172,172.20.0.1] kex alg, key alg: b'ecdh-sha2-nistp256' b'ssh-rsa'
Dec 18 10:23:07 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:07+0000 [HoneyPotSSHTransport,172,172.20.0.1] outgoing: b'aes256-ctr' b'hmac-sha1' b'none'
Dec 18 10:23:07 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:07+0000 [HoneyPotSSHTransport,172,172.20.0.1] incoming: b'aes256-ctr' b'hmac-sha1' b'none'
Dec 18 10:23:08 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:08+0000 [HoneyPotSSHTransport,172,172.20.0.1] NEW KEYS
Dec 18 10:23:08 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:08+0000 [HoneyPotSSHTransport,172,172.20.0.1] starting service b'ssh-userauth'
Dec 18 10:23:08 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:08+0000 [SSHService b'ssh-userauth' on HoneyPotSSHTransport,172,172.20.0.1] b'nexus' trying auth b'password'
Dec 18 10:23:08 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:08+0000 [SSHService b'ssh-userauth' on HoneyPotSSHTransport,172,172.20.0.1] Could not read etc/userdb.txt, default database activated
Dec 18 10:23:08 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:08+0000 [SSHService b'ssh-userauth' on HoneyPotSSHTransport,172,172.20.0.1] login attempt [b'nexus'/b'nexusnexus'] failed
Dec 18 10:23:09 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:09+0000 [-] b'nexus' failed auth b'password'
Dec 18 10:23:09 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:09+0000 [-] unauthorized login:
Dec 18 10:23:09 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:09+0000 [HoneyPotSSHTransport,172,172.20.0.1] Got remote error, code 11
Dec 18 10:23:09 my_server_ip cbd73376dd7d[8014]: reason: b'Bye Bye'
Dec 18 10:23:09 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:09+0000 [HoneyPotSSHTransport,172,172.20.0.1] connection lost
Dec 18 10:23:09 my_server_ip cbd73376dd7d[8014]: 2018-12-18T10:23:09+0000 [HoneyPotSSHTransport,172,172.20.0.1] Connection lost after 1 seconds
172.20.0.1 - docker network interface
Hi All,
need your help
I have deployed cowrie honeypot, I am getting logs in the below format, can you please me to get logs in json format instead of a string.
2021-05-18T14:26:24.763743919Z stdout F 2021-05-18T14:26:24+0000 [stdout#info] jsonlog: Can't serialize: '{'eventid': 'cowrie.login.success', 'username': b'root', 'password': b'kumar', 'message': "login attempt [b'root'/b'kumar'] succeeded", 'sensor': 'cowrie-app-667d44f77-kcdzb', 'timestamp': '2021-05-18T14:26:24.763361Z', 'src_ip': '192.0.2.1', 'session': '24221d408f3c'}'
one latest VC, I am not getting Src_ip and user name and password fields only getting direct user details and password, old cowries has above logs but its in string format.
Can you please help me to get it in json format
Many thanks in advance.
Describe the bug
After configuring the S3 output, when cowrie tries to check for the existence of a file it fails with a 403 Forbidden error.
To Reproduce
Steps to reproduce the behavior:
cowrie
){
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::cowrie/*"
],
"Sid": ""
}
]
}
[output_s3]
enabled = true
access_key_id = MYKEY
secret_access_key = MYSECRETACCESSKEY
bucket = cowrie
region = MY-REGION
endpoint = https://s3.example.com:9000
wget
and/or curl
The logs show the following 403 Forbidden
error:
2020-03-23T17:03:52+0000 [twisted.internet.defer#critical] Unhandled error in Deferred:
2020-03-23T17:03:52+0000 [twisted.internet.defer#critical]
Traceback (most recent call last):
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 501, in errback
self._startRunCallbacks(fail)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 568, in _startRunCallbacks
self._runCallbacks()
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 654, in _runCallbacks
current.result = callback(current.result, *args, **kw)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 1475, in gotResult
_inlineCallbacks(r, g, status)
--- <exception caught here> ---
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks
result = result.throwExceptionIntoGenerator(g)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator
return g.throw(self.type, self.value, self.tb)
File "/cowrie/cowrie-git/src/cowrie/output/s3.py", line 77, in upload
exists = yield self._object_exists_remote(shasum)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 1416, in _inlineCallbacks
result = result.throwExceptionIntoGenerator(g)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/failure.py", line 512, in throwExceptionIntoGenerator
return g.throw(self.type, self.value, self.tb)
File "/cowrie/cowrie-git/src/cowrie/output/s3.py", line 62, in _object_exists_remote
Key=shasum,
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/threadpool.py", line 250, in inContext
result = inContext.theWork()
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/threadpool.py", line 266, in <lambda>
inContext.theWork = lambda: context.call(ctx, func, *args, **kw)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/context.py", line 122, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/context.py", line 85, in callWithContext
return func(*args,**kw)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/botocore/client.py", line 316, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/botocore/client.py", line 626, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (403) when calling the HeadObject operation: Forbidden
Expected behavior
The file should be correctly uploaded to the bucket.
Additional context
I digged into the code for the s3 output and literally copied the steps made to connect and check for a file existence on S3 (the HeadObject operation that fails), which are the following:
from botocore.session import get_session
s = get_session()
s.set_credentials('MYKEY', 'MYSECRETACCESSKEY')
c = s.create_client('s3', region_name='MY-REGION', endpoint_url='https://s3.example.com:9000', verify=True)
c.head_object(Bucket='cowrie', Key='87950f295806b70d88a6853a51d5cef5d61d1721a412765fb610a6f5bcc144fd')
executing it in a simple python virtual environment with botocore
installed (same version as in the docker-cowrie image) results in, as expected, a 404 Not Found
exception:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Users\kuax\dev\exys\tmp\s3cmd\venv\lib\site-packages\botocore\client.py", line 316, in _api_call
return self._make_api_call(operation_name, kwargs)
File "C:\Users\kuax\dev\exys\tmp\s3cmd\venv\lib\site-packages\botocore\client.py", line 626, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (404) when calling the HeadObject operation: Not Found
This makes me think that it isn't an issue with using the S3-compatible object storage, but there might be something in docker-cowrie?
Not sure what else to test at this point though... I even tried hard-coding the configuration in the s3.py
file, just to check if it is an error with the loading of the configuration, but no, the error remains...
When building the image the following is outputted.
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = "en_US.UTF-8",
LC_ALL = "en_US.UTF-8",
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
Is
ENV LC_ALL=en_US.UTF-8 \
LANG=en_US.UTF-8 \
LANGUAGE=en_US.UTF-8
still required in the Dockerfile to resolve issues mentioned?
Running locale -a within the debian:buster-slim container shows
C
C.UTF-8
POSIX
are available, should we use C.UTF-8 instead or do we need to install en_US.UTF-8 to prevent any issues?
Thanks,
Luke
I can get Cowrie up and running, but I'm modifying the configuration file: cowrie/etc/cowrie.cfg.dist After dist, commit the docker, and when run has the new image, the previous modifications to the configuration file, are not saved. I hope the author can make a response to this situation. Thank you for making such an excellent product!
I'm currently trying to build an image based on this repo for my raspberry pi 4.
I cloned the repository and tryed building the image with 'make all'.
This however fails at the steps where is tries to build wheels for the packages bcrypt & cryptography
Make log:
docker build -t cowrie:devel .
Sending build context to Docker daemon 23.04kB
Step 1/27 : ARG ARCH=
Step 2/27 : FROM ${ARCH}debian:buster-slim as builder
---> de61cd3ba365
Step 3/27 : LABEL maintainer="Michel Oosterhof <[email protected]>"
---> Using cache
---> 5746fcd36426
Step 4/27 : WORKDIR /
---> Using cache
---> 574292dee636
Step 5/27 : ENV COWRIE_GROUP=cowrie COWRIE_USER=cowrie COWRIE_HOME=/cowrie
---> Using cache
---> 41ca3c752d4c
Step 6/27 : ENV LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 LANGUAGE=en_US.UTF-8
---> Using cache
---> 7cea05733a51
Step 7/27 : RUN groupadd -r -g 1000 ${COWRIE_GROUP} && useradd -r -u 1000 -d ${COWRIE_HOME} -m -g ${COWRIE_GROUP} ${COWRIE_USER}
---> Using cache
---> 852edfea6269
Step 8/27 : RUN export DEBIAN_FRONTEND=noninteractive; apt-get update && apt-get install -y -o APT::Install-Suggests=false -o APT::Install-Recommends=false python3-pip libssl-dev ca-certificates libffi-dev python3-dev python3-venv python3 gcc git build-essential python3-virtualenv libsnappy-dev default-libmysqlclient-dev && rm -rf /var/lib/apt/lists/*
---> Using cache
---> 21516b7b3aa6
Step 9/27 : USER ${COWRIE_USER}
---> Using cache
---> 6d205a4df692
Step 10/27 : RUN git clone --separate-git-dir=/tmp/cowrie.git https://github.com/cowrie/cowrie ${COWRIE_HOME}/cowrie-git && cd ${COWRIE_HOME} && python3 -m venv cowrie-env && . cowrie-env/bin/activate && pip install --no-cache-dir --upgrade pip && pip install --no-cache-dir --upgrade cffi && pip install --no-cache-dir --upgrade setuptools && pip install --no-cache-dir --upgrade -r ${COWRIE_HOME}/cowrie-git/requirements.txt && pip install --no-cache-dir --upgrade -r ${COWRIE_HOME}/cowrie-git/requirements-output.txt
---> Running in 637303e72ac2
Cloning into '/cowrie/cowrie-git'...
Checking out files: 100% (384/384), done.
Collecting pip
Downloading https://files.pythonhosted.org/packages/cd/6f/43037c7bcc8bd8ba7c9074256b1a11596daa15555808ec748048c1507f08/pip-21.1.1-py3-none-any.whl (1.5MB)
Installing collected packages: pip
Found existing installation: pip 18.1
Uninstalling pip-18.1:
Successfully uninstalled pip-18.1
Successfully installed pip-21.1.1
Collecting cffi
Downloading cffi-1.14.5.tar.gz (475 kB)
Collecting pycparser
Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)
Using legacy 'setup.py install' for cffi, since package 'wheel' is not installed.
Installing collected packages: pycparser, cffi
Running setup.py install for cffi: started
Running setup.py install for cffi: finished with status 'done'
Successfully installed cffi-1.14.5 pycparser-2.20
Requirement already satisfied: setuptools in ./cowrie-env/lib/python3.7/site-packages (40.8.0)
Collecting setuptools
Downloading setuptools-56.2.0-py3-none-any.whl (785 kB)
Installing collected packages: setuptools
Attempting uninstall: setuptools
Found existing installation: setuptools 40.8.0
Uninstalling setuptools-40.8.0:
Successfully uninstalled setuptools-40.8.0
Successfully installed setuptools-56.2.0
Collecting appdirs==1.4.4
Downloading appdirs-1.4.4-py2.py3-none-any.whl (9.6 kB)
Collecting attrs==20.3.0
Downloading attrs-20.3.0-py2.py3-none-any.whl (49 kB)
Collecting bcrypt==3.2.0
Downloading bcrypt-3.2.0.tar.gz (42 kB)
Installing build dependencies: started
Installing build dependencies: finished with status 'done'
Getting requirements to build wheel: started
Getting requirements to build wheel: finished with status 'done'
Preparing wheel metadata: started
Preparing wheel metadata: finished with status 'done'
Collecting configparser==5.0.2
Downloading configparser-5.0.2-py3-none-any.whl (19 kB)
Collecting cryptography==3.4.7
Downloading cryptography-3.4.7.tar.gz (546 kB)
Installing build dependencies: started
Installing build dependencies: finished with status 'done'
Getting requirements to build wheel: started
Getting requirements to build wheel: finished with status 'done'
Preparing wheel metadata: started
Preparing wheel metadata: finished with status 'done'
Collecting packaging==20.9
Downloading packaging-20.9-py2.py3-none-any.whl (40 kB)
Collecting pyasn1_modules==0.2.8
Downloading pyasn1_modules-0.2.8-py2.py3-none-any.whl (155 kB)
Collecting pyopenssl==20.0.1
Downloading pyOpenSSL-20.0.1-py2.py3-none-any.whl (54 kB)
Collecting pyparsing==2.4.7
Downloading pyparsing-2.4.7-py2.py3-none-any.whl (67 kB)
Collecting python-dateutil==2.8.1
Downloading python_dateutil-2.8.1-py2.py3-none-any.whl (227 kB)
Collecting service_identity==18.1.0
Downloading service_identity-18.1.0-py2.py3-none-any.whl (11 kB)
Collecting tftpy==0.8.0
Downloading tftpy-0.8.0.tar.gz (32 kB)
Collecting treq==21.1.0
Downloading treq-21.1.0-py2.py3-none-any.whl (64 kB)
Collecting twisted==21.2.0
Downloading Twisted-21.2.0-py3-none-any.whl (3.1 MB)
Collecting six>=1.4.1
Downloading six-1.16.0-py2.py3-none-any.whl (11 kB)
Requirement already satisfied: cffi>=1.1 in ./cowrie-env/lib/python3.7/site-packages (from bcrypt==3.2.0->-r /cowrie/cowrie-git/requirements.txt (line 3)) (1.14.5)
Collecting pyasn1<0.5.0,>=0.4.6
Downloading pyasn1-0.4.8-py2.py3-none-any.whl (77 kB)
Collecting hyperlink>=21.0.0
Downloading hyperlink-21.0.0-py2.py3-none-any.whl (74 kB)
Collecting requests>=2.1.0
Downloading requests-2.25.1-py2.py3-none-any.whl (61 kB)
Collecting incremental
Downloading incremental-21.3.0-py2.py3-none-any.whl (15 kB)
Collecting Automat>=0.8.0
Downloading Automat-20.2.0-py2.py3-none-any.whl (31 kB)
Collecting zope.interface>=4.4.2
Downloading zope.interface-5.4.0.tar.gz (249 kB)
Collecting constantly>=15.1
Downloading constantly-15.1.0-py2.py3-none-any.whl (7.9 kB)
Requirement already satisfied: pycparser in ./cowrie-env/lib/python3.7/site-packages (from cffi>=1.1->bcrypt==3.2.0->-r /cowrie/cowrie-git/requirements.txt (line 3)) (2.20)
Collecting idna>=2.5
Downloading idna-3.1-py3-none-any.whl (58 kB)
Collecting urllib3<1.27,>=1.21.1
Downloading urllib3-1.26.4-py2.py3-none-any.whl (153 kB)
Collecting idna>=2.5
Downloading idna-2.10-py2.py3-none-any.whl (58 kB)
Collecting chardet<5,>=3.0.2
Downloading chardet-4.0.0-py2.py3-none-any.whl (178 kB)
Collecting certifi>=2017.4.17
Downloading certifi-2020.12.5-py2.py3-none-any.whl (147 kB)
Requirement already satisfied: setuptools in ./cowrie-env/lib/python3.7/site-packages (from zope.interface>=4.4.2->twisted==21.2.0->-r /cowrie/cowrie-git/requirements.txt (line 14)) (56.2.0)
Using legacy 'setup.py install' for tftpy, since package 'wheel' is not installed.
Using legacy 'setup.py install' for zope.interface, since package 'wheel' is not installed.
Building wheels for collected packages: bcrypt, cryptography
Building wheel for bcrypt (PEP 517): started
Building wheel for bcrypt (PEP 517): finished with status 'done'
Created wheel for bcrypt: filename=bcrypt-3.2.0-cp37-cp37m-linux_armv7l.whl size=57888 sha256=023858dec4ca52d3a2d8dd5f4fd9e1fb1368803e49b0d50c81afb1cdd48b7159
Stored in directory: /tmp/pip-ephem-wheel-cache-dp9hiy06/wheels/c8/ef/5b/5866ddf8e9944d7968fcb3782ad6a68f234bdd13ec3b04ee7c
Building wheel for cryptography (PEP 517): started
Building wheel for cryptography (PEP 517): finished with status 'error'
ERROR: Command errored out with exit status 1:
command: /cowrie/cowrie-env/bin/python3 /cowrie/cowrie-env/lib/python3.7/site-packages/pip/_vendor/pep517/in_process/_in_process.py build_wheel /tmp/tmp2j9iwgan
cwd: /tmp/pip-install-u11k6qm1/cryptography_ce2a7c4c62234713bf1820f2ce1192b0
Complete output (165 lines):
running bdist_wheel
running build
running build_py
creating build
creating build/lib.linux-armv7l-3.7
creating build/lib.linux-armv7l-3.7/cryptography
copying src/cryptography/__about__.py -> build/lib.linux-armv7l-3.7/cryptography
copying src/cryptography/utils.py -> build/lib.linux-armv7l-3.7/cryptography
copying src/cryptography/exceptions.py -> build/lib.linux-armv7l-3.7/cryptography
copying src/cryptography/fernet.py -> build/lib.linux-armv7l-3.7/cryptography
copying src/cryptography/__init__.py -> build/lib.linux-armv7l-3.7/cryptography
creating build/lib.linux-armv7l-3.7/cryptography/x509
copying src/cryptography/x509/oid.py -> build/lib.linux-armv7l-3.7/cryptography/x509
copying src/cryptography/x509/name.py -> build/lib.linux-armv7l-3.7/cryptography/x509
copying src/cryptography/x509/extensions.py -> build/lib.linux-armv7l-3.7/cryptography/x509
copying src/cryptography/x509/certificate_transparency.py -> build/lib.linux-armv7l-3.7/cryptography/x509
copying src/cryptography/x509/base.py -> build/lib.linux-armv7l-3.7/cryptography/x509
copying src/cryptography/x509/ocsp.py -> build/lib.linux-armv7l-3.7/cryptography/x509
copying src/cryptography/x509/general_name.py -> build/lib.linux-armv7l-3.7/cryptography/x509
copying src/cryptography/x509/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/x509
creating build/lib.linux-armv7l-3.7/cryptography/hazmat
copying src/cryptography/hazmat/_der.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat
copying src/cryptography/hazmat/_types.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat
copying src/cryptography/hazmat/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat
copying src/cryptography/hazmat/_oid.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat
creating build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
copying src/cryptography/hazmat/primitives/poly1305.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
copying src/cryptography/hazmat/primitives/_asymmetric.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
copying src/cryptography/hazmat/primitives/padding.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
copying src/cryptography/hazmat/primitives/constant_time.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
copying src/cryptography/hazmat/primitives/_cipheralgorithm.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
copying src/cryptography/hazmat/primitives/hashes.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
copying src/cryptography/hazmat/primitives/_serialization.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
copying src/cryptography/hazmat/primitives/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
copying src/cryptography/hazmat/primitives/keywrap.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
copying src/cryptography/hazmat/primitives/hmac.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
copying src/cryptography/hazmat/primitives/cmac.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives
creating build/lib.linux-armv7l-3.7/cryptography/hazmat/backends
copying src/cryptography/hazmat/backends/interfaces.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends
copying src/cryptography/hazmat/backends/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends
creating build/lib.linux-armv7l-3.7/cryptography/hazmat/bindings
copying src/cryptography/hazmat/bindings/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/bindings
creating build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
copying src/cryptography/hazmat/primitives/asymmetric/rsa.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
copying src/cryptography/hazmat/primitives/asymmetric/ed25519.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
copying src/cryptography/hazmat/primitives/asymmetric/padding.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
copying src/cryptography/hazmat/primitives/asymmetric/ed448.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
copying src/cryptography/hazmat/primitives/asymmetric/utils.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
copying src/cryptography/hazmat/primitives/asymmetric/x25519.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
copying src/cryptography/hazmat/primitives/asymmetric/dsa.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
copying src/cryptography/hazmat/primitives/asymmetric/dh.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
copying src/cryptography/hazmat/primitives/asymmetric/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
copying src/cryptography/hazmat/primitives/asymmetric/x448.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
copying src/cryptography/hazmat/primitives/asymmetric/ec.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/asymmetric
creating build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/kdf
copying src/cryptography/hazmat/primitives/kdf/kbkdf.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/kdf
copying src/cryptography/hazmat/primitives/kdf/hkdf.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/kdf
copying src/cryptography/hazmat/primitives/kdf/concatkdf.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/kdf
copying src/cryptography/hazmat/primitives/kdf/x963kdf.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/kdf
copying src/cryptography/hazmat/primitives/kdf/pbkdf2.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/kdf
copying src/cryptography/hazmat/primitives/kdf/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/kdf
copying src/cryptography/hazmat/primitives/kdf/scrypt.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/kdf
creating build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/ciphers
copying src/cryptography/hazmat/primitives/ciphers/algorithms.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/ciphers
copying src/cryptography/hazmat/primitives/ciphers/modes.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/ciphers
copying src/cryptography/hazmat/primitives/ciphers/aead.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/ciphers
copying src/cryptography/hazmat/primitives/ciphers/base.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/ciphers
copying src/cryptography/hazmat/primitives/ciphers/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/ciphers
creating build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/twofactor
copying src/cryptography/hazmat/primitives/twofactor/hotp.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/twofactor
copying src/cryptography/hazmat/primitives/twofactor/utils.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/twofactor
copying src/cryptography/hazmat/primitives/twofactor/totp.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/twofactor
copying src/cryptography/hazmat/primitives/twofactor/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/twofactor
creating build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/serialization
copying src/cryptography/hazmat/primitives/serialization/pkcs7.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/serialization
copying src/cryptography/hazmat/primitives/serialization/pkcs12.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/serialization
copying src/cryptography/hazmat/primitives/serialization/base.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/serialization
copying src/cryptography/hazmat/primitives/serialization/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/serialization
copying src/cryptography/hazmat/primitives/serialization/ssh.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/primitives/serialization
creating build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/ciphers.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/poly1305.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/rsa.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/x509.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/ed25519.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/encode_asn1.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/decode_asn1.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/ed448.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/utils.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/hashes.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/x25519.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/dsa.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/aead.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/backend.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/ocsp.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/dh.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/x448.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/hmac.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/ec.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
copying src/cryptography/hazmat/backends/openssl/cmac.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/backends/openssl
creating build/lib.linux-armv7l-3.7/cryptography/hazmat/bindings/openssl
copying src/cryptography/hazmat/bindings/openssl/_conditional.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/bindings/openssl
copying src/cryptography/hazmat/bindings/openssl/binding.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/bindings/openssl
copying src/cryptography/hazmat/bindings/openssl/__init__.py -> build/lib.linux-armv7l-3.7/cryptography/hazmat/bindings/openssl
running egg_info
writing src/cryptography.egg-info/PKG-INFO
writing dependency_links to src/cryptography.egg-info/dependency_links.txt
writing requirements to src/cryptography.egg-info/requires.txt
writing top-level names to src/cryptography.egg-info/top_level.txt
adding license file 'LICENSE.APACHE' (matched pattern 'LICEN[CS]E*')
adding license file 'LICENSE.PSF' (matched pattern 'LICEN[CS]E*')
adding license file 'LICENSE.BSD' (matched pattern 'LICEN[CS]E*')
adding license file 'LICENSE' (matched pattern 'LICEN[CS]E*')
reading manifest file 'src/cryptography.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
no previously-included directories found matching 'docs/_build'
warning: no previously-included files found matching 'vectors'
warning: no previously-included files matching '*' found under directory 'vectors'
warning: no previously-included files matching '*' found under directory '.github'
warning: no previously-included files found matching 'release.py'
warning: no previously-included files found matching '.coveragerc'
warning: no previously-included files found matching 'codecov.yml'
warning: no previously-included files found matching '.readthedocs.yml'
warning: no previously-included files found matching 'dev-requirements.txt'
warning: no previously-included files found matching 'tox.ini'
warning: no previously-included files found matching 'mypy.ini'
warning: no previously-included files matching '*' found under directory '.zuul.d'
warning: no previously-included files matching '*' found under directory '.zuul.playbooks'
writing manifest file 'src/cryptography.egg-info/SOURCES.txt'
copying src/cryptography/py.typed -> build/lib.linux-armv7l-3.7/cryptography
running build_ext
generating cffi module 'build/temp.linux-armv7l-3.7/_padding.c'
creating build/temp.linux-armv7l-3.7
generating cffi module 'build/temp.linux-armv7l-3.7/_openssl.c'
running build_rust
=============================DEBUG ASSISTANCE=============================
If you are seeing a compilation error please try the following steps to
successfully install cryptography:
1) Upgrade to the latest pip and try again. This will fix errors for most
users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip
2) Read https://cryptography.io/en/latest/installation.html for specific
instructions for your platform.
3) Check our frequently asked questions for more information:
https://cryptography.io/en/latest/faq.html
4) Ensure you have a recent Rust toolchain installed:
https://cryptography.io/en/latest/installation.html#rust
5) If you are experiencing issues with Rust for *this release only* you may
set the environment variable `CRYPTOGRAPHY_DONT_BUILD_RUST=1`.
=============================DEBUG ASSISTANCE=============================
error: can't find Rust compiler
If you are using an outdated pip version, it is possible a prebuilt wheel is available for this package but pip is not able to install from it. Installing from the wheel would avoid the need for a Rust compiler.
To update pip, run:
pip install --upgrade pip
and then retry package installation.
If you did intend to build this package from source, try installing a Rust compiler from your system package manager and ensure it is on the PATH during installation. Alternatively, rustup (available at https://rustup.rs) is the recommended way to download and update the Rust compiler toolchain.
This package requires Rust >=1.41.0.
----------------------------------------
ERROR: Failed building wheel for cryptography
Successfully built bcrypt
Failed to build cryptography
ERROR: Could not build wheels for cryptography which use PEP 517 and cannot be installed directly
The command '/bin/sh -c git clone --separate-git-dir=/tmp/cowrie.git https://github.com/cowrie/cowrie ${COWRIE_HOME}/cowrie-git && cd ${COWRIE_HOME} && python3 -m venv cowrie-env && . cowrie-env/bin/activate && pip install --no-cache-dir --upgrade pip && pip install --no-cache-dir --upgrade cffi && pip install --no-cache-dir --upgrade setuptools && pip install --no-cache-dir --upgrade -r ${COWRIE_HOME}/cowrie-git/requirements.txt && pip install --no-cache-dir --upgrade -r ${COWRIE_HOME}/cowrie-git/requirements-output.txt' returned a non-zero code: 1
make: *** [Makefile:20: build] Fehler 1
I was unable to build the image on Raspberry Pi 3:
Preparing wheel metadata: started
Preparing wheel metadata: finished with status 'error'
ERROR: Complete output from command /cowrie/cowrie-env/bin/python3 /cowrie/cowrie-env/lib/python3.5/site-packages/pip/_vendor/pep517/_in_process.py prepare_metadata_for_build_wheel /tmp/tmpk982pkrt:
ERROR: Traceback (most recent call last):
File "/cowrie/cowrie-env/lib/python3.5/site-packages/pip/_vendor/pep517/_in_process.py", line 207, in <module>
main()
File "/cowrie/cowrie-env/lib/python3.5/site-packages/pip/_vendor/pep517/_in_process.py", line 197, in main
json_out['return_val'] = hook(**hook_input['kwargs'])
File "/cowrie/cowrie-env/lib/python3.5/site-packages/pip/_vendor/pep517/_in_process.py", line 69, in prepare_metadata_for_build_wheel
return hook(metadata_directory, config_settings)
File "/tmp/pip-build-env-1wbut0kg/overlay/lib/python3.5/site-packages/poetry/masonry/api.py", line 49, in prepare_metadata_for_build_wheel
builder._write_metadata_file(f)
File "/tmp/pip-build-env-1wbut0kg/overlay/lib/python3.5/site-packages/poetry/masonry/builders/wheel.py", line 314, in _write_metadata_file
fp.write(decode(self.get_metadata_content()))
UnicodeEncodeError: 'ascii' codec can't encode character '\xe9' in position 178: ordinal not in range(128)
----------------------------------------
ERROR: Command "/cowrie/cowrie-env/bin/python3 /cowrie/cowrie-env/lib/python3.5/site-packages/pip/_vendor/pep517/_in_process.py prepare_metadata_for_build_wheel /tmp/tmpk982pkrt" failed with error code 1 in /tmp/pip-install-jpxknzh3/pendulum
The command '/bin/sh -c git clone --separate-git-dir=/tmp/cowrie.git http://github.com/cowrie/cowrie ${COWRIE_HOME}/cowrie-git && cd ${COWRIE_HOME} && python3 -m venv cowrie-env && . cowrie-env/bin/activate && pip install --no-cache-dir --upgrade pip && pip install --no-cache-dir --upgrade cffi && pip install --no-cache-dir --upgrade setuptools && pip install --no-cache-dir --upgrade -r ${COWRIE_HOME}/cowrie-git/requirements.txt && pip install --no-cache-dir --upgrade -r ${COWRIE_HOME}/cowrie-git/requirements-output.txt' returned a non-zero code: 1
Makefile:10: recipe for target 'build' failed
make: *** [build] Error 1
Would it be possible to provide a pre-built ARM-image on the Docker Hub? The Raspi is ideal for a small standalone honeypot.
There used to be a FTP client installed in the Cowrie container. Was this removed deliberately or was this removed by accident? I was not able to find any changes which would have caused this.
running inside latest docker on ubuntu20.04 host with docker-cowrie commit e39a583 getting issues at console:
2021-05-22T19:53:12+0000 [-] Timeout reached in CowrieTelnetTransport
2021-05-22T19:53:12+0000 [-] Process ended. Telnet Session disconnected: [Failure instance: Traceback (failure with no frames): <class 'twisted.internet.error.ProcessTerminated'>: A process has ended with a probable error condition: process ended with exit code 1.
]
2021-05-22T19:53:12+0000 [twisted.internet.defer#critical] Unhandled error in Deferred:
2021-05-22T19:53:12+0000 [twisted.internet.defer#critical]
Traceback (most recent call last):
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 517, in errback
self._startRunCallbacks(fail)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 580, in _startRunCallbacks
self._runCallbacks()
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 662, in _runCallbacks
current.result = callback(current.result, *args, **kw)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 1514, in gotResult
current_context.run(_inlineCallbacks, r, g, status)
--- <exception caught here> ---
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 1443, in _inlineCallbacks
result = current_context.run(result.throwExceptionIntoGenerator, g)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/failure.py", line 500, in throwExceptionIntoGenerator
return g.throw(self.type, self.value, self.tb)
File "/cowrie/cowrie-git/src/cowrie/output/mysql.py", line 98, in write
f"SELECT `id`\" \"FROM `sensors`\" \"WHERE `ip` = {self.sensor}"
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/threadpool.py", line 238, in inContext
result = inContext.theWork() # type: ignore[attr-defined]
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/threadpool.py", line 255, in <lambda>
ctx, func, *args, **kw
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/context.py", line 118, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/context.py", line 83, in callWithContext
return func(*args, **kw)
File "/cowrie/cowrie-git/src/cowrie/output/mysql.py", line 31, in _runInteraction
return adbapi.ConnectionPool._runInteraction(self, interaction, *args, **kw)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/enterprise/adbapi.py", line 456, in _runInteraction
compat.reraise(excValue, excTraceback)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/deprecate.py", line 298, in deprecatedFunction
return function(*args, **kwargs)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/python/compat.py", line 403, in reraise
raise exception.with_traceback(traceback)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/enterprise/adbapi.py", line 446, in _runInteraction
result = interaction(trans, *args, **kw)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/enterprise/adbapi.py", line 459, in _runQuery
trans.execute(*args, **kw)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/MySQLdb/cursors.py", line 206, in execute
res = self._query(query)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/MySQLdb/cursors.py", line 319, in _query
db.query(q)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/MySQLdb/connections.py", line 259, in query
_mysql.connection.query(self, query)
MySQLdb._exceptions.ProgrammingError: (1064, 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'" "WHERE `ip` = 246f7ad57fab\' at line 1')
sniffed what was sent to mysql server:
root@mix:/var/log/mysql# ngrep -d ens3 port 3306 |grep -i sensors
9....SELECT `id`" "FROM `sensors`" "WHERE `ip` = c10236e10d2c
9....SELECT `id`" "FROM `sensors`" "WHERE `ip` = d7f5ebafab52
9....SELECT `id`" "FROM `sensors`" "WHERE `ip` = 3ecb3109d841
9....SELECT `id`" "FROM `sensors`" "WHERE `ip` = c10236e10d2c
9....SELECT `id`" "FROM `sensors`" "WHERE `ip` = 3ecb3109d841
9....SELECT `id`" "FROM `sensors`" "WHERE `ip` = 3ecb3109d841
9....SELECT `id`" "FROM `sensors`" "WHERE `ip` = 3ecb3109d841
9....SELECT `id`" "FROM `sensors`" "WHERE `ip` = 3ecb3109d841
there seems to be a formatting issue at first sight.
I keep getting this error while trying to run the 'stingar/cowrie' docker version of cowrie on a Raspberry pi 4 / armv7 install.
This command: sudo docker run stingar/cowrie:master
All I can read up on it is that it relates to a ssh key on the developers side of the project of github?
This was the website I got it from:
https://hub.docker.com/r/stingar/cowrie/tags
Using this: docker pull stingar/cowrie:master
I'm not sure how else to fix it on my side of things. Hopefully this is the correct github page to post this as well.
Can docker-cowrie replace cowire completely?
When I enter the container, there is no mysql command。
2018-11-19T06:55:53+0000 [-] Python Version 3.5.3 (default, Sep 27 2018, 17:25:39) [GCC 6.3.0 20170516]
2018-11-19T06:55:53+0000 [-] Twisted Version 18.9.0
2018-11-19T06:55:53+0000 [-] Loaded output engine: jsonlog
2018-11-19T06:55:53+0000 [-] Early version of hpfeeds-output, untested!
2018-11-19T06:55:53+0000 [-] hpfeeds client init broker 106.75.178.69:10000, identifier bdc2c520-ea3d-11e8-bed7-52540059f14b
2018-11-19T06:55:53+0000 [-] Unhandled Error
Traceback (most recent call last):
File "/cowrie/cowrie-env/lib/python3.5/site-packages/twisted/application/app.py", line 674, in run
runApp(config)
File "/cowrie/cowrie-env/lib/python3.5/site-packages/twisted/scripts/twistd.py", line 25, in runApp
runner.run()
File "/cowrie/cowrie-env/lib/python3.5/site-packages/twisted/application/app.py", line 381, in run
self.application = self.createOrGetApplication()
File "/cowrie/cowrie-env/lib/python3.5/site-packages/twisted/application/app.py", line 448, in createOrGetApplication
ser = plg.makeService(self.config.subOptions)
--- <exception caught here> ---
File "/cowrie/cowrie-git/src/twisted/plugins/cowrie_plugin.py", line 127, in makeService
globals(), locals(), ['output']).Output()
File "/cowrie/cowrie-git/src/cowrie/output/hpfeeds.py", line 258, in __init__
cowrie.core.output.Output.__init__(self)
File "/cowrie/cowrie-git/src/cowrie/core/output.py", line 97, in __init__
self.start()
File "/cowrie/cowrie-git/src/cowrie/output/hpfeeds.py", line 267, in start
self.client = hpclient(server, port, ident, secret, debug)
File "/cowrie/cowrie-git/src/cowrie/output/hpfeeds.py", line 129, in __init__
self.connect()
File "/cowrie/cowrie-git/src/cowrie/output/hpfeeds.py", line 143, in connect
self.handle_established()
File "/cowrie/cowrie-git/src/cowrie/output/hpfeeds.py", line 161, in handle_established
self.read()
File "/cowrie/cowrie-git/src/cowrie/output/hpfeeds.py", line 184, in read
for opcode, data in self.unpacker:
builtins.TypeError: iter() returned non-iterator of type 'FeedUnpack'
2018-11-19T06:55:53+0000 [-] Failed to load output engine: hpfeeds
2018-11-19T06:55:53+0000 [twisted.scripts._twistd_unix.UnixAppLogger#info] twistd 18.9.0 (/cowrie/cowrie-env/bin/python3 3.5.3) starting up.
2018-11-19T06:55:53+0000 [twisted.scripts._twistd_unix.UnixAppLogger#info] reactor class: twisted.internet.epollreactor.EPollReactor.
2018-11-19T06:55:53+0000 [-] CowrieSSHFactory starting on 2222
2018-11-19T06:55:53+0000 [cowrie.ssh.factory.CowrieSSHFactory#info] Starting factory <cowrie.ssh.factory.CowrieSSHFactory object at 0x7f9846ca7860>
2018-11-19T06:55:53+0000 [-] Ready to accept SSH connections
Hi @micheloosterhof! I experience an issue with broken authentication records using the cowrie/cowrie:latest image. The issue persists for at least 1 month (when I deployed it the first time) and up until now.
Here is the command line I'm using:
docker run -p 22:2222 -p 23:2223 -e COWRIE_TELNET_ENABLED=yes -v /home/ubuntu/honeypot/logs:/cowrie/cowrie-git/var/log/cowrie/ -v /home/ubuntu/honeypot/samples:/cowrie/cowrie-git/var/lib/cowrie/downloads cowrie/cowrie
Here is an example stdout log snippet with 2 errors (the first and the last lines):
2021-06-11T10:51:33+0000 [stdout#info] jsonlog: Can't serialize: '{'eventid': 'cowrie.client.kex', 'hassh': '2f300334eb474e4d5ef932343447dd80', 'hasshAlgorithms': '[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,[email protected],arcfour256,arcfour128,aes128-cbc,arcfour,3des-cbc;[email protected],hmac-sha2-256,hmac-sha1,hmac-sha1-96;none', 'kexAlgs': [b'[email protected]', b'ecdh-sha2-nistp256', b'ecdh-sha2-nistp384', b'ecdh-sha2-nistp521', b'diffie-hellman-group14-sha1', b'diffie-hellman-group1-sha1'], 'keyAlgs': [b'[email protected]', b'[email protected]', b'[email protected]', b'[email protected]', b'[email protected]', b'[email protected]', b'ecdsa-sha2-nistp256', b'ecdsa-sha2-nistp384', b'ecdsa-sha2-nistp521', b'ssh-rsa', b'ssh-dss', b'ssh-ed25519'], 'encCS': [b'aes128-ctr', b'aes192-ctr', b'aes256-ctr', b'[email protected]', b'arcfour256', b'arcfour128', b'aes128-cbc', b'arcfour', b'3des-cbc'], 'macCS': [b'[email protected]', b'hmac-sha2-256', b'hmac-sha1', b'hmac-sha1-96'], 'compCS': [b'none'], 'langCS': [b''], 'message': 'SSH client hassh fingerprint: 2f300334eb474e4d5ef932343447dd80', 'sensor': 'dda70ef8e80a', 'timestamp': '2021-06-11T10:51:33.923804Z', 'src_ip': '78.128.113.150', 'session': '79d7d0a46cee'}'
2021-06-11T10:51:33+0000 [cowrie.ssh.transport.HoneyPotSSHTransport#debug] kex alg=b'[email protected]' key alg=b'ssh-rsa'
2021-06-11T10:51:33+0000 [cowrie.ssh.transport.HoneyPotSSHTransport#debug] outgoing: b'aes128-ctr' b'hmac-sha1' b'none'
2021-06-11T10:51:33+0000 [cowrie.ssh.transport.HoneyPotSSHTransport#debug] incoming: b'aes128-ctr' b'hmac-sha1' b'none'
2021-06-11T10:51:34+0000 [cowrie.ssh.transport.HoneyPotSSHTransport#debug] NEW KEYS
2021-06-11T10:51:34+0000 [cowrie.ssh.transport.HoneyPotSSHTransport#debug] starting service b'ssh-userauth'
2021-06-11T10:51:34+0000 [cowrie.ssh.userauth.HoneyPotSSHUserAuthServer#debug] b'root' trying auth b'none'
2021-06-11T10:51:34+0000 [cowrie.ssh.userauth.HoneyPotSSHUserAuthServer#debug] b'root' trying auth b'password'
2021-06-11T10:51:34+0000 [HoneyPotSSHTransport,37,78.128.113.150] Could not read etc/userdb.txt, default database activated
2021-06-11T10:51:34+0000 [stdout#info] jsonlog: Can't serialize: '{'eventid': 'cowrie.login.success', 'username': b'root', 'password': b'admin', 'message': "login attempt [b'root'/b'admin'] succeeded", 'sensor': 'dda70ef8e80a', 'timestamp': '2021-06-11T10:51:34.241754Z', 'src_ip': '78.128.113.150', 'session': '79d7d0a46cee'}'
And here are a few of the many broken JSON entries in the cowrie.json. As you can see, they don't follow the JSON format and the username and password values are not available:
{"eventid":"cowrie.client.kex","hassh":"2f300334eb474e4d5ef932343447dd80","hasshAlgorithms":"[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,[email protected],arcfour256,arcfour128,aes128-cbc,arcfour,3des-cbc;[email protected],hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":[{"eventid":"cowrie.login.success","username":{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ya.ru","dst_port":80,"src_ip":"92.118.36.4","src_port":0,"message":"direct-tcp connection request to ya.ru:80 from 0.0.0.0:0","sensor":"dda70ef8e80a","timestamp":"2021-06-11T10:43:02.863361Z","session":"fc8657d24108"}
{"eventid":"cowrie.login.success","username":{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"05944c27d909","timestamp":"2021-06-11T00:00:17.447110Z","src_ip":"60.171.154.30","session":"bf66dfc101ed"}
I can get cowrie to run, but how do I use any of its other features?
Currently, the docker file backups the config.cfg.dist into a directory before to expose the volume, and after docker try to move backuped file to the mounted directory:
RUN cp ${COWRIE_HOME}/cowrie-git/etc/cowrie.cfg.dist ${COWRIE_HOME}/cowrie-git
VOLUME [ "/cowrie/cowrie-git/var", "/cowrie/cowrie-git/etc" ]
RUN mv ${COWRIE_HOME}/cowrie-git/cowrie.cfg.dist ${COWRIE_HOME}/cowrie-git/etc
However if the volume is mounted in read only mode, the "mv" command will fail.
MySQL module is operational only if you build a docker container from the source by git clone.
The fix is already done by last commit aa65a14
However, on Docker hub the last updated was 3 months ago.
Can you push an updated docker container?
Hello! I am having an issue with getting docker-cowrie to tie in with another mysql container. You can see my full configuration here. The issue comes when (I presume) cowrie is trying to write to the sql database. I'm not sure if this is an issue with my specific docker configuration, or with docker-cowrie itself.
Here is the error that is happening:
2021-05-03T20:43:52+0000 [twisted.internet.defer#critical]
Traceback (most recent call last):
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/base.py", line 1292, in mainLoop
self.runUntilCurrent()
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/base.py", line 886, in runUntilCurrent
f(*a, **kw)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 501, in errback
self._startRunCallbacks(fail)
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 568, in _startRunCallbacks
self._runCallbacks()
--- <exception caught here> ---
File "/cowrie/cowrie-env/lib/python3.7/site-packages/twisted/internet/defer.py", line 654, in _runCallbacks
current.result = callback(current.result, *args, **kw)
File "/cowrie/cowrie-git/src/cowrie/output/mysql.py", line 80, in sqlerror
if error.value[0] in (1146, 1406):
builtins.TypeError: 'OperationalError' object is not subscriptable```
Hi,
I tried to use cowrie docker image to run on Raspberry Pi 3, apparently the image is not compatible with ARM architecture. I got this error:
cowrie_cowrie_1 is up-to-date
Attaching to cowrie_cowrie_1
cowrie_1 | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1 | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1 | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1 | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1 | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1 | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1 | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1 | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1 | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_1 | standard_init_linux.go:190: exec user process caused "exec format error"
cowrie_cowrie_1 exited with code 1
I know it is not the problem of cowrie, but it is more with Docker related problem.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.