mirror of https://github.com/cowrie/cowrie.git
114 lines
2.5 KiB
ReStructuredText
114 lines
2.5 KiB
ReStructuredText
|
How to process Cowrie output in kippo-graph
|
||
|
#############################################
|
||
|
|
||
|
(Note: work in progress, instructions are not verified)
|
||
|
Tested on Debian 9.
|
||
|
|
||
|
|
||
|
Prerequisites
|
||
|
****************
|
||
|
|
||
|
* Working Cowrie installation
|
||
|
* LAMP stack (Linux, Apache, MySQL, PHP)
|
||
|
|
||
|
Installation
|
||
|
****************
|
||
|
|
||
|
This covers a simple installation, with kippo-graph and Cowrie on the same server.
|
||
|
Please see here for installation: https://github.com/ikoniaris/kippo-graph
|
||
|
|
||
|
|
||
|
MySQL configuration
|
||
|
***********************
|
||
|
|
||
|
Configuring Cowrie requires setting up the SQL tables and then telling Cowrie to use them.
|
||
|
|
||
|
To install the tables and create the Cowrie user account enter the following commands::
|
||
|
|
||
|
mysql -u root -p
|
||
|
CREATE DATABASE cowrie;
|
||
|
GRANT ALL ON cowrie.* TO 'cowrie'@'localhost' IDENTIFIED BY 'PASSWORD HERE';
|
||
|
FLUSH PRIVILEGES;
|
||
|
exit
|
||
|
|
||
|
Next create the database schema::
|
||
|
|
||
|
cd /opt/cowrie/
|
||
|
mysql -u cowrie -p
|
||
|
USE cowrie;
|
||
|
source ./docs/sql/mysql.sql;
|
||
|
exit
|
||
|
|
||
|
disable MySQL strict mode::
|
||
|
|
||
|
vi /etc/mysql/conf.d/disable_strict_mode.cnf
|
||
|
|
||
|
[mysqld]
|
||
|
sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
|
||
|
|
||
|
Cowrie configuration
|
||
|
************************
|
||
|
|
||
|
Edit cowrie.cfg::
|
||
|
|
||
|
vi /opt/cowrie/cowrie.cfg
|
||
|
|
||
|
Activate output to mysql::
|
||
|
|
||
|
[output_mysql]
|
||
|
host = localhost
|
||
|
database = cowrie
|
||
|
username = cowrie
|
||
|
password = PASSWORD HERE
|
||
|
port = 3306
|
||
|
debug = false
|
||
|
|
||
|
Set read access to tty-files for group www-data (group maybe differ on other distributions)::
|
||
|
|
||
|
sudo apt-get install acl
|
||
|
sudo setfacl -Rm g:www-data:rx /opt/cowrie/var/lib/cowrie/tty/
|
||
|
|
||
|
kippo-graph Configuration
|
||
|
****************************
|
||
|
|
||
|
|
||
|
Edit config file::
|
||
|
|
||
|
vi /var/www/html/kippo-graph/config.php
|
||
|
|
||
|
Change db settings::
|
||
|
|
||
|
define('DB_HOST', 'localhost');
|
||
|
define('DB_USER', 'cowrie');
|
||
|
define('DB_PASS', 'PASSWORD HERE');
|
||
|
define('DB_NAME', 'cowrie');
|
||
|
define('DB_PORT', '3306');
|
||
|
|
||
|
Apache2 configuration (optional)
|
||
|
************************************
|
||
|
|
||
|
To secure the installation
|
||
|
|
||
|
Create password database::
|
||
|
|
||
|
cd /etc/apache2/
|
||
|
htpasswd -c /etc/apache2/cowrie.passwd <username>
|
||
|
htpasswd /etc/apache2/cowrie.passwd <username> (second user)
|
||
|
|
||
|
|
||
|
vi /etc/apache2/sites-enabled/000-default.conf
|
||
|
|
||
|
Between the <VirtualHost> </VirtualHost> tags, add::
|
||
|
|
||
|
<Location />
|
||
|
AuthBasicAuthoritative On
|
||
|
AllowOverride AuthConfig
|
||
|
|
||
|
AuthType Basic
|
||
|
AuthName "cowrie honeypot"
|
||
|
AuthUserFile /etc/apache2/cowrie.passwd
|
||
|
Require valid-user
|
||
|
</Location>
|
||
|
|
||
|
|