cowrie/docs/kippo-graph/README.rst

114 lines
2.5 KiB
ReStructuredText
Raw Normal View History

How to process Cowrie output in kippo-graph
#############################################
(Note: work in progress, instructions are not verified)
Tested on Debian 9.
Prerequisites
****************
* Working Cowrie installation
* LAMP stack (Linux, Apache, MySQL, PHP)
Installation
****************
This covers a simple installation, with kippo-graph and Cowrie on the same server.
Please see here for installation: https://github.com/ikoniaris/kippo-graph
MySQL configuration
***********************
Configuring Cowrie requires setting up the SQL tables and then telling Cowrie to use them.
To install the tables and create the Cowrie user account enter the following commands::
mysql -u root -p
CREATE DATABASE cowrie;
GRANT ALL ON cowrie.* TO 'cowrie'@'localhost' IDENTIFIED BY 'PASSWORD HERE';
FLUSH PRIVILEGES;
exit
Next create the database schema::
cd /opt/cowrie/
mysql -u cowrie -p
USE cowrie;
source ./docs/sql/mysql.sql;
exit
disable MySQL strict mode::
vi /etc/mysql/conf.d/disable_strict_mode.cnf
[mysqld]
sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
Cowrie configuration
************************
Edit cowrie.cfg::
vi /opt/cowrie/cowrie.cfg
Activate output to mysql::
[output_mysql]
host = localhost
database = cowrie
username = cowrie
password = PASSWORD HERE
port = 3306
debug = false
Set read access to tty-files for group www-data (group maybe differ on other distributions)::
sudo apt-get install acl
sudo setfacl -Rm g:www-data:rx /opt/cowrie/var/lib/cowrie/tty/
kippo-graph Configuration
****************************
Edit config file::
vi /var/www/html/kippo-graph/config.php
Change db settings::
define('DB_HOST', 'localhost');
define('DB_USER', 'cowrie');
define('DB_PASS', 'PASSWORD HERE');
define('DB_NAME', 'cowrie');
define('DB_PORT', '3306');
Apache2 configuration (optional)
************************************
To secure the installation
Create password database::
cd /etc/apache2/
htpasswd -c /etc/apache2/cowrie.passwd <username>
htpasswd /etc/apache2/cowrie.passwd <username> (second user)
vi /etc/apache2/sites-enabled/000-default.conf
Between the <VirtualHost> </VirtualHost> tags, add::
<Location />
AuthBasicAuthoritative On
AllowOverride AuthConfig
AuthType Basic
AuthName "cowrie honeypot"
AuthUserFile /etc/apache2/cowrie.passwd
Require valid-user
</Location>