cowrie/INSTALL.md

95 lines
2.4 KiB
Markdown
Raw Normal View History

2015-05-12 15:17:42 +00:00
# Installation
2016-02-04 05:45:17 +00:00
## Installing cowrie in six easy steps.
2015-05-12 15:22:15 +00:00
2016-02-04 05:40:28 +00:00
Install prerequisites on Debian based systems:
```
2016-04-14 09:37:36 +00:00
$ sudo apt-get install python-twisted python-crypto python-pyasn1 python-gmpy2 python-mysqldb python-zope.interface
2016-02-04 05:40:28 +00:00
```
Install prerequisites on RedHat based systems:
```
2016-02-04 05:45:17 +00:00
$ sudo yum install <tbd> <tbd> <tbd>
2016-02-04 05:40:28 +00:00
```
2016-01-17 06:32:35 +00:00
It's strongly recommended to install under a dedicated non-root user id:
2015-05-12 15:17:42 +00:00
```
$ sudo adduser --disabled-password cowrie
Adding user `cowrie' ...
Adding new group `cowrie' (1002) ...
Adding new user `cowrie' (1002) with group `cowrie' ...
Changing the user information for cowrie
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
$ sudo su - cowrie
$ git clone http://github.com/micheloosterhof/cowrie
Cloning into 'cowrie'...
remote: Counting objects: 2965, done.
remote: Compressing objects: 100% (1025/1025), done.
remote: Total 2965 (delta 1908), reused 2962 (delta 1905), pack-reused 0
Receiving objects: 100% (2965/2965), 3.41 MiB | 2.57 MiB/s, done.
Resolving deltas: 100% (1908/1908), done.
Checking connectivity... done.
$ cd cowrie
$ cp cowrie.cfg.dist cowrie.cfg
$ ./start.sh
Starting cowrie in the background...
2016-02-04 05:45:17 +00:00
$ exit
2015-05-12 15:17:42 +00:00
```
2016-01-17 06:32:35 +00:00
Cowry runs by default on port 2222. This can be modified in the configuration file.
2015-05-12 15:20:51 +00:00
The following firewall rule will forward incoming traffic on port 22 to port 2222.
```
2015-06-23 08:20:12 +00:00
$ sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222
2015-05-12 15:20:51 +00:00
```
2015-05-12 15:17:42 +00:00
2016-01-17 06:32:35 +00:00
Alternatively you can run authbind to listen as non-root on port 22 directly:
```
$ apt-get install authbind
$ touch /etc/authbind/byport/22
$ chown cowrie:cowrie /etc/authbind/byport/22
2016-02-04 05:45:17 +00:00
$ chmod 770 /etc/authbind/byport/22
2016-01-17 06:32:35 +00:00
```
* Edit start.sh and modify the AUTHBIND_ENABLED setting
* Change listen_port to 22 in cowrie.cfg
2016-02-04 05:45:17 +00:00
## Bugs and workarounds
* For some versions of Twisted you may receive the following error messagse:
```
....
File "/usr/lib/python2.7/site-packages/Crypto/PublicKey/DSA.py", line 342, in _generate
key = self._math.dsa_construct(obj.y, obj.g, obj.p, obj.q, obj.x)
TypeError: must be long, not mpz
```
This is caused by Twisted incompatibilities. A workaround is to run:
```
$ cd cowrie/data
$ ssh-keygen -t dsa -b 1024 -f ssh_host_dsa_key
```
* Default file permissions
2016-04-27 08:38:05 +00:00
To make Cowrie logfiles public readable, change the ```--umask 0077``` option in start.sh into ```--umask 0022```
2016-04-27 08:38:05 +00:00