From 1158a1a55edf5f15ed5587b096bb1aecd9d2513f Mon Sep 17 00:00:00 2001 From: Michel Oosterhof Date: Wed, 17 May 2017 16:28:13 +0400 Subject: [PATCH] now use both cowrie.cfg.dist and cowrie.cfg --- CHANGELOG.md | 2 +- INSTALL.md | 21 ++++++++++++++------- twisted/plugins/cowrie_plugin.py | 2 +- 3 files changed, 16 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b0b89b1d..35fc8ce6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -* 2017-05-16 now reads config files: etc/system/cowrie.cfg cowrie.cfg and etc/local/cowrie.cfg in this order +* 2017-05-16 now combines config files: cowrie.cfg.dist and cowrie.cfg in this order * 2017-05-09 start.sh and stop.sh have been replace by bin/cowrie start|stop * 2017-04-27 New syntax "listen_endpoints" for configuring listening IP addresses/portnumbers * 2017-03-15 SSH Forwarding/SFTP/keys/version config have been moved to [ssh]. Change your config file! diff --git a/INSTALL.md b/INSTALL.md index 5c4e6155..0aa3fd15 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -80,15 +80,22 @@ $ source cowrie-env/bin/activate ## Step 5: Install configuration file -Take a look at the configuration file and make changes as desired. The defaults work well in most cases. +The configuration for Cowrie is stored in cowrie.cfg.dist and +cowrie.cfg. Both files are read, where entries from cowrie.cfg take +precedence. The .dist file can be overwritten on upgrades, cowrie.cfg +will not be changed. To run with a standard configuration, there +is no need to change anything. To enable telnet, for example, create +cowrie.cfg and input only the following: + ``` -$ cp cowrie.cfg.dist cowrie.cfg +[telnet] +enabled = true ``` ## Step 6: Generate a DSA key This step should not be necessary, however some versions of twisted -are not compatible. To avoid problems in advance, run: +are not compatible. To avoid problems in advance, run: ``` $ cd data @@ -100,7 +107,7 @@ $ cd .. Cowrie is implemented as a module for Twisted, but to properly import everything the top-level source directory needs to be in -python's os.path. This sometimes won't happen correctly, so make +python's os.path. This sometimes won't happen correctly, so make it explicit: ``` @@ -129,7 +136,7 @@ $ sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 222 ``` Note that you should test this rule only from another host; it -doesn't apply to loopback connections. Alternatively you can run +doesn't apply to loopback connections. Alternatively you can run authbind to listen as non-root on port 22 directly: ``` @@ -196,8 +203,8 @@ $ ssh-keygen -t rsa -b 2048 -f ssh_host_rsa_key ``` * If you see `twistd: Unknown command: cowrie` there are two -possibilities. If there's a python stack trace, it probably means -there's a missing or broken dependency. If there's no stack trace, +possibilities. If there's a python stack trace, it probably means +there's a missing or broken dependency. If there's no stack trace, double check that your PYTHONPATH is set to the source code directory. * Default file permissions diff --git a/twisted/plugins/cowrie_plugin.py b/twisted/plugins/cowrie_plugin.py index 19e3aeb9..79dabbce 100644 --- a/twisted/plugins/cowrie_plugin.py +++ b/twisted/plugins/cowrie_plugin.py @@ -118,7 +118,7 @@ Makes a Cowrie SSH/Telnet honeypot. print('ERROR: You must not run cowrie as root!') sys.exit(1) - cfg = readConfigFile(("etc/default/cowrie.cfg","cowrie.cfg","etc/local/cowrie.cfg")) + cfg = readConfigFile(("cowrie.cfg.dist","cowrie.cfg")) # ssh is enabled by default if cfg.has_option('ssh', 'enabled') == False or \