Rooba
/
cowrie
mirror of https://github.com/cowrie/cowrie.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added changable process listing. (#787) 

* Fixed merge conflict changes

* Implemented dynamic processing from snapshots of systems

* Fixed formatting

Add process in server.py

Added Process into its own class instead of config.
Load in the server class

* Fix formatting

* Update config.py

* Update server.py

* Update server.py

* Update process.py

* Update server.py

* Update base.py

* Update base.py

* Update base.py

* Update protocol.py
This commit is contained in:
Dave Germiquet 2018-07-07 14:07:12 -04:00 committed by Michel Oosterhof
parent b9ecd4b5e6
commit 8daa497136
6 changed files with 1222 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
bin/createdynamicprocess.py Normal file
View File

@ -0,0 +1,38 @@
import psutil
import json
import datetime
import random
command = {}
command['command'] = {}
command['command']['ps'] = []
randomStates = ["Ss", "S<", "D<", "Ss+"]
for proc in psutil.process_iter():
try:
info = proc.as_dict(
attrs=['pid', 'name', 'cmdline', 'username', 'cpu_percent', 'memory_percent', 'memory_info', 'create_time', 'terminal', 'status', 'cpu_times'])
except psutil.NoSuchProcess:
pass
else:
object = {}
object['USER'] = info['username']
object['PID'] = info['pid']
if info['cmdline']:
object['COMMAND'] = "/".join(info['cmdline'])
else:
object['COMMAND'] = '[ ' + info['name'] + ' ]'
object['CPU'] = info['cpu_percent']
object['MEM'] = info['memory_percent']
object['RSS'] = info['memory_info'].rss
object['VSZ'] = info['memory_info'].vms
object['START'] = datetime.datetime.fromtimestamp(info['create_time']).strftime("%b%d")
if info['terminal'] != None:
object['TTY'] = str(info['terminal']).replace("/dev/", "")
else:
object['TTY'] = "?"
object['STAT'] = random.choice(randomStates)
object['TIME'] = info['cpu_times'].user
command['command']['ps'].append(object)
print(json.dumps(command, indent=4, sort_keys=True))

955
cmdoutput.json Normal file
View File

@ -0,0 +1,955 @@
{
"command": {
"ps": [
{
"COMMAND": "/lib/systemd/systemd --system --deserialize 20",
"CPU": 0.0,
"MEM": 0.8852285391357956,
"PID": 1,
"RSS": 4587520,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.48,
"TTY": "?",
"USER": "root",
"VSZ": 180281344
},
{
"COMMAND": "[kthreadd]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 2,
"RSS": 0,
"START": "Jun22",
"STAT": "S<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[ksoftirqd/0]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 3,
"RSS": 0,
"START": "Jun22",
"STAT": "S<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[kworker/0:0H]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 5,
"RSS": 0,
"START": "Jun22",
"STAT": "D<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[rcu_sched]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 7,
"RSS": 0,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[rcu_bh]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 8,
"RSS": 0,
"START": "Jun22",
"STAT": "Ss+",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[migration/0]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 9,
"RSS": 0,
"START": "Jun22",
"STAT": "Ss+",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[watchdog/0]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 10,
"RSS": 0,
"START": "Jun22",
"STAT": "S<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[watchdog/1]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 11,
"RSS": 0,
"START": "Jun22",
"STAT": "D<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[migration/1]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 12,
"RSS": 0,
"START": "Jun22",
"STAT": "Ss+",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[ksoftirqd/1]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 13,
"RSS": 0,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[kworker/1:0H]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 15,
"RSS": 0,
"START": "Jun22",
"STAT": "D<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[khelper]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 16,
"RSS": 0,
"START": "Jun22",
"STAT": "D<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[kdevtmpfs]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 17,
"RSS": 0,
"START": "Jun22",
"STAT": "S<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[netns]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 18,
"RSS": 0,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[khungtaskd]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 19,
"RSS": 0,
"START": "Jun22",
"STAT": "D<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[writeback]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 20,
"RSS": 0,
"START": "Jun22",
"STAT": "S<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[ksmd]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 21,
"RSS": 0,
"START": "Jun22",
"STAT": "S<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[crypto]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 22,
"RSS": 0,
"START": "Jun22",
"STAT": "S<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[kintegrityd]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 23,
"RSS": 0,
"START": "Jun22",
"STAT": "S<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[bioset]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 24,
"RSS": 0,
"START": "Jun22",
"STAT": "D<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[kblockd]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 25,
"RSS": 0,
"START": "Jun22",
"STAT": "Ss+",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[kswapd0]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 27,
"RSS": 0,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[vmstat]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 28,
"RSS": 0,
"START": "Jun22",
"STAT": "S<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[fsnotify_mark]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 29,
"RSS": 0,
"START": "Jun22",
"STAT": "S<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[kthrotld]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 35,
"RSS": 0,
"START": "Jun22",
"STAT": "S<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[ipv6_addrconf]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 37,
"RSS": 0,
"START": "Jun22",
"STAT": "S<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[deferwq]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 38,
"RSS": 0,
"START": "Jun22",
"STAT": "D<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[kworker/u4:1]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 39,
"RSS": 0,
"START": "Jun22",
"STAT": "D<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[ata_sff]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 74,
"RSS": 0,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[kpsmoused]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 75,
"RSS": 0,
"START": "Jun22",
"STAT": "Ss+",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[scsi_eh_0]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 78,
"RSS": 0,
"START": "Jun22",
"STAT": "S<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[scsi_tmf_0]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 79,
"RSS": 0,
"START": "Jun22",
"STAT": "Ss+",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[kworker/u4:2]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 80,
"RSS": 0,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[kworker/1:1H]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 83,
"RSS": 0,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[kworker/0:1H]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 88,
"RSS": 0,
"START": "Jun22",
"STAT": "D<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[jbd2/sda1-8]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 103,
"RSS": 0,
"START": "Jun22",
"STAT": "D<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[ext4-rsv-conver]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 104,
"RSS": 0,
"START": "Jun22",
"STAT": "Ss+",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[kauditd]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 135,
"RSS": 0,
"START": "Jun22",
"STAT": "Ss+",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "/lib/systemd/systemd-udevd",
"CPU": 0.0,
"MEM": 0.42680661708333006,
"PID": 141,
"RSS": 2211840,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.05,
"TTY": "?",
"USER": "root",
"VSZ": 41754624
},
{
"COMMAND": "/lib/systemd/systemd-journald",
"CPU": 0.0,
"MEM": 1.1231337090285407,
"PID": 150,
"RSS": 5820416,
"START": "Jun22",
"STAT": "S<",
"TIME": 0.16,
"TTY": "?",
"USER": "root",
"VSZ": 38326272
},
{
"COMMAND": "/sbin/rpcbind -w",
"CPU": 0.0,
"MEM": 0.345397206787806,
"PID": 360,
"RSS": 1789952,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 37969920
},
{
"COMMAND": "/sbin/rpc.statd",
"CPU": 0.0,
"MEM": 0.3374933805455221,
"PID": 382,
"RSS": 1748992,
"START": "Jun22",
"STAT": "Ss+",
"TIME": 0.0,
"TTY": "?",
"USER": "statd",
"VSZ": 38174720
},
{
"COMMAND": "[rpciod]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 387,
"RSS": 0,
"START": "Jun22",
"STAT": "D<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[nfsiod]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 392,
"RSS": 0,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "/usr/sbin/rpc.idmapd",
"CPU": 0.0,
"MEM": 0.002371147872685167,
"PID": 407,
"RSS": 12288,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 23916544
},
{
"COMMAND": "/usr/sbin/atd -f",
"CPU": 0.0,
"MEM": 0.3082492234490717,
"PID": 413,
"RSS": 1597440,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 19480576
},
{
"COMMAND": "/usr/sbin/cron -f",
"CPU": 0.0,
"MEM": 0.5097967926273108,
"PID": 414,
"RSS": 2641920,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.01,
"TTY": "?",
"USER": "root",
"VSZ": 28135424
},
{
"COMMAND": "/lib/systemd/systemd-logind",
"CPU": 0.0,
"MEM": 0.3390741457939789,
"PID": 417,
"RSS": 1757184,
"START": "Jun22",
"STAT": "Ss+",
"TIME": 0.05,
"TTY": "?",
"USER": "root",
"VSZ": 20332544
},
{
"COMMAND": "/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation",
"CPU": 0.0,
"MEM": 0.5105871752515393,
"PID": 419,
"RSS": 2646016,
"START": "Jun22",
"STAT": "Ss+",
"TIME": 0.52,
"TTY": "?",
"USER": "messagebus",
"VSZ": 43245568
},
{
"COMMAND": "/usr/sbin/rsyslogd -n",
"CPU": 0.0,
"MEM": 0.40309513835647837,
"PID": 425,
"RSS": 2088960,
"START": "Jun22",
"STAT": "D<",
"TIME": 0.04,
"TTY": "?",
"USER": "root",
"VSZ": 264880128
},
{
"COMMAND": "/usr/sbin/acpid",
"CPU": 0.0,
"MEM": 0.3058780755763865,
"PID": 427,
"RSS": 1585152,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 4358144
},
{
"COMMAND": "/sbin/agetty --noclear tty1 linux",
"CPU": 0.0,
"MEM": 0.3295895543032382,
"PID": 442,
"RSS": 1708032,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.0,
"TTY": "tty1",
"USER": "root",
"VSZ": 14761984
},
{
"COMMAND": "/usr/sbin/sshd -D",
"CPU": 0.0,
"MEM": 0.5919965855470634,
"PID": 448,
"RSS": 3067904,
"START": "Jun22",
"STAT": "D<",
"TIME": 0.01,
"TTY": "?",
"USER": "root",
"VSZ": 56508416
},
{
"COMMAND": "/usr/sbin/exim4 -bd -q30m",
"CPU": 0.0,
"MEM": 0.41574126034413256,
"PID": 682,
"RSS": 2154496,
"START": "Jun22",
"STAT": "D<",
"TIME": 0.0,
"TTY": "?",
"USER": "Debian-exim",
"VSZ": 54530048
},
{
"COMMAND": "dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0",
"CPU": 0.0,
"MEM": 0.11381509788888802,
"PID": 697,
"RSS": 589824,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 26009600
},
{
"COMMAND": "[iprt-VBoxWQueue]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 8574,
"RSS": 0,
"START": "Jun22",
"STAT": "Ss+",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[ttm_swap]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 8611,
"RSS": 0,
"START": "Jun22",
"STAT": "D<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "/usr/sbin/VBoxService --pidfile /var/run/vboxadd-service.sh",
"CPU": 0.0,
"MEM": 0.20549948229938111,
"PID": 8743,
"RSS": 1064960,
"START": "Jun22",
"STAT": "Ss",
"TIME": 0.17,
"TTY": "?",
"USER": "root",
"VSZ": 307101696
},
{
"COMMAND": "dhclient -v -pf /run/dhclient.eth1.pid -lf /var/lib/dhcp/dhclient.eth1.leases eth1",
"CPU": 0.0,
"MEM": 0.4679065135432063,
"PID": 9030,
"RSS": 2424832,
"START": "Jun22",
"STAT": "Ss+",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 26009600
},
{
"COMMAND": "/bin/sh /usr/bin/mysqld_safe",
"CPU": 0.0,
"MEM": 0.2908608057160471,
"PID": 21704,
"RSS": 1507328,
"START": "Jun22",
"STAT": "D<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 4440064
},
{
"COMMAND": "/usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-error=/var/log/mysql/error.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/run/mysqld/mysqld.sock --port=3306",
"CPU": 0.0,
"MEM": 9.2822535389382,
"PID": 22049,
"RSS": 48103424,
"START": "Jun22",
"STAT": "S<",
"TIME": 5.91,
"TTY": "?",
"USER": "mysql",
"VSZ": 1374707712
},
{
"COMMAND": "/usr/lib/erlang/erts-6.2/bin/epmd -daemon",
"CPU": 0.0,
"MEM": 0.04505180958101817,
"PID": 25061,
"RSS": 233472,
"START": "Jun23",
"STAT": "Ss",
"TIME": 0.14,
"TTY": "?",
"USER": "ejabberd",
"VSZ": 27955200
},
{
"COMMAND": "[kworker/0:0]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 25065,
"RSS": 0,
"START": "Jun23",
"STAT": "Ss+",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "/usr/lib/erlang/erts-6.2/bin/beam.smp -K true -P 250000 -- -root /usr/lib/erlang -progname erl -- -home /var/lib/ejabberd -- -sname ejabberd -noshell -noinput -noshell -noinput -pa /usr/lib/x86_64-linux-gnu/ejabberd/ebin -mnesia dir \"/var/lib/ejabberd\" -ejabberd log_rate_limit 100 log_rotate_size 0 log_rotate_date \"\" -s ejabberd -sasl sasl_error_logger {file,\"/var/log/ejabberd/erlang.log\"} -smp auto start ",
"CPU": 0.0,
"MEM": 8.874416104836351,
"PID": 25095,
"RSS": 45989888,
"START": "Jun23",
"STAT": "Ss",
"TIME": 3.41,
"TTY": "?",
"USER": "ejabberd",
"VSZ": 968404992
},
{
"COMMAND": "[kworker/1:0]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 25970,
"RSS": 0,
"START": "Jun23",
"STAT": "D<",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;",
"CPU": 0.0,
"MEM": 0.5967388812924337,
"PID": 26418,
"RSS": 3092480,
"START": "Jun23",
"STAT": "Ss+",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 93380608
},
{
"COMMAND": "nginx: worker process ",
"CPU": 0.0,
"MEM": 0.7255712490416611,
"PID": 26419,
"RSS": 3760128,
"START": "Jun23",
"STAT": "Ss+",
"TIME": 0.29,
"TTY": "?",
"USER": "www-data",
"VSZ": 93704192
},
{
"COMMAND": "nginx: worker process ",
"CPU": 0.0,
"MEM": 0.7255712490416611,
"PID": 26420,
"RSS": 3760128,
"START": "Jun23",
"STAT": "D<",
"TIME": 0.36,
"TTY": "?",
"USER": "www-data",
"VSZ": 93704192
},
{
"COMMAND": "nginx: worker process ",
"CPU": 0.0,
"MEM": 0.7255712490416611,
"PID": 26421,
"RSS": 3760128,
"START": "Jun23",
"STAT": "Ss+",
"TIME": 0.2,
"TTY": "?",
"USER": "www-data",
"VSZ": 93704192
},
{
"COMMAND": "nginx: worker process ",
"CPU": 0.0,
"MEM": 0.7255712490416611,
"PID": 26422,
"RSS": 3760128,
"START": "Jun23",
"STAT": "D<",
"TIME": 0.45,
"TTY": "?",
"USER": "www-data",
"VSZ": 93704192
},
{
"COMMAND": "[kworker/0:2]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 28001,
"RSS": 0,
"START": "Jun23",
"STAT": "Ss",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
},
{
"COMMAND": "[kworker/1:1]",
"CPU": 0.0,
"MEM": 0.0,
"PID": 28002,
"RSS": 0,
"START": "Jun23",
"STAT": "Ss",
"TIME": 0.0,
"TTY": "?",
"USER": "root",
"VSZ": 0
}
]
}
}

243
cowrie/commands/base.py
View File

@ -8,9 +8,9 @@ import time
import datetime
import getopt
import re
import random
from twisted.python import failure, log
from twisted.internet import error, reactor
from cowrie.shell.honeypot import HoneyPotCommand, HoneyPotShell, StdOutStdErrEmulationProtocol
@ -251,6 +251,7 @@ commands['/bin/hostname'] = command_hostname
class command_ps(HoneyPotCommand):
"""
"""
def call(self):
"""
"""
@ -258,43 +259,209 @@ class command_ps(HoneyPotCommand):
args = ''
if len(self.args):
args = self.args[0].strip()
_user, _pid, _cpu, _mem, _vsz, _rss, _tty, _stat, \
_start, _time, _command = list(range(11))
_user, _pid, _cpu, _mem, _vsz, _rss, _tty, _stat, _start, _time, _command = list(range(11))
output_array = []
output = (
('USER ', ' PID', ' %CPU', ' %MEM', ' VSZ', ' RSS', ' TTY ', 'STAT ', 'START', ' TIME ', 'COMMAND',),
('root ', ' 1', ' 0.0', ' 0.1', ' 2100', ' 688', ' ? ', 'Ss ', 'Nov06', ' 0:07 ', 'init [2] ',),
('root ', ' 2', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06', ' 0:00 ', '[kthreadd]',),
('root ', ' 3', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06', ' 0:00 ', '[migration/0]',),
('root ', ' 4', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06', ' 0:00 ', '[ksoftirqd/0]',),
('root ', ' 5', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06', ' 0:00 ', '[watchdog/0]',),
('root ', ' 6', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06', ' 0:17 ', '[events/0]',),
('root ', ' 7', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06', ' 0:00 ', '[khelper]',),
('root ', ' 39', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06', ' 0:00 ', '[kblockd/0]',),
('root ', ' 41', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06', ' 0:00 ', '[kacpid]',),
('root ', ' 42', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06', ' 0:00 ', '[kacpi_notify]',),
('root ', ' 170', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06', ' 0:00 ', '[kseriod]',),
('root ', ' 207', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S ', 'Nov06', ' 0:01 ', '[pdflush]',),
('root ', ' 208', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S ', 'Nov06', ' 0:00 ', '[pdflush]',),
('root ', ' 209', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06', ' 0:00 ', '[kswapd0]',),
('root ', ' 210', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06', ' 0:00 ', '[aio/0]',),
('root ', ' 748', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06', ' 0:00 ', '[ata/0]',),
('root ', ' 749', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06', ' 0:00 ', '[ata_aux]',),
('root ', ' 929', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06', ' 0:00 ', '[scsi_eh_0]',),
('root ', '1014', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'D< ', 'Nov06', ' 0:03 ', '[kjournald]',),
('root ', '1087', ' 0.0', ' 0.1', ' 2288', ' 772', ' ? ', 'S<s ', 'Nov06', ' 0:00 ', 'udevd --daemon',),
('root ', '1553', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06', ' 0:00 ', '[kpsmoused]',),
('root ', '2054', ' 0.0', ' 0.2', ' 28428', ' 1508', ' ? ', 'Sl ', 'Nov06', ' 0:01 ', '/usr/sbin/rsyslogd -c3',),
('root ', '2103', ' 0.0', ' 0.2', ' 2628', ' 1196', ' tty1 ', 'Ss ', 'Nov06', ' 0:00 ', '/bin/login -- ',),
('root ', '2105', ' 0.0', ' 0.0', ' 1764', ' 504', ' tty2 ', 'Ss+ ', 'Nov06', ' 0:00 ', '/sbin/getty 38400 tty2',),
('root ', '2107', ' 0.0', ' 0.0', ' 1764', ' 504', ' tty3 ', 'Ss+ ', 'Nov06', ' 0:00 ', '/sbin/getty 38400 tty3',),
('root ', '2109', ' 0.0', ' 0.0', ' 1764', ' 504', ' tty4 ', 'Ss+ ', 'Nov06', ' 0:00 ', '/sbin/getty 38400 tty4',),
('root ', '2110', ' 0.0', ' 0.0', ' 1764', ' 504', ' tty5 ', 'Ss+ ', 'Nov06', ' 0:00 ', '/sbin/getty 38400 tty5',),
('root ', '2112', ' 0.0', ' 0.0', ' 1764', ' 508', ' tty6 ', 'Ss+ ', 'Nov06', ' 0:00 ', '/sbin/getty 38400 tty6',),
('root ', '2133', ' 0.0', ' 0.1', ' 2180', ' 620', ' ? ', 'S<s ', 'Nov06', ' 0:00 ', 'dhclient3 -pf /var/run/dhclient.eth0.pid -lf /var/lib/dhcp3/dhclien',),
('root ', '4969', ' 0.0', ' 0.1', ' 5416', ' 1024', ' ? ', 'Ss ', 'Nov08', ' 0:00 ', '/usr/sbin/sshd: %s@pts/0' % user,),
('%s'.ljust(8) % user, '5673', ' 0.0', ' 0.2', ' 2924', ' 1540', ' pts/0 ', 'Ss ', '04:30', ' 0:00 ', '-bash',),
('%s'.ljust(8) % user, '5679', ' 0.0', ' 0.1', ' 2432', ' 928', ' pts/0 ', 'R+ ', '04:32', ' 0:00 ', 'ps %s' % ' '.join(self.args),)
)
'%s'.ljust(15 - len("USER")) % "USER",
'%s'.ljust(8 - len("PID")) % "PID",
'%s'.ljust(13 - len("%CPU")) % "%CPU",
'%s'.ljust(13 - len("%MEM")) % "%MEM",
'%s'.ljust(12 - len("VSZ")) % "VSZ",
'%s'.ljust(12 - len("RSS")) % "RSS",
'%s'.ljust(10 - len("TTY")) % "TTY",
'%s'.ljust(8 - len("STAT")) % "STAT",
'%s'.ljust(8 - len("START")) % "START",
'%s'.ljust(8 - len("TIME")) % "TIME",
'%s'.ljust(30 - len("COMMAND")) % "COMMAND")
output_array.append(output)
if (self.protocol.user.server.process):
for single_ps in self.protocol.user.server.process:
output = ('%s'.ljust(15 - len(str(single_ps['USER']))) % str(single_ps['USER']),
'%s'.ljust(8 - len(str(single_ps['PID']))) % str(single_ps['PID']),
'%s'.ljust(13 - len(str(round(single_ps['CPU'], 2)))) % str(round(single_ps['CPU'], 2)),
'%s'.ljust(13 - len(str(round(single_ps['MEM'], 2)))) % str(round(single_ps['MEM'], 2)),
'%s'.ljust(12 - len(str(single_ps['VSZ']))) % str(single_ps['VSZ']),
'%s'.ljust(12 - len(str(single_ps['RSS']))) % str(single_ps['RSS']),
'%s'.ljust(10 - len(str(single_ps['TTY']))) % str(single_ps['TTY']),
'%s'.ljust(8 - len(str(single_ps['STAT']))) % str(single_ps['STAT']),
'%s'.ljust(8 - len(str(single_ps['START']))) % str(single_ps['START']),
'%s'.ljust(8 - len(str(single_ps['TIME']))) % str(single_ps['TIME']),
'%s'.ljust(30 - len(str(single_ps['COMMAND']))) % str(single_ps['COMMAND']))
output_array.append(output)
process = random.randint(4000, 8000)
output = ('%s'.ljust(15 - len('root')) % 'root',
'%s'.ljust(8 - len(str(process))) % str(process),
'%s'.ljust(13 - len('0.0')) % '0.0',
'%s'.ljust(13 - len('0.1')) % '0.1',
'%s'.ljust(12 - len('5416')) % '5416',
'%s'.ljust(12 - len('1024')) % '1024',
'%s'.ljust(10 - len('?')) % '?',
'%s'.ljust(8 - len('Ss')) % 'Ss',
'%s'.ljust(8 - len('June22')) % 'June22',
'%s'.ljust(8 - len('0:00')) % '0:00',
'%s'.ljust(30 - len('/usr/sbin/sshd: %s@pts/0')) % '/usr/sbin/sshd: %s@pts/0' % user)
output_array.append(output)
process = process + 5
output = ('%s'.ljust(15 - len(user)) % user,
'%s'.ljust(8 - len(str(process))) % str(process),
'%s'.ljust(13 - len('0.0')) % '0.0',
'%s'.ljust(13 - len('0.1')) % '0.1',
'%s'.ljust(12 - len('2925')) % '5416',
'%s'.ljust(12 - len('1541')) % '1024',
'%s'.ljust(10 - len('pts/0')) % 'pts/0',
'%s'.ljust(8 - len('Ss')) % 'Ss',
'%s'.ljust(8 - len('06:30')) % '06:30',
'%s'.ljust(8 - len('0:00')) % '0:00',
'%s'.ljust(30 - len('bash')) % '-bash')
output_array.append(output)
process = process + 2
output = ('%s'.ljust(15 - len(user)) % user,
'%s'.ljust(8 - len(str(process))) % str(process),
'%s'.ljust(13 - len('0.0')) % '0.0',
'%s'.ljust(13 - len('0.1')) % '0.1',
'%s'.ljust(12 - len('2435')) % '2435',
'%s'.ljust(12 - len('929')) % '929',
'%s'.ljust(10 - len('pts/0')) % 'pts/0',
'%s'.ljust(8 - len('Ss')) % 'Ss',
'%s'.ljust(8 - len('06:30')) % '06:30',
'%s'.ljust(8 - len('0:00')) % '0:00',
'%s'.ljust(30 - len('ps')) % 'ps %s' % ' '.join(self.args))
output_array.append(output)
else:
output_array = (
(
'USER ', ' PID', ' %CPU', ' %MEM', ' VSZ', ' RSS', ' TTY ', 'STAT ', 'START',
' TIME ',
'COMMAND',),
(
'root ', ' 1', ' 0.0', ' 0.1', ' 2100', ' 688', ' ? ', 'Ss ', 'Nov06',
' 0:07 ',
'init [2] ',),
(
'root ', ' 2', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06',
' 0:00 ',
'[kthreadd]',),
(
'root ', ' 3', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06',
' 0:00 ',
'[migration/0]',),
(
'root ', ' 4', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06',
' 0:00 ',
'[ksoftirqd/0]',),
(
'root ', ' 5', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06',
' 0:00 ',
'[watchdog/0]',),
(
'root ', ' 6', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06',
' 0:17 ',
'[events/0]',),
(
'root ', ' 7', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06',
' 0:00 ',
'[khelper]',),
(
'root ', ' 39', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06',
' 0:00 ',
'[kblockd/0]',),
(
'root ', ' 41', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06',
' 0:00 ',
'[kacpid]',),
(
'root ', ' 42', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06',
' 0:00 ',
'[kacpi_notify]',),
(
'root ', ' 170', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06',
' 0:00 ',
'[kseriod]',),
(
'root ', ' 207', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S ', 'Nov06',
' 0:01 ',
'[pdflush]',),
(
'root ', ' 208', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S ', 'Nov06',
' 0:00 ',
'[pdflush]',),
(
'root ', ' 209', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06',
' 0:00 ',
'[kswapd0]',),
(
'root ', ' 210', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06',
' 0:00 ',
'[aio/0]',),
(
'root ', ' 748', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06',
' 0:00 ',
'[ata/0]',),
(
'root ', ' 749', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06',
' 0:00 ',
'[ata_aux]',),
(
'root ', ' 929', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06',
' 0:00 ',
'[scsi_eh_0]',),
(
'root ', '1014', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'D< ', 'Nov06',
' 0:03 ',
'[kjournald]',),
(
'root ', '1087', ' 0.0', ' 0.1', ' 2288', ' 772', ' ? ', 'S<s ', 'Nov06',
' 0:00 ',
'udevd --daemon',),
(
'root ', '1553', ' 0.0', ' 0.0', ' 0', ' 0', ' ? ', 'S< ', 'Nov06',
' 0:00 ',
'[kpsmoused]',),
(
'root ', '2054', ' 0.0', ' 0.2', ' 28428', ' 1508', ' ? ', 'Sl ', 'Nov06',
' 0:01 ',
'/usr/sbin/rsyslogd -c3',),
(
'root ', '2103', ' 0.0', ' 0.2', ' 2628', ' 1196', ' tty1 ', 'Ss ', 'Nov06',
' 0:00 ',
'/bin/login -- ',),
(
'root ', '2105', ' 0.0', ' 0.0', ' 1764', ' 504', ' tty2 ', 'Ss+ ', 'Nov06',
' 0:00 ',
'/sbin/getty 38400 tty2',),
(
'root ', '2107', ' 0.0', ' 0.0', ' 1764', ' 504', ' tty3 ', 'Ss+ ', 'Nov06',
' 0:00 ',
'/sbin/getty 38400 tty3',),
(
'root ', '2109', ' 0.0', ' 0.0', ' 1764', ' 504', ' tty4 ', 'Ss+ ', 'Nov06',
' 0:00 ',
'/sbin/getty 38400 tty4',),
(
'root ', '2110', ' 0.0', ' 0.0', ' 1764', ' 504', ' tty5 ', 'Ss+ ', 'Nov06',
' 0:00 ',
'/sbin/getty 38400 tty5',),
(
'root ', '2112', ' 0.0', ' 0.0', ' 1764', ' 508', ' tty6 ', 'Ss+ ', 'Nov06',
' 0:00 ',
'/sbin/getty 38400 tty6',),
(
'root ', '2133', ' 0.0', ' 0.1', ' 2180', ' 620', ' ? ', 'S<s ', 'Nov06',
' 0:00 ',
'dhclient3 -pf /var/run/dhclient.eth0.pid -lf /var/lib/dhcp3/dhclien',),
(
'root ', '4969', ' 0.0', ' 0.1', ' 5416', ' 1024', ' ? ', 'Ss ', 'Nov08',
' 0:00 ',
'/usr/sbin/sshd: %s@pts/0' % user,),
('%s'.ljust(8) % user, '5673', ' 0.0', ' 0.2', ' 2924', ' 1540', ' pts/0 ', 'Ss ', '04:30',
' 0:00 ', '-bash',),
('%s'.ljust(8) % user, '5679', ' 0.0', ' 0.1', ' 2432', ' 928', ' pts/0 ', 'R+ ', '04:32',
' 0:00 ', 'ps %s' % ' '.join(self.args),)
)
output = output_array
for i in range(len(output)):
if i != 0:
if 'a' not in args and output[i][_user].strip() != user:
@ -311,6 +478,8 @@ class command_ps(HoneyPotCommand):
if 'w' not in args:
s = s[:80]
self.write('{0}\n'.format(s))
commands['/bin/ps'] = command_ps

1
cowrie/shell/process.py Normal file
View File

@ -0,0 +1 @@

23
cowrie/shell/server.py
View File

@ -34,6 +34,8 @@ from __future__ import division, absolute_import
import copy
import random
import json
from configparser import NoOptionError
import twisted.python.log as log
@ -51,10 +53,12 @@ class CowrieServer(object):
This class represents a 'virtual server' that can be shared between
multiple Cowrie connections
"""
fs = None
process = None
avatars = []
def __init__(self, realm):
self.avatars = []
self.hostname = CONFIG.get('honeypot', 'hostname')
self.fs = None
try:
self.arch = random.choice(CONFIG.get('shell', 'arch').split(','))
@ -63,9 +67,24 @@ class CowrieServer(object):
self.arch = 'linux-x64-lsb'
log.msg("Initialized emulated server as architecture: {}".format(self.arch))
def getCommandOutput(self, file):
"""
Reads process output from JSON file.
"""
with open(file) as f:
cmdoutput = json.load(f)
return cmdoutput
def initFileSystem(self):
"""
Do this so we can trigger it later. Not all sessions need file system
"""
self.fs = fs.HoneyPotFilesystem(copy.deepcopy(fs.PICKLE), self.arch)
try:
self.process = self.getCommandOutput(CONFIG.get('process', 'file'))['command']['ps']
except NoOptionError:
self.process = None

2
cowrie/test/fake_server.py
View File

@ -23,7 +23,7 @@ class FakeServer:
self.pckl = pickle.load(
open(CONFIG.get('honeypot', 'filesystem_file'), 'rb'))
self.fs = fs.HoneyPotFilesystem(copy.deepcopy(self.pckl), 'arch')
self.process = None
class FakeAvatar:
"""