diff --git a/src/cowrie/commands/curl.py b/src/cowrie/commands/curl.py index 0c90a2cc..f4c185db 100644 --- a/src/cowrie/commands/curl.py +++ b/src/cowrie/commands/curl.py @@ -296,13 +296,15 @@ Options: (H) means HTTP/HTTPS only, (F) means FTP only # If we have content already, delete temp file if not os.path.exists(hashPath): os.rename(self.safeoutfile, hashPath) + duplicate = False else: os.remove(self.safeoutfile) - log.msg("Not storing duplicate content " + shasum) + duplicate = True self.protocol.logDispatch(eventid='cowrie.session.file_download', format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s', url=self.url, + duplicate=duplicate, outfile=hashPath, shasum=shasum, destfile=self.safeoutfile) diff --git a/src/cowrie/commands/scp.py b/src/cowrie/commands/scp.py index f3f984a2..01b1d52d 100644 --- a/src/cowrie/commands/scp.py +++ b/src/cowrie/commands/scp.py @@ -121,13 +121,15 @@ class command_scp(HoneyPotCommand): # If we have content already, delete temp file if not os.path.exists(hash_path): os.rename(self.safeoutfile, hash_path) + duplicate = False else: os.remove(self.safeoutfile) - log.msg("Not storing duplicate content " + shasum) + duplicate = True log.msg(format='SCP Uploaded file \"%(filename)s\" to %(outfile)s', eventid='cowrie.session.file_upload', filename=os.path.basename(fname), + duplicate=duplicate, url=fname, outfile=shasum, shasum=shasum, diff --git a/src/cowrie/insults/insults.py b/src/cowrie/insults/insults.py index 81d2c1ed..50f511b9 100644 --- a/src/cowrie/insults/insults.py +++ b/src/cowrie/insults/insults.py @@ -128,13 +128,15 @@ class LoggingServerProtocol(insults.ServerProtocol): shasumfile = os.path.join(self.downloadPath, shasum) if os.path.exists(shasumfile): os.remove(self.stdinlogFile) - log.msg("Duplicate stdin content {}".format(shasum)) + duplicate = True else: os.rename(self.stdinlogFile, shasumfile) + duplicate = False log.msg(eventid='cowrie.session.file_download', format='Saved stdin contents with SHA-256 %(shasum)s to %(outfile)s', url='stdin', + duplicate=duplicate, outfile=shasumfile, shasum=shasum, destfile='') @@ -166,12 +168,14 @@ class LoggingServerProtocol(insults.ServerProtocol): shasumfile = os.path.join(self.downloadPath, shasum) if os.path.exists(shasumfile): os.remove(rf) - log.msg("Duplicate redir content with hash {}".format(shasum)) + duplicate = True else: os.rename(rf, shasumfile) + duplicate = False log.msg(eventid='cowrie.session.file_download', format='Saved redir contents with SHA-256 %(shasum)s to %(outfile)s', url=url, + duplicate=duplicate, outfile=shasumfile, shasum=shasum, destfile=url) @@ -186,9 +190,10 @@ class LoggingServerProtocol(insults.ServerProtocol): shasumfile = os.path.join(self.ttylogPath, shasum) if os.path.exists(shasumfile): - log.msg("Duplicate TTY log with hash {}".format(shasum)) + duplicate = True os.remove(self.ttylogFile) else: + duplicate = False os.rename(self.ttylogFile, shasumfile) umask = os.umask(0) os.umask(umask) @@ -199,6 +204,7 @@ class LoggingServerProtocol(insults.ServerProtocol): ttylog=shasumfile, size=self.ttylogSize, shasum=shasum, + duplicate=duplicate, duration=time.time() - self.startTime) insults.ServerProtocol.connectionLost(self, reason)