mirror of https://github.com/cowrie/cowrie.git
Michel Oosterhof
GitHub
parent
a3202006df
commit
bb81bcb403
|
|
@ -0,0 +1,5 @@
|
|||
.direnv
|
||||
.tox
|
||||
.git
|
||||
.github
|
||||
.eggs
|
||||
105
Makefile
105
Makefile
|
|
@ -1,8 +1,14 @@
|
|||
# This `Makefile` is intended for Cowrie developers.
|
||||
|
||||
|
||||
# Dummy target `all`
|
||||
.DEFAULT_GOAL := help
|
||||
.PHONY: all
|
||||
all:
|
||||
all: help
|
||||
@echo $(COMMIT)--
|
||||
|
||||
help:
|
||||
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
|
||||
|
||||
.PHONY: test
|
||||
test:
|
||||
|
|
@ -13,37 +19,38 @@ build:
|
|||
python setup.py build sdist bdist
|
||||
|
||||
.PHONY: docs
|
||||
docs:
|
||||
docs: ## Create documentation
|
||||
make -C docs html
|
||||
|
||||
.PHONY: lint
|
||||
lint:
|
||||
lint: ## Run lint checks
|
||||
tox -e lint
|
||||
hadolint docker/Dockerfile
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
clean: ## Clean temporary files
|
||||
rm -rf _trial_temp build dist src/_trial_temp src/Cowrie.egg-info
|
||||
make -C docs clean
|
||||
|
||||
.PHONY: pre-commit
|
||||
pre-commit:
|
||||
pre-commit: ## Run pre-commit checks
|
||||
pre-commit run --all-files
|
||||
|
||||
.PHONY: pip-upgrade
|
||||
pip-upgrade:
|
||||
pip-upgrade: ## Upgrade environment from requirements.txt
|
||||
pip install --upgrade -r requirements.txt
|
||||
|
||||
.PHONY: pip-check
|
||||
pip-check:
|
||||
pip-check: ## Verify python packages
|
||||
pip check
|
||||
|
||||
# This assumes two remotes, one is `origin`, your fork. The second is `cowrie` the main project
|
||||
.PHONY: git-remote
|
||||
git-remote:
|
||||
git-remote: ## Add remote git configuration
|
||||
git remote add cowrie https://github.com/cowrie/cowrie
|
||||
|
||||
.PHONY: dependency-upgrade
|
||||
dependency-upgrade:
|
||||
.PHONY: pur
|
||||
pip-pur: ## Upgrade dependencies based on latest packages
|
||||
git checkout master
|
||||
-git branch -D "dependency-upgrade-`date -u +%Y-%m-%d`"
|
||||
git checkout -b "dependency-upgrade-`date -u +%Y-%m-%d`"
|
||||
|
|
@ -51,3 +58,81 @@ dependency-upgrade:
|
|||
pur -r requirements-dev.txt
|
||||
pur -r requirements-output.txt
|
||||
git commit -m "dependency upgrade `date -u`" requirements*.txt
|
||||
# This Makefile is for developers and is not required to run Cowrie
|
||||
|
||||
# The binary to build (just the basename).
|
||||
MODULE := cowrie
|
||||
|
||||
# Where to push the docker image.
|
||||
#REGISTRY ?= docker.pkg.github.com/cowrie/cowrie
|
||||
REGISTRY ?= cowrie
|
||||
|
||||
IMAGE := $(REGISTRY)/$(MODULE)
|
||||
|
||||
IMAGENAME := cowrie/cowrie
|
||||
CONTAINERNAME := cowrie
|
||||
|
||||
BUILD_DATE = $(shell date -u +'%Y-%m-%dT%H:%M:%SZ')
|
||||
TAG=$(shell git rev-parse --short=8 HEAD)
|
||||
|
||||
.PHONY: docker-build
|
||||
docker-build: docker/Dockerfile ## Build Docker image
|
||||
#docker build -t ${IMAGENAME}:${TAG} --no-cache --build-arg TAG=${TAG} --build-arg BUILD_DATE=${BUILD_DATE} -f docker/Dockerfile .
|
||||
docker build -t ${IMAGENAME}:${TAG} --build-arg BUILD_DATE=${BUILD_DATE} -f docker/Dockerfile .
|
||||
|
||||
.PHONY: docker-run
|
||||
docker-run: docker-start ## Run Docker container
|
||||
|
||||
.PHONY: docker-push
|
||||
docker-push: docker-build ## Push Docker image to Docker Hub
|
||||
@echo "Pushing image to GitHub Docker Registry...\n"
|
||||
docker push $(IMAGE):$(TAG)
|
||||
docker tag $(IMAGE):$(TAG) $(IMAGE):latest
|
||||
docker push $(IMAGE):latest
|
||||
|
||||
.PHONY: docker-start
|
||||
docker-start: docker-create-volumes ## Start Docker container
|
||||
docker run -p 2222:2222/tcp \
|
||||
-p 2223:2223/tcp \
|
||||
-v cowrie-etc:/cowrie/cowrie-git/etc \
|
||||
-v cowrie-var:/cowrie/cowrie-git/var \
|
||||
-d \
|
||||
--cap-drop=ALL \
|
||||
--read-only \
|
||||
--name ${CONTAINERNAME} ${IMAGENAME}:${TAG}
|
||||
|
||||
.PHONY: docker-stop
|
||||
docker-stop: ## Stop Docker Container
|
||||
docker stop ${CONTAINERNAME}
|
||||
|
||||
.PHONY: docker-rm
|
||||
docker-rm: docker-stop ## Delete Docker Container
|
||||
docker rm ${CONTAINERNAME}
|
||||
|
||||
.PHONY: docker-clean
|
||||
docker-clean: docker-rm ## Clean
|
||||
docker rmi ${IMAGENAME}:${TAG}
|
||||
|
||||
.PHONY: docker-shell
|
||||
docker-shell: ## Start shell in running Docker container
|
||||
@docker exec -it ${CONTAINERNAME} bash
|
||||
|
||||
.PHONY: docker-logs
|
||||
docker-logs: ## Show Docker container logs
|
||||
@docker logs ${CONTAINERNAME}
|
||||
|
||||
.PHONY: docker-ps
|
||||
docker-ps:
|
||||
@docker ps -f name=${CONTAINERNAME}
|
||||
|
||||
.PHONY: docker-status
|
||||
docker-status: docker-ps ## List running Docker containers
|
||||
|
||||
.PHONY: docker-ip
|
||||
docker-ip: ## List IP of running Docker container
|
||||
@docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${CONTAINERNAME}
|
||||
|
||||
.PHONY: docker-create-volumes
|
||||
docker-create-volumes:
|
||||
docker volume create cowrie-var
|
||||
docker volume create cowrie-etc
|
||||
|
|
|
|||
|
|
@ -0,0 +1,121 @@
|
|||
# This Dockerfile contains two images, `builder` and `runtime`.
|
||||
# `builder` contains all necessary code to build
|
||||
# `runtime` is stripped down.
|
||||
|
||||
ARG ARCH=
|
||||
ARG BUILD_DATE
|
||||
ARG TAG
|
||||
FROM ${ARCH}debian:bullseye-slim as builder
|
||||
|
||||
WORKDIR /
|
||||
|
||||
# This is a temporary workaround, see https://github.com/cowrie/docker-cowrie/issues/26
|
||||
ENV CRYPTOGRAPHY_DONT_BUILD_RUST=1
|
||||
|
||||
ENV COWRIE_GROUP=cowrie \
|
||||
COWRIE_USER=cowrie \
|
||||
COWRIE_HOME=/cowrie
|
||||
|
||||
# Set locale to UTF-8, otherwise upstream libraries have bytes/string conversion issues
|
||||
ENV LC_ALL=en_US.UTF-8 \
|
||||
LANG=en_US.UTF-8 \
|
||||
LANGUAGE=en_US.UTF-8
|
||||
|
||||
RUN groupadd -r ${COWRIE_GROUP} && \
|
||||
useradd -r -d ${COWRIE_HOME} -m -g ${COWRIE_GROUP} ${COWRIE_USER}
|
||||
|
||||
# Set up Debian prereqs
|
||||
RUN export DEBIAN_FRONTEND=noninteractive; \
|
||||
apt-get update && \
|
||||
apt-get install -y \
|
||||
-o APT::Install-Suggests=false \
|
||||
-o APT::Install-Recommends=false \
|
||||
python3-pip \
|
||||
ca-certificates \
|
||||
libffi-dev \
|
||||
libssl-dev \
|
||||
python3-dev \
|
||||
python3-venv \
|
||||
python3 \
|
||||
rustc \
|
||||
cargo \
|
||||
git \
|
||||
build-essential \
|
||||
python3-virtualenv \
|
||||
libsnappy-dev && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
USER ${COWRIE_USER}
|
||||
WORKDIR ${COWRIE_HOME}
|
||||
|
||||
# Copy requirements first to use Docker caching better
|
||||
RUN mkdir -p ${COWRIE_HOME}/cowrie-git
|
||||
COPY --chown=${COWRIE_USER}:${COWRIE_GROUP} requirements.txt requirements-output.txt ${COWRIE_HOME}/cowrie-git
|
||||
|
||||
RUN python3 -m venv cowrie-env && \
|
||||
. cowrie-env/bin/activate && \
|
||||
pip install --no-cache-dir --upgrade pip wheel setuptools && \
|
||||
pip install --no-cache-dir --upgrade cffi && \
|
||||
pip install --no-cache-dir --upgrade -r ${COWRIE_HOME}/cowrie-git/requirements.txt && \
|
||||
pip install --no-cache-dir --upgrade -r ${COWRIE_HOME}/cowrie-git/requirements-output.txt
|
||||
|
||||
COPY --chown=${COWRIE_USER}:${COWRIE_GROUP} . ${COWRIE_HOME}/cowrie-git
|
||||
|
||||
|
||||
FROM gcr.io/distroless/python3-debian11 AS runtime
|
||||
#FROM gcr.io/distroless/python3-debian11:debug AS runtime
|
||||
|
||||
LABEL org.opencontainers.image.created="${BUILD_DATE}"
|
||||
LABEL org.opencontainers.image.authors="Michel Oosterhof <michel@oosterhof.net>"
|
||||
LABEL org.opencontainers.image.url="https://cowrie.org/"
|
||||
LABEL org.opencontainers.image.documentation="https://cowrie.readthedocs.io"
|
||||
LABEL org.opencontainers.image.source="https://github.com/cowrie/docker-cowrie"
|
||||
LABEL org.opencontainers.image.version="${TAG}"
|
||||
LABEL org.opencontainers.image.revision="Source control revision identifier for the packaged software."
|
||||
LABEL org.opencontainers.image.vendor="Cowrie"
|
||||
LABEL org.opencontainers.image.licenses="BSD-3-Clause"
|
||||
LABEL org.opencontainers.image.ref.name="${TAG}"
|
||||
LABEL org.opencontainers.image.title="Cowrie SSH/Telnet Honeypot"
|
||||
LABEL org.opencontainers.image.description="Cowrie SSH/Telnet Honeypot"
|
||||
#LABEL org.opencontainers.image.base.digest="7beb0248fd81"
|
||||
LABEL org.opencontainers.image.base.name="gcr.io/distroless/python3-debian11"
|
||||
|
||||
ENV COWRIE_GROUP=cowrie \
|
||||
COWRIE_USER=cowrie \
|
||||
COWRIE_HOME=/cowrie
|
||||
|
||||
#RUN groupadd -r ${COWRIE_GROUP} && \
|
||||
# useradd -r -d ${COWRIE_HOME} -m -g ${COWRIE_GROUP} ${COWRIE_USER}
|
||||
COPY --from=builder --chown=0:0 /etc/passwd /etc/passwd
|
||||
|
||||
#RUN export DEBIAN_FRONTEND=noninteractive; \
|
||||
# apt-get update && \
|
||||
# apt-get install -y \
|
||||
# -o APT::Install-Suggests=false \
|
||||
# -o APT::Install-Recommends=false \
|
||||
# libssl1.1 \
|
||||
# ca-certificates \
|
||||
# libffi7 \
|
||||
# procps \
|
||||
# python3 \
|
||||
# python3-distutils && \
|
||||
# rm -rf /var/lib/apt/lists/* && \
|
||||
# ln -s /usr/bin/python3 /usr/local/bin/python
|
||||
|
||||
COPY --from=builder --chown=${COWRIE_USER}:${COWRIE_GROUP} ${COWRIE_HOME} ${COWRIE_HOME}
|
||||
|
||||
RUN python3 -m compileall ${COWRIE_HOME} /usr/lib/python3.9
|
||||
|
||||
VOLUME [ "/cowrie/cowrie-git/var", "/cowrie/cowrie-git/etc" ]
|
||||
|
||||
USER ${COWRIE_USER}
|
||||
WORKDIR ${COWRIE_HOME}/cowrie-git
|
||||
|
||||
ENV PATH=${COWRIE_HOME}/cowrie-env/bin:${PATH}
|
||||
ENV PYTHONPATH=${COWRIE_HOME}/cowrie-git/src
|
||||
ENV PYTHONUNBUFFERED=1
|
||||
|
||||
ENTRYPOINT [ "/cowrie/cowrie-env/bin/python3" ]
|
||||
CMD [ "/cowrie/cowrie-env/bin/twistd", "-n", "--umask=0022", "--pidfile=", "cowrie" ]
|
||||
|
||||
EXPOSE 2222 2223
|
||||
Loading…
Reference in New Issue