Rooba
/
cowrie
mirror of https://github.com/cowrie/cowrie.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update docs/readme with new var paths

This commit is contained in:
Michel Oosterhof 2018-08-25 03:25:29 +04:00
parent e681fe7c97
commit fbb82502b2
2 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
INSTALL.md
View File

@ -184,7 +184,7 @@ Update the bin/cowrie script, change:
## Configure Additional Output Plugins (OPTIONAL)
Cowrie automatically outputs event data to text and JSON log files
in ~/cowrie/log. Additional output plugins can be configured to
in `var/log/cowrie`. Additional output plugins can be configured to
record the data other ways. Supported output plugins include:
* Cuckoo
@ -194,7 +194,7 @@ record the data other ways. Supported output plugins include:
* Splunk
* SQL (MySQL, SQLite3, RethinkDB)
See ~/cowrie/doc/[Output Plugin]/README.md for details.
See ~/cowrie/docs/[Output Plugin]/README.md for details.
## Troubleshooting

12
README.md
View File

@ -28,7 +28,7 @@ Some interesting features:
* Possibility of adding fake file contents so the attacker can `cat` files such as `/etc/passwd`. Only minimal file contents are included
* Session logs are stored in an [UML Compatible](http://user-mode-linux.sourceforge.net/) format for easy replay with original timings with the `bin/playlog` utility.
* Cowrie saves files downloaded with wget/curl or uploaded with SFTP and scp for later inspection
log
Additional functionality over standard kippo:
* SFTP and SCP support for file upload
@ -56,15 +56,15 @@ For Python dependencies, see requirements.txt
## Files of interest:
* `cowrie.cfg` - Cowrie's configuration file. Default values can be found in `etc/cowrie.cfg.dist`
* `data/fs.pickle` - fake filesystem
* `share/cowrie/fs.pickle` - fake filesystem
* `data/userdb.txt` - credentials allowed or disallowed to access the honeypot
* `dl/` - files transferred from the attacker to the honeypot are stored here
* `honeyfs/` - file contents for the fake filesystem - feel free to copy a real system here or use `bin/fsctl`
* `honeyfs/etc/issue.net` - pre-login banner
* `honeyfs/etc/motd` - post-login banner
* `log/cowrie.json` - transaction output in JSON format
* `log/cowrie.log` - log/debug output
* `log/tty/*.log` - session logs
* `var/log/cowrie/cowrie.json` - transaction output in JSON format
* `var/log/cowrie/cowrie.log` - log/debug output
* `var/lib/cowrie/tty/` - session logs, replayable with the `bin/playlog` utility.
* `var/lib/cowrie/downloads/` - files transferred from the attacker to the honeypot are stored here
* `txtcmds/` - file contents for the fake commands
* `bin/createfs` - used to create the fake filesystem
* `bin/playlog` - utility to replay session logs