* remove debug version check statement
* uncomment all output plugins, but leave them in disabled state. This way they can be configured with environment variables
* Added section for AbuseIPDB plugin
* Create abuseipdb.py
* replace abuseipdb instructions with reference to its pull request page on github
Co-authored-by: -8 <57877722+hyfn8@users.noreply.github.com>
* add credentials and https support in elasticsearch output
* add new options (creds + https) for elasticsearch output
* change default document type in elasticsearch output, add some extra infos
* add index checking in es output
* add geoip mapping in es output
* add function to setup geoip pipeline in es output
Co-authored-by: Alban Siffer <alban.siffer@irisa.fr>
* Introduce MISP output plugin
* Add cfg dist settings
* Remove non-needed test code
* Rename misp output class and add final newline to config
* Introduce compatibility to Python 2 and 3
* Update new event text
* Adjust for latest PyMISP API changes and introduce debug
As the PyMISP API deprecated the upload_sample method, we now need to do this manually.
Also, a settings switch for debug output was introduced.
* Add requirements compat for 2 and 3 and introduce publish switch
* Linting and code style update
* add pool configs
* add pool interface from proxy branch
* add support for pool initialisation in plugin
* add pool to telnet
* backend pool as service
* move libvirt backend to own dir
* add NAT settings
* add guest backend config
* check for telnet in nmap if ssh is disabled
* add pool periodic cleanup
* add developer guide for backend pool
* add proxy documentation
* add backend pool docs
* docs on XML configs
* add method to check guest connectivity
* add telnet exec class
* update circle deps
* add tox libvirt dep
The data_path has changed to etc/. I'm not really happy with this but
I didn't had a better idea since we allow configs to be in ., etc/ and
/etc. Maybe we wanna changes this behaviour when we have a stable docker
release.
If the userdb.txt is not found Cowrie will load a default list.
The parser is now also a bit less error prone when parsing this file.
* Adding /etc/cowrie/cowrie.cfg to possible configurations
We want also to look for /etc/cowrie/cowrie.cfg as a possible
configuration.
* Write ssh host keys into /var/lib/cowrie
Dynamical data should be written into /var/lib/cowrie.
I know that OpenSSH is doing this but we are not OpenSSH and we should
have only stuff written below /var.
So /var/log/cowrie and /var/lib/cowrie.
* Moving log and dl below var/, cleanup old folders
This helps keeping the writes of the daemon in one place and makes it
easier later when building a cowrie package.
Old paths have been removed from the repository to keep it clean.
* Fixing wrong log path
Path should be var/log/cowrie not var/log
* Fixing json output
The json output was not configured to use the default log path. This has
been fixed now.
* Change order of config reads
According to @micheloosterhof there is an order of precedence here.
onlyvae