How to process Cowrie output in kippo-graph
#############################################

(Note: work in progress, instructions are not verified)
Tested on Debian 9.


Prerequisites
****************

* Working Cowrie installation
* LAMP stack (Linux, Apache, MySQL, PHP)

Installation
****************

This covers a simple installation, with kippo-graph and Cowrie on the same server.
Please see here for installation: https://github.com/ikoniaris/kippo-graph


MySQL configuration
***********************

Configuring Cowrie requires setting up the SQL tables and then telling Cowrie to use them.

To install the tables and create the Cowrie user account enter the following commands::

    mysql -u root -p
    CREATE DATABASE cowrie;
    GRANT ALL ON cowrie.* TO 'cowrie'@'localhost' IDENTIFIED BY 'PASSWORD HERE';
    FLUSH PRIVILEGES;
    exit

Next create the database schema::

    cd /opt/cowrie/
    mysql -u cowrie -p
    USE cowrie;
    source ./docs/sql/mysql.sql;
    exit

disable MySQL strict mode::

    vi /etc/mysql/conf.d/disable_strict_mode.cnf

    [mysqld]
    sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

Cowrie configuration
************************

Edit cowrie.cfg::

    vi /opt/cowrie/cowrie.cfg

Activate output to mysql::

    [output_mysql]
    host = localhost
    database = cowrie
    username = cowrie
    password = PASSWORD HERE
    port = 3306
    debug = false

Set read access to tty-files for group www-data (group maybe differ on other distributions)::

    sudo apt-get install acl
    sudo setfacl -Rm g:www-data:rx /opt/cowrie/var/lib/cowrie/tty/

kippo-graph Configuration
****************************


Edit config file::

    vi /var/www/html/kippo-graph/config.php

Change db settings::

    define('DB_HOST', 'localhost');
    define('DB_USER', 'cowrie');
    define('DB_PASS', 'PASSWORD HERE');
    define('DB_NAME', 'cowrie');
    define('DB_PORT', '3306');

Apache2 configuration (optional)
************************************

To secure the installation

Create password database::

    cd /etc/apache2/
    htpasswd -c /etc/apache2/cowrie.passwd <username>
    htpasswd /etc/apache2/cowrie.passwd <username> (second user)


    vi /etc/apache2/sites-enabled/000-default.conf

Between the <VirtualHost> </VirtualHost> tags, add::

    <Location />
        AuthBasicAuthoritative On
        AllowOverride AuthConfig

        AuthType Basic
        AuthName "cowrie honeypot"
        AuthUserFile /etc/apache2/cowrie.passwd
        Require valid-user
    </Location>