Rooba
/
cowrie
mirror of https://github.com/cowrie/cowrie.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cowrie/docs/kippo-graph
History
Michel Oosterhof ec69913a5d
7may (#1558) 
* restructure documentation headings
* add output eventid reference guide 
* rename all classes with capitals
* more typing
 		2021-05-09 00:45:12 +08:00
..
README.rst 7may (#1558) 2021-05-09 00:45:12 +08:00

README.rst 

How to send Cowrie output to kippo-graph
########################################

Kippo-Graph Prerequisites
=========================

* Working Cowrie installation
* LAMP stack (Linux, Apache, MySQL, PHP)

Kippo-Graph Installation
========================

This covers a simple installation, with kippo-graph and Cowrie on the same server.
Please see here for installation: https://github.com/ikoniaris/kippo-graph

MySQL configuration for Kippo-Graph
===================================

Configuring Cowrie requires setting up the SQL tables and then telling Cowrie to use them.

To install the tables and create the Cowrie user account enter the following commands::

    $ mysql -u root -p
    CREATE DATABASE cowrie;
    GRANT ALL ON cowrie.* TO 'cowrie'@'localhost' IDENTIFIED BY 'PASSWORD HERE';
    FLUSH PRIVILEGES;
    exit

Next create the database schema::

    $ cd /opt/cowrie/
    $ mysql -u cowrie -p
    USE cowrie;
    source ./docs/sql/mysql.sql;
    exit

disable MySQL strict mode::

    $ vi /etc/mysql/conf.d/disable_strict_mode.cnf

    [mysqld]
    sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

Cowrie Configuration for Kippo-Graph
====================================

Edit cowrie.cfg::

    $ vi etc/cowrie.cfg

Activate output to mysql::

    [output_mysql]
    host = localhost
    database = cowrie
    username = cowrie
    password = PASSWORD HERE
    port = 3306
    debug = false

Set read access to tty-files for group www-data (group maybe differ on other distributions)::

    $ sudo apt-get install acl
    $ sudo setfacl -Rm g:www-data:rx /opt/cowrie/var/lib/cowrie/tty/

Kippo-Graph Configuration
=========================

Edit config file::

    $ vi /var/www/html/kippo-graph/config.php

Change db settings::

    define('DB_HOST', 'localhost');
    define('DB_USER', 'cowrie');
    define('DB_PASS', 'PASSWORD HERE');
    define('DB_NAME', 'cowrie');
    define('DB_PORT', '3306');

Apache2 configuration (optional)
================================

To secure the installation

Create password database::

    $ cd /etc/apache2/
    $ htpasswd -c /etc/apache2/cowrie.passwd <username>
    $ htpasswd /etc/apache2/cowrie.passwd <username> (second user)


    $ vi /etc/apache2/sites-enabled/000-default.conf

Between the <VirtualHost> </VirtualHost> tags, add::

    <Location />
        AuthBasicAuthoritative On
        AllowOverride AuthConfig

        AuthType Basic
        AuthName "cowrie honeypot"
        AuthUserFile /etc/apache2/cowrie.passwd
        Require valid-user
    </Location>