We’ll check to make sure that everything downloaded correctly by listing the contents of the home directory by entering ls. We’re now in the home directory of user “cowrie” where we’ll install the honeypot.Įnter the following command to pull the code out of the Github repository and create a new directory called cowrie that we’ll use to configure and start the honeypot. Now, we’ll switch to our new non root user, “cowrie”: We now need to make preparations to have Cowrie listen on port 22, where ssh attacks will occur. The rest of the user information can be left blank. We’ll need to restart the SSH server by entering:Ĭowrie cannot be run as root, so we’ll add a non root user (user “cowrie” in this example), and give the user a password. Change it in the file, so it looks like this: We’ll need to change the port that we will use to administer the server after Cowrie is installed and running. This configuration is done in /etc/ssh/sshd_config: We need to change the port that we will use to administer the server, as we will later configure Cowrie to listen for ssh attacks on port 22. Once you’re logged in, it’s good practice to initiate updates:Īpt-get install git python-dev python-openssl openssh-server python-pyasn1 python-twisted authbind You can run a honeypot from home, but that can get complicated and I’m not going to show you how to do it. If you prefer vi, emacs, gedit etc., knock yourself out. It begins with you connected via ssh to a fresh VPS instance with your hostname configured. Have I missed anything? Maybe.įor the purposes of this post, Cowrie was installed on an Ubuntu 14.04 768MB Vultr VPS (affiliate link, I earn account credit) and it assumes that you are familiar with the basic idea of what a honeypot is. Have the steps below been tested on a live server? Yes. Is this the only way to configure and deploy Cowrie? No. This post is intended to describe the steps to configure and deploy a Cowrie base install. I encourage you to visit the Cowrie repository on Github in the meantime to read about all that it can do. The functionality of Cowrie extends far beyond what is described here, and will be the subject of future blog posts. It creates a “fake” server that will be used to lure attackers to attempt access. Cowrie is a medium interaction honeypot written by Michel Oosterhof that is designed to not only log bruteforce attempts against an ssh server, but to “record” the entire shell session of an attacker.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |