diff options
-rw-r--r-- | .SRCINFO | 22 | ||||
-rw-r--r-- | INSTALL | 4 | ||||
-rw-r--r-- | PKGBUILD | 48 | ||||
-rw-r--r-- | cowrie.install | 26 | ||||
-rw-r--r-- | cowrie.service | 14 |
5 files changed, 114 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..e37f940b75ec --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,22 @@ +pkgbase = cowrie + pkgdesc = A medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker + pkgver = 1.0.0_alpha + pkgrel = 1 + url = https://github.com/micheloosterhof/cowrie.git + install = cowrie.install + arch = any + license = BSD + depends = twisted + depends = pycrypto + depends = zope-interface + depends = python2-pyasn1 + backup = etc/cowrie.cfg + source = cowrie-1.0.0_alpha.tar.gz::https://github.com/micheloosterhof/cowrie/archive/v1.0.0-alpha.tar.gz + source = cowrie.service + source = INSTALL + sha512sums = 0ffcb55906d30869f551676fbdded32d5de50519107f9e1e2be27c8a8914b887af4070c470abee5018b1edb815c604b1961a5598ab1d9b61764034bcf191995b + sha512sums = 106618a2c73d5f1f2ad75997e693f6ff4e903644a6be0dc59e85f72ae81f583927b2f079823c3379a8796e03fd542f497d2cc9405dc5d0d20d6caeb9dc88abed + sha512sums = a80dc0e9ec922c795af13ec85fc4e3414481a0d7ae14d9f17e29ade2a118010c1d69d474fe38c7e648d69b07ff09144efe97183e8a64ccf8165ec3a767a18ce2 + +pkgname = cowrie + diff --git a/INSTALL b/INSTALL new file mode 100644 index 000000000000..5ef9856ca847 --- /dev/null +++ b/INSTALL @@ -0,0 +1,4 @@ +By default, cowrie runs on port 2222. Do not try to run it on port 22. +Instead, use something like + iptables -t nat -A PREROUTING -i enp0s1 -p tcp --dport 22 -j REDIRECT --to-port 2222 +to make it reachable on port 22. diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..09798ad201a9 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,48 @@ +# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org> + +pkgname=cowrie +pkgver=1.0.0_alpha +_pkgver=${pkgver/_/-} +pkgrel=1 +pkgdesc="A medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker" +url="https://github.com/micheloosterhof/cowrie.git" +arch=('any') +license=('BSD') +depends=('twisted' 'pycrypto' 'zope-interface' 'python2-pyasn1') +backup=('etc/cowrie.cfg') +install=cowrie.install +source=(${pkgname}-${pkgver}.tar.gz::https://github.com/micheloosterhof/${pkgname}/archive/v${_pkgver}.tar.gz + cowrie.service + INSTALL) +sha512sums=('0ffcb55906d30869f551676fbdded32d5de50519107f9e1e2be27c8a8914b887af4070c470abee5018b1edb815c604b1961a5598ab1d9b61764034bcf191995b' + '106618a2c73d5f1f2ad75997e693f6ff4e903644a6be0dc59e85f72ae81f583927b2f079823c3379a8796e03fd542f497d2cc9405dc5d0d20d6caeb9dc88abed' + 'a80dc0e9ec922c795af13ec85fc4e3414481a0d7ae14d9f17e29ade2a118010c1d69d474fe38c7e648d69b07ff09144efe97183e8a64ccf8165ec3a767a18ce2') + +prepare() { + cd ${pkgname}-${_pkgver} + sed -e 's|env python$|env python2|g' -i utils/*.py + sed -e 's|/usr/bin/python$|/usr/bin/python2|g' -i utils/fsctl.py +} + +build() { + cd ${pkgname}-${_pkgver} + python2 -m compileall . + python2 -O -m compileall . +} + +package() { + cd ${pkgname}-${_pkgver} + + install -Dm 644 cowrie.cfg.dist "${pkgdir}/etc/cowrie.cfg" + install -Dm 644 "${srcdir}/cowrie.service" "${pkgdir}/usr/lib/systemd/system/cowrie.service" + + find . -type f -not \( -name cowrie.cfg.dist -o -name start.sh -o -name stop.sh \ + -o -name '.git*' -o -path './.git/*' \) \ + -exec install -Dm 644 {} "${pkgdir}/opt/cowrie/{}" \; + + install -Dm 644 doc/COPYRIGHT "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" + install -Dm 644 README.md "${pkgdir}/usr/share/doc/${pkgname}/README" + install -Dm 644 "${srcdir}/INSTALL" "${pkgdir}/usr/share/doc/${pkgname}/INSTALL" +} + +# vim: ts=2 sw=2 et: diff --git a/cowrie.install b/cowrie.install new file mode 100644 index 000000000000..590632a835bc --- /dev/null +++ b/cowrie.install @@ -0,0 +1,26 @@ +post_install() { + getent group cowrie > /dev/null || groupadd cowrie + getent passwd cowrie > /dev/null || \ + useradd -d /opt/cowrie -g cowrie -s /bin/nologin cowrie + + mkdir -p /opt/cowrie/log/tty /opt/cowrie/dl + chown -R cowrie:cowrie /opt/cowrie + + cat /usr/share/doc/cowrie/INSTALL +} + +post_upgrade() { + post_install +} + +pre_remove() { + if [[ -f /opt/cowrie/cowrie.pid ]]; then + systemctl stop cowrie + fi +} + +post_remove() { + userdel cowrie +} + +# vim: ts=2 sw=2 et: diff --git a/cowrie.service b/cowrie.service new file mode 100644 index 000000000000..0c5fc91ad447 --- /dev/null +++ b/cowrie.service @@ -0,0 +1,14 @@ +[Unit] +Description=Cowrie Honey Pot +After=network.target + +[Service] +Type=forking +User=cowrie +Group=cowrie +WorkingDirectory=/opt/cowrie +PIDFile=/opt/cowrie/cowrie.pid +ExecStart=/usr/bin/twistd -l log/cowrie.log --pidfile cowrie.pid cowrie + +[Install] +WantedBy=multi-user.target |