dockerfiles/cowrie/README.md

cowrie
======

[`Cowrie`][1] is a medium interaction SSH honeypot designed to log brute force attacks
and, most importantly, the entire shell interaction performed by the attacker.

`Cowrie` is directly based on [`Kippo`][2] by Upi Tamminen (desaster).

## docker-compose.yml

```
cowrie:
  image: vimagick/cowrie
  ports:
    - "2222:2222"
  volumes:
    - log:/home/cowrie/log
  restart: always
```

## server

```
$ cd ~/fig/cowrie
$ mkdir -p log/tty
$ chmod -R 777 log
$ tree -F
.
├── docker-compose.yml
└── log/
    └── tty/
$ docker-compose up -d
$ tail -f log/cowrie.log
```

## client

```
$ ssh -p 2222 root@server
```

> You can login as `root` without password.

[1]: https://github.com/micheloosterhof/cowrie
[2]: http://github.com/desaster/kippo/
add cowrie 2015-07-21 18:10:52 +02:00			`cowrie`
			`======`

			[`Cowrie`][1] is a medium interaction SSH honeypot designed to log brute force attacks
			`and, most importantly, the entire shell interaction performed by the attacker.`

			`Cowrie` is directly based on [`Kippo`][2] by Upi Tamminen (desaster).

			`## docker-compose.yml`

			```
			`cowrie:`
			`image: vimagick/cowrie`
			`ports:`
			`- "2222:2222"`
			`volumes:`
			`- log:/home/cowrie/log`
			`restart: always`
			```

			`## server`

			```
			`$ cd ~/fig/cowrie`
update 2015-07-21 18:22:51 +02:00			`$ mkdir -p log/tty`
			`$ chmod -R 777 log`
add cowrie 2015-07-21 18:10:52 +02:00			`$ tree -F`
			`.`
			`├── docker-compose.yml`
			`└── log/`
			`└── tty/`
			`$ docker-compose up -d`
			`$ tail -f log/cowrie.log`
			```

			`## client`

			```
			`$ ssh -p 2222 root@server`
			```

update 2015-07-21 18:22:51 +02:00			> You can login as `root` without password.
add cowrie 2015-07-21 18:10:52 +02:00
			`[1]: https://github.com/micheloosterhof/cowrie`
			`[2]: http://github.com/desaster/kippo/`