1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-12-23 01:39:27 +02:00
dockerfiles/cowrie/README.md

52 lines
979 B
Markdown
Raw Normal View History

2015-07-21 18:10:52 +02:00
cowrie
======
2015-11-25 03:42:37 +02:00
![](https://badge.imagelayers.io/vimagick/cowrie:latest.svg)
2017-11-05 15:12:30 +02:00
[Cowrie][1] is a medium interaction SSH honeypot designed to log brute force attacks
2015-07-21 18:10:52 +02:00
and, most importantly, the entire shell interaction performed by the attacker.
2017-11-05 15:12:30 +02:00
Cowrie is directly based on [Kippo][2] by Upi Tamminen (desaster).
2015-07-21 18:10:52 +02:00
## docker-compose.yml
2017-11-05 15:06:52 +02:00
```yaml
2015-07-21 18:10:52 +02:00
cowrie:
image: vimagick/cowrie
ports:
- "2222:2222"
2017-11-05 15:06:52 +02:00
- "2223:2223"
2015-07-21 18:10:52 +02:00
volumes:
2017-11-05 15:12:30 +02:00
- ./data/dl:/home/cowrie/dl
- ./data/log:/home/cowrie/log
2015-07-21 18:10:52 +02:00
restart: always
```
## server
2017-11-05 15:06:52 +02:00
```bash
2015-07-21 18:10:52 +02:00
$ cd ~/fig/cowrie
2017-11-05 15:12:30 +02:00
$ mkdir -p data/dl data/log/tty
$ chmod -R 777 data
2015-07-21 18:10:52 +02:00
$ tree -F
.
├── docker-compose.yml
2015-07-21 19:00:29 +02:00
├── dl/
2015-07-21 18:10:52 +02:00
└── log/
└── tty/
$ docker-compose up -d
$ tail -f log/cowrie.log
```
## client
2017-11-05 15:06:52 +02:00
```bash
2015-07-21 18:10:52 +02:00
$ ssh -p 2222 root@server
2017-11-05 15:06:52 +02:00
$ telnet server 2223
2015-07-21 18:10:52 +02:00
```
2015-07-21 19:00:29 +02:00
> You can login as `root` with any password except `root` or `123456`.
2015-07-21 18:10:52 +02:00
[1]: https://github.com/micheloosterhof/cowrie
[2]: http://github.com/desaster/kippo/