update cowrie

2017-11-05 21:06:52 +08:00 · 2017-11-05 21:06:52 +08:00 · 749df4181a
parent b4e0191e7f
commit 749df4181a
3 changed files with 14 additions and 11 deletions
--- a/cowrie/Dockerfile
+++ b/cowrie/Dockerfile
@ -5,7 +5,9 @@
 FROM alpine
 MAINTAINER kev <noreply@easypi.pro>

-RUN apk add -U build-base \
+RUN apk add -U bash \
+               build-base \
+               ca-certificates \
               libffi \
               libffi-dev \
               openssl \
@ -14,14 +16,12 @@ RUN apk add -U build-base \
               python-dev \
               tar \
    && wget -qO- https://bootstrap.pypa.io/get-pip.py | python \
-    && pip install pyasn1 \
-                   pyOpenSSL \
-                   service_identity \
-                   twisted \
    && adduser -D cowrie \
    && cd /home/cowrie \
    && wget -qO- https://github.com/micheloosterhof/cowrie/archive/master.tar.gz | tar xz --strip 1 \
-    && mv cowrie.cfg.dist cowrie.cfg \
+    && pip install -r requirements.txt \
+    && sed '/Enable Telnet/{n;s/\(enabled\).*/\1 = true/}' cowrie.cfg.dist > cowrie.cfg \
+    && sed -i 's/^\(VIRTUALENV_ENABLED\).*/\1=no/' bin/cowrie \
    && chown -R cowrie:cowrie . \
    && apk del build-base \
               libffi-dev \
@ -30,9 +30,9 @@ RUN apk add -U build-base \
               tar \
    && rm -rf /var/cache/apk/*

-EXPOSE 2222
+EXPOSE 2222 2223

 USER cowrie
 WORKDIR /home/cowrie

-CMD ["twistd", "-n", "-l", "log/cowrie.log", "cowrie"]
+CMD ["bin/cowrie", "start", "-n"]
--- a/cowrie/README.md
+++ b/cowrie/README.md
@ -10,11 +10,12 @@ and, most importantly, the entire shell interaction performed by the attacker.

 ## docker-compose.yml

-```
+```yaml
 cowrie:
  image: vimagick/cowrie
  ports:
    - "2222:2222"
+    - "2223:2223"
  volumes:
    - ./dl:/home/cowrie/dl
    - ./log:/home/cowrie/log
@ -23,7 +24,7 @@ cowrie:

 ## server

-```
+```bash
 $ cd ~/fig/cowrie
 $ mkdir -p dl log/tty
 $ chmod -R 777 dl log
@ -39,8 +40,9 @@ $ tail -f log/cowrie.log

 ## client

-```
+```bash
 $ ssh -p 2222 root@server
+$ telnet server 2223
 ```

 > You can login as `root` with any password except `root` or `123456`.
--- a/cowrie/docker-compose.yml
+++ b/cowrie/docker-compose.yml
@ -2,6 +2,7 @@ cowrie:
  image: vimagick/cowrie
  ports:
    - "2222:2222"
+    - "2223:2223"
  volumes:
    - ./dl:/home/cowrie/dl
    - ./log:/home/cowrie/log