1
2
mirror of https://github.com/vimagick/dockerfiles synced 2024-06-20 22:08:39 +00:00
dockerfiles/cowrie/README.md
2020-11-05 19:22:21 +08:00

56 lines
1.1 KiB
Markdown

cowrie
======
![](https://badge.imagelayers.io/vimagick/cowrie:latest.svg)
[Cowrie][1] is a medium interaction SSH honeypot designed to log brute force attacks
and, most importantly, the entire shell interaction performed by the attacker.
Cowrie is directly based on [Kippo][2] by Upi Tamminen (desaster).
## docker-compose.yml
```yaml
version: "3.8"
services:
cowrie:
image: cowrie/cowrie
ports:
- "2222:2222"
- "2223:2223"
volumes:
- cowrie-etc:/cowrie/cowrie-git/etc
- cowrie-var:/cowrie/cowrie-git/var
restart: unless-stopped
volumes:
cowrie-etc:
cowrie-var:
```
## server
```bash
$ docker-compose up -d
$ docker volume ls
$ docker volume inspect cowrie_cowrie-var
$ cd /var/lib/docker/volumes/cowrie_cowrie-etc/_data
$ cp cowrie.cfg.dist cowrie.cfg
$ cp userdb.example userdb.txt
$ cd /var/lib/docker/volumes/cowrie_cowrie-var/_data
$ tail -f log/cowrie/cowrie.json
```
## client
```bash
$ ssh -p 2222 root@server
$ telnet server 2223
```
> You can login as `root` with any password except `root` or `123456`.
[1]: https://github.com/micheloosterhof/cowrie
[2]: http://github.com/desaster/kippo/