Install and setup cowrie honeypot on Ubuntu

Install and setup cowrie honeypot on Ubuntu

What is Cowrie honeypot?

The Cowrie honeypot is designed to impersonate SSH servers, specifically one with easily cracked credentials. Once an attacker logs in they will be accessing a fake Linux shell where they can execute commands which will look realistic. It will record all the sessions of an attacker. With Cowrie, the attacker will think they have hacked/attacked your server as if it was real. When an attacker tries to log into your server with the right username and password, the system will let them access a fake system in which they are not supposed to be. Honeypot keeps records of the attacker such as the commands he typed or the keys he pressed and all the activities of the attacker. The hosts SSH daemon will run on a highest port which is 22222, Cowrie will run on 2222, and port 22 (default SSH) will be redirected to 2222 using iptables. When the attacker connects to port 22 it will be redirected to our Honeypot on port 2222.
Before install Cowrie

If you have an ubuntu system, you should install the following dependencies before using it。
Pre-installation of python3

1. sudo apt update && sudo apt install python3

复制代码

Verify installation and check python version:python3 --version
ps : python < 3.9 is not supported when it comes to employ Cowrie.
pip (Python package management tool)
Tools for installing third-party libraries and virtual environments

1. sudo apt install python3-pip

复制代码

Verify installation and check pip3 version:pip3 --version
venv module (virtual environment support)

The venv module is a virtual environment tool that comes with Python 3.3+ and needs to be installed separately.

1. sudo apt install python3-venv

复制代码

This is a necessary component for creating a virtual environment
Install Python, pip, and venv all at once:

1. sudo apt install python3 python3-pip python3-venv

复制代码

SSH Service Core Dependency Packages

1. sudo apt install openssh-server

复制代码

check ssh service status:sudo systemctl status ssh
manual activation:sudo systemctl start ssh
Setting up boot-up:sudo systemctl enble ssh
edition tool(anything you like)

1. sudo apt install vim

复制代码

Before installing cowrie and our dependencies, change the default SSH port 22 to port 22222 in sshd_config file so that the attacker thinks that they are in real SSH port and restart SSH to see if it is listening to the newly configured port.
(sshd_config is only visible if openssh-server is installed.)

1. root@localhost:~# vim /etc/ssh/sshd_config
3. Replace port 22 with the highest port 22222 and restart ssh
5. root@localhost:~# systemctl restart ssh
7. root@localhost:~# systemctl status ssh

复制代码

To confirm if it is listening to the newly configured port run the below command:

1. $ ssh [your-username]@localhost -p 22222

复制代码

install cowrie honeypot on ubuntu

1.Update the system

1. $ sudo apt update #Updating the package list
2. $ sudo apt upgrade #Upgrading installed packages

复制代码

2. Install all the dependencies of Cowrie

1. $ sudo apt-get install git python3-venv libssl-dev libffi-dev build-essential libpython3-dev python3-minimal authbind

复制代码

3. Add a user Cowrie

1. $ sudo adduser Cowrie
2. $ sudo usermod -aG sudo Cowrie
3. $ su - Cowrie
4. $ sudo whoami #root

复制代码

4.Git clone the code for cowire

1. $ git clone http://github.com/cowrie/cowrie

复制代码

5.Setup Virtual Environment for Cowrie

1. $ cd cowrie
2. ~/cowrie$ pwd
3. # /home/Cowrie/cowrie
4. ~/cowrie$ python -m venv cowrie-env
5. # virtualenv cowrie-env

复制代码

6.Activate the virtual environment and install packages

1. ~/cowrie$ source cowrie-env/bin/activate
2. (cowrie-env):~/cowrie $ python -m pip install --upgrade pip
3. (cowrie-env):~/cowrie $ python -m pip install --upgrade -r requirements.txt

复制代码

7. Edit configuration file

The configuration for Cowrie is stored in cowrie.cfg.dist and cowrie.cfg (Located in cowrie/etc). Both files are read on startup, where entries from cowrie.cfg take precedence. The .dist file can be overwritten by upgrades, cowrie.cfg will not be touched. To run with a standard configuration, there is no need to change anything.

1. (cowrie-env):~/cowrie $ cd etc/
2. (cowrie-env):~/cowrie/etc $ cp cowrie.cfg.dist cowrie.cfg
3. (cowrie-env):~/cowrie/etc $ sudo vim cowrie.cfg

复制代码

change the hostname first and then enable telnet using any of the editors.

8.Redirect traffic using iptables

1. root@localhost:~# iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222
3. root@localhost:~# iptables -t nat -A PREROUTING -p tcp --dport 23 -j REDIRECT --to-port 2223

复制代码

9. Start cowrie

1. (cowrie-env):~/cowrie $ bin/cowrie start
3. # You can stop cowrie by running the following command
4. (cowrie-env):~/cowrie $ bin/cowrie stop

复制代码

10.To see the logs in realtime in honeypot use below command.

1. (cowrie-env):~/cowrie/var/log/cowrie $ tail -f cowrie.log

复制代码

11.To get the logs of Honeypot use below command

1. (cowrie-env):~/cowrie/var/log/cowrie $ cat cowrie.log

复制代码

Reference

1.Install and setup cowrie honeypot on Ubuntu
2.Installing Cowrie in seven steps
3.Cowrie蜜罐的摆设（ubt亲测）

免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！更多信息从访问主页：qidao123.com:ToB企服之家，中国第一个企服评测及商务社交产业平台。