blackle0pard.net

ArchLinuxにcowrieをインストールする
2018-03-25 16:26
2018-08-11 14:27

今更ながら備忘録として、cowrieのインストール手順を簡単にまとめます。

Software required:
Python 2.7+, (Python 3 not yet supported due to Twisted dependencies)
python-virtualenv
For Python dependencies, see requirements.txt

via cowrie/README.md at master · micheloosterhof/cowrie · GitHub

手順自体はcowriewikiや色々な人が書いているブログ記事を見れば特に困ることなくインストールは出来ますが、ArchLinuxの場合はデフォルトでPython 3.xを使用するので、Pythonのバージョンを指定する必要があります。

How-to

# pacman -S python python-virtualenv git --noconfirm
# useradd -m cowrie
# passwd cowrie
# su - cowrie
$ git clone https://github.com/pyenv/pyenv.git ~/.pyenv
$ cat ~/.bash_profile
#
# ~/.bash_profile
#

[[ -f ~/.bashrc ]] && . ~/.bashrc
$ echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bash_profile
$  echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bash_profile
$ echo -e 'if command -v pyenv 1>/dev/null 2>&1; then\n  eval "$(pyenv init -)"\nfi' >> ~/.bash_profile
$ cat ~/.bash_profile
#
# ~/.bash_profile
#

[[ -f ~/.bashrc ]] && . ~/.bashrc
export PYENV_ROOT="$HOME/.pyenv"
export PATH="$PYENV_ROOT/bin:$PATH"
if command -v pyenv 1>/dev/null 2>&1; then
  eval "$(pyenv init -)"
fi
$ source ~/.bash_profile
$ pyenv install --list
$ pyenv install 2.7.14
Downloading Python-2.7.14.tar.xz...
-> https://www.python.org/ftp/python/2.7.14/Python-2.7.14.tar.xz
Installing Python-2.7.14...
Installed Python-2.7.14 to /home/cowrie/.pyenv/versions/2.7.14
$ pyenv local 2.7.14
$ python -V
Python 2.7.14
$ which python
/home/cowrie/.pyenv/shims/python
$ git clone https://github.com/micheloosterhof/cowrie.git
$ cd cowrie/
$ ls
CHANGELOG.md     LICENSE.md   bin              data  etc      requirements-output.txt  share    var
CONTRIBUTING.md  MANIFEST.in  cowrie           dl    honeyfs  requirements.txt         twisted
INSTALL.md       README.md    cowrie.cfg.dist  doc   log      setup.py                 txtcmds
$ cp -p cowrie.cfg.dist cowrie.cfg
$ vim cowrie.cfg
$ diff cowrie.cfg.dist cowrie.cfg
296c296
< enabled = false
---
> enabled = true
$ virtualenv cowrie-env --python=/home/cowrie/.pyenv/shims/python
Running virtualenv with interpreter /home/cowrie/.pyenv/shims/python
New python executable in /home/cowrie/cowrie/cowrie-env/bin/python
Installing setuptools, pip, wheel...done.
$ source cowrie-env/bin/activate
(cowrie-env) $
(cowrie-env) $ pip install --upgrade -r requirements.txt
# iptables-save > /etc/iptables/iptables.rules
# iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222
# iptables -t nat -A PREROUTING -p tcp --dport 23 -j REDIRECT --to-port 2223
# iptables-save > /etc/iptables/iptables.rules
# systemctl enable iptables
# systemctl restart iptables
# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:ssh redir ports 2222
REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:telnet redir ports 2223

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
# su - cowrie
$ cd cowrie/
$ bin/cowrie start
Using default Python virtual environment "/home/cowrie/cowrie/cowrie-env"
Starting cowrie: [twistd   --umask 0022 --pidfile var/run/cowrie.pid --logger cowrie.python.logfile.logger cowrie ]...

Ref.

Env.

$ inxi -SM
System:    Host: pisces.blackle0pard.net Kernel: 4.15.12-1-ARCH x86_64 bits: 64 Console: tty 0
           Distro: Arch Linux
Machine:   Type: Kvm System: QEMU product: Standard PC (i440FX + PIIX, 1996) v: pc-i440fx-2.11 serial: N/A
           Mobo: N/A model: N/A serial: N/A BIOS: SeaBIOS v: rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org
           date: 04/01/2014
$ pyenv version
2.7.14 (set by /home/cowrie/.python-version)
$ python -V
Python 2.7.14
Cowrie Honeypot