Public | Automated Build

Last pushed: a month ago
Short Description
SSH Honeypot. Based on Alpine Linux.
Full Description

wonderfall/cowrie

What is this?

Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and the shell interaction performed by the attacker. Cowrie is based on Kippo.

Build-time variables

  • MPFR_VERSION : GNU MPFR version.
  • MPC_VERSION : GNU MPC version.
  • GPG_ : fingerprints of signing keys.
  • SHA_ : fingerprints of tarballs

Environment variables

  • UID (default : 991)
  • GID (default : 991)

How to configure

You should provide your own configuration file from this base : https://raw.githubusercontent.com/micheloosterhof/cowrie/master/cowrie.cfg.dist
You can mount this single file to your Docker container.

Volumes

  • /cowrie/dl : where downloads are stored.
  • /cowrie/log : cowrie and tty sessions logs.
  • /cowrie/cowrie.cfg : cowrie configuration file. Provide yours!
  • /custom : customize cowrie structure with your own files

Docker compose (example)

cowrie:
  image: wonderfall/cowrie
  links:                           ### MySQL output
    - cowrie-db:cowrie-db          ### MySQL output
  ports:
    - "2222:2222"
  volumes:
    - /mnt/cowrie/dl:/cowrie/dl
    - /mnt/cowrie/log:/cowrie/log
    - /mnt/cowrie/custom:/custom
    - /mnt/cowrie/cowrie.cfg:/cowrie/cowrie.cfg
  environment:
    - GID=1000
    - UID=1000

### MySQL output
# First, you'll have to initialise tables with a .sql file
# mkdir -p /mnt/cowrie/sql
# wget https://raw.githubusercontent.com/micheloosterhof/cowrie/master/doc/sql/mysql.sql -P /mnt/cowrie/sql/cowrie.sql
# It needs also to be configured in the cowrie.cfg file

cowrie-db:
  image: mariadb:10
  volumes:
    - /mnt/cowrie/db:/var/lib/mysql
    - /mnt/cowrie/sql:/docker-entrypoint-initdb.d
  environment:
    - MYSQL_ROOT_PASSWORD=supersecretpassword
    - MYSQL_DATABASE=cowrie
    - MYSQL_USER=cowrie
    - MYSQL_PASSWORD=supersecretpassword
Docker Pull Command
Owner
wonderfall
Source Repository

Comments (0)