From 0451ee5e6bfc8ccb3ef2defbd06fa2bacb402411 Mon Sep 17 00:00:00 2001
From: Michel Oosterhof <michel@oosterhof.net>
Date: Mon, 14 Nov 2016 11:01:10 +0400
Subject: [PATCH] move log/ttylog and download directories

---
 bin/cowrie                |  5 +++--
 cowrie/insults/insults.py |  4 ++--
 etc/cowrie.cfg.dist       | 18 ++++++++++++------
 log/tty/.gitignore        |  2 --
 var/lib/dl/.gitignore     |  0
 var/lib/ttylog/.gitignore |  0
 6 files changed, 17 insertions(+), 12 deletions(-)
 delete mode 100644 log/tty/.gitignore
 create mode 100644 var/lib/dl/.gitignore
 create mode 100644 var/lib/ttylog/.gitignore

diff --git a/bin/cowrie b/bin/cowrie
index 99ebcfe..aed7bd6 100755
--- a/bin/cowrie
+++ b/bin/cowrie
@@ -45,9 +45,9 @@ cowrie_start() {
     echo "Starting cowrie with extra arguments [$XARGS] ..."
     if [ $AUTHBIND_ENABLED = "no" ]
     then
-        twistd $XARGS -l log/cowrie.log --umask 0077 --pidfile ${PIDFILE} cowrie
+        twistd $XARGS -l ${LOGFILE} --umask 0077 --pidfile ${PIDFILE} cowrie
     else
-        authbind --deep twistd $XARGS -l log/cowrie.log --umask 0077 --pidfile cowrie.pid cowrie
+        authbind --deep twistd $XARGS -l ${LOGFILE} --umask 0077 --pidfile ${PIDFILE} cowrie
     fi
 }
 
@@ -78,6 +78,7 @@ find_cowrie_directory $0
 cd ${COWRIEDIR}
 export PYTHONPATH=${PYTHONPATH}:${COWRIEDIR}
 PIDFILE=var/run/cowrie.pid
+LOGFILE="var/log/cowrie/cowrie.log"
 set -e
 
 key=$1
diff --git a/cowrie/insults/insults.py b/cowrie/insults/insults.py
index a15dfa3..aa5e990 100644
--- a/cowrie/insults/insults.py
+++ b/cowrie/insults/insults.py
@@ -29,7 +29,7 @@ class LoggingServerProtocol(insults.ServerProtocol):
         self.bytesReceived = 0
         self.interactors = []
 
-        self.ttylogPath = cfg.get('honeypot', 'log_path')
+        self.ttylogPath = cfg.get('honeypot', 'ttylog_path')
         self.downloadPath = cfg.get('honeypot', 'download_path')
 
         try:
@@ -54,7 +54,7 @@ class LoggingServerProtocol(insults.ServerProtocol):
         transportId, channelId = self.getSessionId()
 
         self.startTime = time.time()
-        self.ttylogFile = '%s/tty/%s-%s-%s%s.log' % \
+        self.ttylogFile = '%s/%s-%s-%s%s.log' % \
             (self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'),
             transportId, channelId, self.type)
         ttylog.ttylog_open(self.ttylogFile, self.startTime)
diff --git a/etc/cowrie.cfg.dist b/etc/cowrie.cfg.dist
index ac64422..3e0ed29 100644
--- a/etc/cowrie.cfg.dist
+++ b/etc/cowrie.cfg.dist
@@ -25,14 +25,20 @@ hostname = svr04
 
 # Directory where to save log files in.
 #
-# (default: log)
-log_path = log
+# (default: var/log/cowrie)
+log_path = var/log/cowrie
 
 
 # Directory where to save downloaded artifacts in.
 #
-# (default: dl)
-download_path = dl
+# (default: var/lib/dl)
+download_path = var/lib/dl
+
+
+# Directory where to save tty logfiles in.
+#
+# (default: var/lib/ttylog)
+ttylog_path = var/lib/ttylog
 
 
 # Directory where virtual file contents are kept in.
@@ -250,7 +256,7 @@ enabled = true
 [telnet]
 
 # Enable Telnet support, disabled by default
-enabled = false
+enabled = true
 
 # IP addresses to listen for incoming Telnet connections.
 #
@@ -302,7 +308,7 @@ enabled = false
 # JSON based logging module
 #
 [output_jsonlog]
-logfile = log/cowrie.json
+logfile = var/log/cowrie/cowrie.json
 
 
 # Supports logging to Elasticsearch
diff --git a/log/tty/.gitignore b/log/tty/.gitignore
deleted file mode 100644
index d6b7ef3..0000000
--- a/log/tty/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-*
-!.gitignore
diff --git a/var/lib/dl/.gitignore b/var/lib/dl/.gitignore
new file mode 100644
index 0000000..e69de29
diff --git a/var/lib/ttylog/.gitignore b/var/lib/ttylog/.gitignore
new file mode 100644
index 0000000..e69de29