From 31ababed5b4cfad43cc694ea242a0773e0f4ab72 Mon Sep 17 00:00:00 2001 From: Michel Oosterhof Date: Mon, 14 Nov 2016 11:12:39 +0400 Subject: [PATCH] doc updates --- INSTALL.md | 19 ++++++++++--------- README.md | 20 ++++++++++---------- 2 files changed, 20 insertions(+), 19 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 560f476..7ea4947 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -80,15 +80,16 @@ $ source cowrie-env/bin/activate ## Step 4: Install configuration file -Take a look at the configuration file and make changes as desired. The defaults work well in most cases. +Take a look at the configuration file and make changes as desired. +The defaults work well in most cases. ``` $ cp etc/cowrie.cfg.dist etc/cowrie.cfg ``` ## Step 5: Generate a DSA key -This step should not be necessary, however some versions of twisted -are not compatible. To avoid problems in advance, run: +This step should not be necessary, however some versions of Twisted +are not compatible. To avoid problems in advance, run: ``` $ cd etc @@ -98,9 +99,9 @@ $ cd .. ## Step 6: Turning on cowrie -Cowrie is implemented as a module for twisted, but to properly +Cowrie is implemented as a module for Twisted, but to properly import everything the top-level source directory needs to be in -python's os.path. This sometimes won't happen correctly, so make +python's os.path. This sometimes won't happen correctly, so make it explicit: ``` @@ -132,7 +133,7 @@ $ sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 222 ``` Note that you should test this rule only from another host; it -doesn't apply to loopback connections. Alternatively you can run +doesn't apply to loopback connections. Alternatively you can run authbind to listen as non-root on port 22 directly: ``` @@ -199,8 +200,8 @@ $ ssh-keygen -t rsa -b 2048 -f ssh_host_rsa_key ``` * If you see `twistd: Unknown command: cowrie` there are two -possibilities. If there's a python stack trace, it probably means -there's a missing or broken dependency. If there's no stack trace, +possibilities. If there's a python stack trace, it probably means +there's a missing or broken dependency. If there's no stack trace, double check that your PYTHONPATH is set to the source code directory. * Default file permissions @@ -215,4 +216,4 @@ brew install gmp brew install mpfr brew install mpc brew install libmpc -``` \ No newline at end of file +``` diff --git a/README.md b/README.md index 6cdbbba..d5c16fd 100644 --- a/README.md +++ b/README.md @@ -47,16 +47,16 @@ Software required: ## Files of interest: * `etc/cowrie.cfg` - Cowrie's configuration file. Default values can be found in `etc/cowrie.cfg.dist` -* `data/fs.pickle` - fake filesystem -* `data/userdb.txt` - credentials allowed or disallowed to access the honeypot -* `dl/` - files transferred from the attacker to the honeypot are stored here -* `honeyfs/` - file contents for the fake filesystem - feel free to copy a real system here or use `bin/fsctl` -* `log/cowrie.json` - transaction output in JSON format -* `log/cowrie.log` - log/debug output -* `log/tty/*.log` - session logs -* `txtcmds/` - file contents for the fake commands -* `bin/createfs` - used to create the fake filesystem -* `bin/playlog` - utility to replay session logs +* `etc/userdb.txt` - credentials allowed or disallowed to access the honeypot +* `var/log/cowrie/cowrie.log` - Twisted format log +* `var/log/cowrie/cowrie.json` - transaction output in JSON format +* `var/lib/ttylog/` - session logs UML format +* `var/lib/dl/` - files transferred from the attacker to the honeypot are stored here +* `share/cowrie/fs.pickle` - fake filesystem +* `share/cowrie/txtcmds/` - file contents for fake commands +* `share/cowrie/honeyfs/` - file contents for the fake filesystem +* `bin/createfs` - used to create the honeypot filesystem +* `bin/playlog` - utility to replay session logs in UML format ## Is it secure?