Log SSH fingerprints

cowrie/insults/insults.py

@@ -160,8 +160,10 @@ class LoggingServerProtocol(insults.ServerProtocol):
 
         if self.ttylog_open:
             size = self.ttylog_size[self.ttylog_file]
-            log.msg(eventid='COW0012', format='Closing TTY Log: %(ttylog)s',
+            log.msg(eventid='COW0012',
-                ttylog=self.ttylog_file, size=size)
+                    format='Closing TTY Log: %(ttylog)s',
+                    ttylog=self.ttylog_file,
+                    size=size)
             ttylog.ttylog_close(self.ttylog_file, time.time())
             self.ttylog_open = False
 

cowrie/output/mysql.py

@@ -190,4 +190,8 @@ class Output(cowrie.core.output.Output):
                 'INSERT INTO `ttylog` (`session`, `ttylog`, `size`) VALUES (%s, %s, %s)',
                 (entry["session"], entry["ttylog"], entry["size"]))
 
+        elif entry["eventid"] == 'COW0016':
+            self.simpleQuery(
+                'INSERT INTO `keyfingerprints` (`session`, `username`, `fingerprint`) VALUES (%s, %s, %s)',
+                (entry["session"], entry["username"], entry["fingerprint"]))
 # vim: set sw=4 et:

doc/sql/mysql.sql

@@ -1,4 +1,4 @@
-CREATE TABLE `auth` (
+CREATE TABLE IF NOT EXISTS `auth` (
   `id` int(11) NOT NULL auto_increment,
   `session` char(32) NOT NULL,
   `success` tinyint(1) NOT NULL,
@@ -8,13 +8,13 @@ CREATE TABLE `auth` (
   PRIMARY KEY  (`id`)
 ) ;
 
-CREATE TABLE `clients` (
+CREATE TABLE IF NOT EXISTS `clients` (
   `id` int(4) NOT NULL auto_increment,
   `version` varchar(50) NOT NULL,
   PRIMARY KEY  (`id`)
 ) ;
 
-CREATE TABLE `input` (
+CREATE TABLE IF NOT EXISTS `input` (
   `id` int(11) NOT NULL auto_increment,
   `session` char(32) NOT NULL,
   `timestamp` datetime NOT NULL,
@@ -25,13 +25,13 @@ CREATE TABLE `input` (
   KEY `session` (`session`,`timestamp`,`realm`)
 ) ;
 
-CREATE TABLE `sensors` (
+CREATE TABLE IF NOT EXISTS `sensors` (
   `id` int(11) NOT NULL auto_increment,
   `ip` varchar(15) NOT NULL,
   PRIMARY KEY  (`id`)
 ) ;
 
-CREATE TABLE `sessions` (
+CREATE TABLE IF NOT EXISTS `sessions` (
   `id` char(32) NOT NULL,
   `starttime` datetime NOT NULL,
   `endtime` datetime default NULL,
@@ -43,7 +43,7 @@ CREATE TABLE `sessions` (
   KEY `starttime` (`starttime`,`sensor`)
 ) ;
 
-CREATE TABLE `ttylog` (
+CREATE TABLE IF NOT EXISTS `ttylog` (
   `id` int(11) NOT NULL auto_increment,
   `session` char(32) NOT NULL,
   `ttylog` varchar(100) NOT NULL,
@@ -51,7 +51,7 @@ CREATE TABLE `ttylog` (
   PRIMARY KEY  (`id`)
 ) ;
 
-CREATE TABLE `downloads` (
+CREATE TABLE IF NOT EXISTS `downloads` (
   `id` int(11) NOT NULL auto_increment,
   `session` CHAR( 32 ) NOT NULL,
   `timestamp` datetime NOT NULL,
@@ -61,3 +61,11 @@ CREATE TABLE `downloads` (
   PRIMARY KEY  (`id`),
   KEY `session` (`session`,`timestamp`)
 ) ;
+
+CREATE TABLE IF NOT EXISTS `keyfingerprints` (
+  `id` int(11) NOT NULL auto_increment,
+  `session` CHAR( 32 ) NOT NULL,
+  `username` varchar(100) NOT NULL,
+  `fingerprint` varchar(100) NOT NULL,
+  PRIMARY KEY  (`id`)
+) ;

doc/sql/update10.sql

@@ -0,0 +1,7 @@
+CREATE TABLE `keyfingerprints` (
+  `id` int(11) NOT NULL auto_increment,
+  `session` CHAR( 32 ) NOT NULL,
+  `username` varchar(100) NOT NULL,
+  `fingerprint` varchar(100) NOT NULL,
+  PRIMARY KEY  (`id`),
+) ;