aljaz/cowrie
1
0
Fork 0
mirror of https://github.com/aljazceru/cowrie.git synced 2026-01-31 12:04:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

properly log SFTP uploads

Browse Source
This commit is contained in:
Michel Oosterhof
2016-01-04 13:37:13 +00:00
parent 68fdb81550
commit c07a5d6b18
3 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cowrie/core/fs.py
View File

@@ -376,14 +376,16 @@ class HoneyPotFilesystem(object):
return True
if self.tempfiles[fd] is not None:
shasum = hashlib.sha256(open(self.tempfiles[fd], 'rb').read()).hexdigest()
log.msg("SHA sum %s" % (shasum,))
shasumfile = self.cfg.get('honeypot', 'download_path') + "/" + shasum
log.msg(format='SFTP Uploaded file \"%(filename)s\" to %(outfile)s',
eventid='COW0017', filename=os.path.basename(self.filenames[fd]), outfile=shasumfile, shasum=shasum )
if (os.path.exists(shasumfile)):
os.remove(self.tempfiles[fd])
else:
os.rename(self.tempfiles[fd], shasumfile)
os.symlink(shasum, self.tempfiles[fd])
self.update_realfile(self.getfile(self.filenames[fd]), shasumfile)
del self.tempfiles[fd]
del self.filenames[fd]
return os.close(fd)

1
cowrie/core/output.py
View File

@@ -52,6 +52,7 @@ import socket
# COW0014 : direct-tcpip request
# COW0015 : direct-tcpip data
# COW0016 : key fingerprint
# COW0017 : SFTP uploaded file
class Output(object):
"""

2
cowrie/ssh/filetransfer.py
View File

@@ -272,7 +272,7 @@ class SFTPServerForCowrieUser(object):
def realPath(self, path):
"""
"""
log.msg("SFTP realPath: %s" % (path,))
#log.msg("SFTP realPath: %s" % (path,))
return self.fs.realpath(self._absPath(path))