move loggers to tac file

move

cowrie/ssh/factory.py

@@ -32,8 +32,6 @@ class CowrieSSHFactory(factory.SSHFactory):
     sessions = {}
     privateKeys = None
     publicKeys = None
-    dbloggers = None
-    output_plugins = None
     primes = None
 
     def __init__(self, cfg):
@@ -45,9 +43,9 @@ class CowrieSSHFactory(factory.SSHFactory):
         Special delivery to the loggers to avoid scope problems
         """
         args['sessionno'] = 'S'+str(args['sessionno'])
-        for dblog in self.dbloggers:
+        for dblog in self.tac.dbloggers:
             dblog.logDispatch(*msg, **args)
-        for output in self.output_plugins:
+        for output in self.tac.output_plugins:
             output.logDispatch(*msg, **args)
 
 
@@ -70,38 +68,6 @@ class CowrieSSHFactory(factory.SSHFactory):
           'ssh-rsa': keys.Key.fromString(data=rsaPrivKeyString),
           'ssh-dss': keys.Key.fromString(data=dsaPrivKeyString)}
 
-        # Load db loggers
-        self.dbloggers = []
-        for x in self.cfg.sections():
-            if not x.startswith('database_'):
-                continue
-            engine = x.split('_')[1]
-            try:
-                dblogger = __import__( 'cowrie.dblog.{}'.format(engine),
-                    globals(), locals(), ['dblog']).DBLogger(self.cfg)
-                log.addObserver(dblogger.emit)
-                self.dbloggers.append(dblogger)
-                log.msg("Loaded dblog engine: {}".format(engine))
-            except:
-                log.err()
-                log.msg("Failed to load dblog engine: {}".format(engine))
-
-        # Load output modules
-        self.output_plugins = []
-        for x in self.cfg.sections():
-            if not x.startswith('output_'):
-                continue
-            engine = x.split('_')[1]
-            try:
-                output = __import__( 'cowrie.output.{}'.format(engine),
-                    globals(), locals(), ['output']).Output(self.cfg)
-                log.addObserver(output.emit)
-                self.output_plugins.append(output)
-                log.msg("Loaded output engine: {}".format(engine))
-            except:
-                log.err()
-                log.msg("Failed to load output engine: {}".format(engine))
-
         factory.SSHFactory.startFactory(self)
 
 
@@ -109,8 +75,6 @@ class CowrieSSHFactory(factory.SSHFactory):
         """
         """
         factory.SSHFactory.stopFactory(self)
-        for output in self.output_plugins:
-            output.stop()
 
 
     def buildProtocol(self, addr):

cowrie/telnet/transport.py

@@ -33,9 +33,9 @@ class HoneyPotTelnetFactory(protocol.ServerFactory):
         Special delivery to the loggers to avoid scope problems
         """
         args['sessionno'] = 'T'+str(args['sessionno'])
-        for dblog in self.dbloggers:
+        for dblog in self.tac.dbloggers:
             dblog.logDispatch(*msg, **args)
-        for output in self.output_plugins:
+        for output in self.tac.output_plugins:
             output.logDispatch(*msg, **args)
 
 
@@ -55,38 +55,6 @@ class HoneyPotTelnetFactory(protocol.ServerFactory):
         # For use by the uptime command
         self.starttime = time.time()
 
-        # Load db loggers
-        self.dbloggers = []
-        for x in self.cfg.sections():
-            if not x.startswith('database_'):
-                continue
-            engine = x.split('_')[1]
-            try:
-                dblogger = __import__( 'cowrie.dblog.{}'.format(engine),
-                    globals(), locals(), ['dblog']).DBLogger(self.cfg)
-                log.addObserver(dblogger.emit)
-                self.dbloggers.append(dblogger)
-                log.msg("Loaded dblog engine: {}".format(engine))
-            except:
-                log.err()
-                log.msg("Failed to load dblog engine: {}".format(engine))
-
-        # Load output modules
-        self.output_plugins = []
-        for x in self.cfg.sections():
-            if not x.startswith('output_'):
-                continue
-            engine = x.split('_')[1]
-            try:
-                output = __import__( 'cowrie.output.{}'.format(engine),
-                    globals(), locals(), ['output']).Output(self.cfg)
-                log.addObserver(output.emit)
-                self.output_plugins.append(output)
-                log.msg("Loaded output engine: {}".format(engine))
-            except:
-                log.err()
-                log.msg("Failed to load output engine: {}".format(engine))
-
         # hook protocol
         self.protocol = lambda: CowrieTelnetTransport(HoneyPotTelnetAuthProtocol,
                                          self.portal)
@@ -97,8 +65,6 @@ class HoneyPotTelnetFactory(protocol.ServerFactory):
         """
         Stop output plugins
         """
-        for output in self.output_plugins:
-            output.stop()
         protocol.ServerFactory.stopFactory(self)
 
 

twisted/plugins/cowrie_plugin.py

@@ -70,6 +70,8 @@ class CowrieServiceMaker(object):
     tapname = "cowrie"
     description = "She sells sea shells by the sea shore."
     options = Options
+    dbloggers = None
+    output_plugins = None
 
     def makeService(self, options):
         """
@@ -82,23 +84,6 @@ class CowrieServiceMaker(object):
 
         cfg = readConfigFile(options["config"])
 
-        topService = service.MultiService()
-        application = service.Application('cowrie')
-        topService.setServiceParent(application)
-
-        factory = cowrie.ssh.factory.CowrieSSHFactory(cfg)
-
-        factory.portal = portal.Portal(core.realm.HoneyPotRealm(cfg))
-        factory.portal.registerChecker(
-            core.checkers.HoneypotPublicKeyChecker())
-        factory.portal.registerChecker(
-            core.checkers.HoneypotPasswordChecker(cfg))
-
-        if cfg.has_option('honeypot', 'auth_none_enabled') and \
-                 cfg.getboolean('honeypot', 'auth_none_enabled') == True:
-            factory.portal.registerChecker(
-                core.checkers.HoneypotNoneChecker())
-
         # ssh is enabled by default
         if cfg.has_option('ssh', 'enabled') == False or \
            (cfg.has_option('ssh', 'enabled') and \
@@ -118,7 +103,56 @@ class CowrieServiceMaker(object):
             print('ERROR: You must at least enable SSH or Telnet')
             sys.exit(1)
 
+        # Load db loggers
+        self.dbloggers = []
+        for x in self.cfg.sections():
+            if not x.startswith('database_'):
+                continue
+            engine = x.split('_')[1]
+            try:
+                dblogger = __import__( 'cowrie.dblog.{}'.format(engine),
+                    globals(), locals(), ['dblog']).DBLogger(self.cfg)
+                log.addObserver(dblogger.emit)
+                self.dbloggers.append(dblogger)
+                log.msg("Loaded dblog engine: {}".format(engine))
+            except:
+                log.err()
+                log.msg("Failed to load dblog engine: {}".format(engine))
+
+        # Load output modules
+        self.output_plugins = []
+        for x in self.cfg.sections():
+            if not x.startswith('output_'):
+                continue
+            engine = x.split('_')[1]
+            try:
+                output = __import__( 'cowrie.output.{}'.format(engine),
+                    globals(), locals(), ['output']).Output(self.cfg)
+                log.addObserver(output.emit)
+                self.output_plugins.append(output)
+                log.msg("Loaded output engine: {}".format(engine))
+            except:
+                log.err()
+                log.msg("Failed to load output engine: {}".format(engine))
+
+        topService = service.MultiService()
+        application = service.Application('cowrie')
+        topService.setServiceParent(application)
+
         if enableSSH:
+            factory = cowrie.ssh.factory.CowrieSSHFactory(cfg)
+            factory.tac = self
+            factory.portal = portal.Portal(core.realm.HoneyPotRealm(cfg))
+            factory.portal.registerChecker(
+                core.checkers.HoneypotPublicKeyChecker())
+            factory.portal.registerChecker(
+                core.checkers.HoneypotPasswordChecker(cfg))
+
+            if cfg.has_option('honeypot', 'auth_none_enabled') and \
+                     cfg.getboolean('honeypot', 'auth_none_enabled') == True:
+                factory.portal.registerChecker(
+                    core.checkers.HoneypotNoneChecker())
+
             if cfg.has_option('ssh', 'listen_addr'):
                 listen_ssh_addr = cfg.get('ssh', 'listen_addr')
             elif cfg.has_option('honeypot', 'listen_addr'):
@@ -154,6 +188,7 @@ class CowrieServiceMaker(object):
                 listen_telnet_port = 2223
 
             f = cowrie.telnet.transport.HoneyPotTelnetFactory(cfg)
+            f.tac = self
             f.portal = portal.Portal(core.realm.HoneyPotRealm(cfg))
             f.portal.registerChecker(core.checkers.HoneypotPasswordChecker(cfg))
             for i in listen_telnet_addr.split():