Rearrange to be more logical.

2026-02-21 22:34:24 +01:00 · 2016-01-19 15:14:51 +04:00
parent 24b16233d2
commit eb717d82e7
1 changed files with 136 additions and 101 deletions
--- a/cowrie.cfg.dist
+++ b/cowrie.cfg.dist
@@ -2,59 +2,45 @@
 # Cowrie configuration file (cowrie.cfg)
 #

+# ============================================================================
+# General Honeypot Options
+# ============================================================================
 [honeypot]

-# Sensor name use to identify this cowrie instance. Used by the database
+# Sensor name is used to identify this Cowrie instance. Used by the database
 # logging modules such as mysql.
 #
 # If not specified, the logging modules will instead use the IP address of the
-# connection as the sensor name.
+# server as the sensor name.
 #
 # (default: not specified)
 #sensor_name=myhostname

-# IP addresses to listen for incoming SSH connections.
-#
-# (default: 0.0.0.0) = any IPv4 address
-#listen_addr = 0.0.0.0
-# (use :: for listen to all IPv6 and IPv4 addresses)
-#listen_addr = ::
-
-# Port to listen for incoming SSH connections.
-# To listen to IPv6, set this to "::"
-#
-# (default: 2222)
-#listen_port = 2222
-
-# Source Port to report in logs (useful if you use iptables to forward ports to cowrie)
-#reported_ssh_port = 22
-
-# Enable to log the public IP of the honeypot (useful if listening on 127.0.0.1)
-# IP address is obtained by querying http://myip.threatstream.com
-#report_public_ip = true

 # Hostname for the honeypot. Displayed by the shell prompt of the virtual
-# environment.
+# environment
 #
 # (default: svr04)
 hostname = svr04

+
 # Directory where to save log files in.
 #
 # (default: log)
 log_path = log

-# Directory where to save downloaded (malware) files in.
+
+# Directory where to save downloaded artifacts in.
 #
 # (default: dl)
 download_path = dl

-# Maximum file size (in bytes) for downloaded files to be stored in 'download_path'.
-# A value of 0 means no limit. If the file size is known to be too big from the start,
-# the file will not be stored on disk at all.
+
+# Directory for miscellaneous data files, such as the password database.
 #
-# (default: 0)
-#download_limit_size = 10485760
+# (default: data_path)
+data_path = data
+

 # Directory where virtual file contents are kept in.
 #
@@ -65,45 +51,16 @@ download_path = dl
 # (default: honeyfs)
 contents_path = honeyfs

+
 # File in the python pickle format containing the virtual filesystem.
 #
-# This includes the filenames, paths, permissions for the whole filesystem,
+# This includes the filenames, paths, permissions for the Cowrie filesystem,
 # but not the file contents. This is created by the createfs.py utility from
 # a real template linux installation.
 #
 # (default: fs.pickle)
 filesystem_file = data/fs.pickle

-# Directory for miscellaneous data files, such as the password database.
-#
-# (default: data_path)
-data_path = data
-
-# Class that implements the checklogin() method.
-#
-# Class must be defined in cowrie/core/auth.py
-# Default is the 'UserDB' class which uses the password database.
-#
-# Alternatively the 'AuthRandom' class can be used, which will let
-# a user login after a random number of attempts.
-# It will also cache username/password combinations that allow login.
-#
-auth_class = UserDB
-# When AuthRandom is used also set the
-#  auth_class_parameters: <min try>, <max try>, <maxcache>
-#  for example: 2, 5, 10 = allows access after randint(2,5) attempts
-#  and cache 10 combinations.
-#
-#auth_class = AuthRandom
-#auth_class_parameters = 2, 5, 10
-
-# No authentication checking at all
-# enabling 'auth_none' will enable the ssh2 'auth_none' authentication method
-# this allows the requested user in without any verification at all
-#
-# (default: false)
-
-auth_none_enabled = false

 # Directory for creating simple commands that only output text.
 #
@@ -113,28 +70,44 @@ auth_none_enabled = false
 # The contents of the file will be the output of the command when run inside
 # the honeypot.
 #
-# In addition to this, the file must exist in the virtual
-# filesystem {filesystem_file}
+# In addition to this, the file must exist in the virtual filesystem 
 #
 # (default: txtcmds)
 txtcmds_path = txtcmds

-# Public and private SSH key files. If these don't exist, they are created
-# automatically.
-rsa_public_key = data/ssh_host_rsa_key.pub
-rsa_private_key = data/ssh_host_rsa_key
-dsa_public_key = data/ssh_host_dsa_key.pub
-dsa_private_key = data/ssh_host_dsa_key

-# sftp_enabled enables the sftp subsystem
-sftp_enabled = true
+# Maximum file size (in bytes) for downloaded files to be stored in 'download_path'.
+# A value of 0 means no limit. If the file size is known to be too big from the start,
+# the file will not be stored on disk at all.
+#
+# (default: 0)
+#download_limit_size = 10485760

-# IP address to bind to when opening outgoing connections. Used by
-# the wget and curl commands.
+
+# Session management interface.
+#
+# This is a telnet based service that can be used to interact with active
+# sessions. Disabled by default. The interact feature is only available on 
+# the loopback interface.
+#
+# (default: false)
+interact_enabled = false
+# (default: 5123)
+interact_port = 5123
+
+
+
+# ============================================================================
+# Network Specific Options
+# ============================================================================
+
+# IP address to bind to when opening outgoing connections. Used by wget and
+# curl commands.
 #
 # (default: not specified)
 #out_addr = 0.0.0.0

+
 # Fake address displayed as the address of the incoming connection.
 # This doesn't affect logging, and is only used by honeypot commands such as
 # 'w' and 'last'
@@ -145,16 +118,76 @@ sftp_enabled = true
 # (default: not specified)
 #fake_addr = 192.168.66.254

-# The IP address on which this machine reachable on from the internet.
-# Useful if you use portforwarding or other mechanisms. If empty, cowrie
+
+# The IP address on which this machine is reachable on from the internet.
+# Useful if you use portforwarding or other mechanisms. If empty, Cowrie
 # will determine by itself. Used in 'netstat' output
 #
 #internet_facing_ip = 9.9.9.9

+
+# Enable to log the public IP of the honeypot (useful if listening on 127.0.0.1)
+# IP address is obtained by querying http://myip.threatstream.com
+#report_public_ip = true
+
+
+
+# ============================================================================
+# Authentication Specific Options
+# ============================================================================
+
+
+# Class that implements the checklogin() method.
+#
+# Class must be defined in cowrie/core/auth.py
+# Default is the 'UserDB' class which uses the password database.
+#
+# Alternatively the 'AuthRandom' class can be used, which will let
+# a user login after a random number of attempts.
+# It will also cache username/password combinations that allow login.
+#
+auth_class = UserDB
+
+# When AuthRandom is used also set the
+#  auth_class_parameters: <min try>, <max try>, <maxcache>
+#  for example: 2, 5, 10 = allows access after randint(2,5) attempts
+#  and cache 10 combinations.
+#
+#auth_class = AuthRandom
+#auth_class_parameters = 2, 5, 10
+
+
+# No authentication checking at all
+# enabling 'auth_none' will enable the ssh2 'auth_none' authentication method
+# this allows the requested user in without any verification at all
+#
+# (default: false)
+#auth_none_enabled = false
+
+
+# ============================================================================
+# SSH Specific Options
+# ============================================================================
+
+
+# IP addresses to listen for incoming SSH connections.
+#
+# (default: 0.0.0.0) = any IPv4 address
+#listen_addr = 0.0.0.0
+# (use :: for listen to all IPv6 and IPv4 addresses)
+#listen_addr = ::
+
+
+# Port to listen for incoming SSH connections.
+#
+# (default: 2222)
+#listen_port = 2222
+
+
 # SSH Version String
 #
-# Use this to disguise your honeypot from a simple SSH version scan
-# frequent Examples: (found experimentally by scanning ISPs)
+# Use these to disguise your honeypot from a simple SSH version scan
+# Examples:
 # SSH-2.0-OpenSSH_5.1p1 Debian-5
 # SSH-1.99-OpenSSH_4.3
 # SSH-1.99-OpenSSH_4.7
@@ -178,21 +211,28 @@ sftp_enabled = true
 # (default: "SSH-2.0-SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2")
 ssh_version_string = SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2

-# Banner file to be displayed before the first login attempt.
-#
-#banner_file = DEPRECATED; always '/etc/issue.net' in honeyfs

-# Session management interface.
-#
-# This is a telnet based service that can be used to interact with active
-# sessions. Disabled by default.
-#
-# (default: false)
-interact_enabled = false
-# (default: 5123)
-interact_port = 5123
+# Source Port to report in logs (useful if you use iptables to forward ports to Cowrie)
+#reported_ssh_port = 22


+# Public and private SSH key files. If these don't exist, they are created
+# automatically.
+rsa_public_key = data/ssh_host_rsa_key.pub
+rsa_private_key = data/ssh_host_rsa_key
+dsa_public_key = data/ssh_host_dsa_key.pub
+dsa_private_key = data/ssh_host_dsa_key
+
+
+# sftp_enabled enables the sftp subsystem
+sftp_enabled = true
+
+
+
+# ============================================================================
+# Database logging Specific Options
+# ============================================================================
+
 # XMPP Logging
 # Log to an xmpp server.
 #
@@ -210,14 +250,9 @@ interact_port = 5123
 #debug=true


-# Text based logging module
-#
-# While this is a database logging module, it actually just creates a simple
-# text based log. This may not have much purpose, if you're fine with the
-# default text based logs generated by cowrie in log/
-#
-#[database_textlog]
-#logfile = log/cowrie-textlog.log
+# ============================================================================
+# Output Plugins
+# ============================================================================


 # JSON based logging module
@@ -238,13 +273,13 @@ logfile = log/cowrie.json

 # Send login attemp information to SANS DShield
 # See https://isc.sans.edu/ssh.html
-# You must signup for an api key. 
+# You must signup for an api key.
 # Once registered, find your details at: https://isc.sans.edu/myaccount.html
 #
 #[output_dshield]
-#userid = userid_here 
-#auth_key = auth_key_here 
-#batch_size = 100 
+#userid = userid_here
+#auth_key = auth_key_here
+#batch_size = 100


 # Local Syslog output module
@@ -288,8 +323,8 @@ logfile = log/cowrie.json
 #debug=false


-# Virustotal output module
-#
+# VirusTotal output module
+# You must signup for an api key.
 #
 #[output_virustotal]
 #api_key = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef