Happy New Year all!
Whilst eating FAR too much turkey and chocolates over the festive break, I’ve managed to progress a couple of personal projects on (between stints on the kids’ Scalectrix track, thanks Santa). Still tasks to do(*), but a working EC2 User-Data script to build to automate deployment Cowrie honeypot has reached MVP stage.
#!/bin/bash # based on https://cowrie.readthedocs.io/en/latest/INSTALL.html apt -y update DEBIAN_FRONTEND=noninteractive apt -y upgrade apt -y install git python-virtualenv libssl-dev libffi-dev build-essential libpython3-dev python3-minimal authbind virtualenv adduser --disabled-password --gecos "" cowrie sudo -H -u cowrie /bin/bash -s << EOF >> /home/cowrie/heredoc.out cd /home/cowrie/ git clone http://github.com/cowrie/cowrie cd /home/cowrie/cowrie virtualenv --python=python3 cowrie-env source cowrie-env/bin/activate pip install --upgrade pip pip install --upgrade -r requirements.txt bin/cowrie start EOF # runs with cowrie.cfg.dist - will need tuning to specific usecase
Latest version will be maintained here
*current items on back of beer mat project plan, which may or may not get completed, are:
- Customise cowrie.cfg, to launch on standard ports rather than default SSH on T:2222 – Completed
Fix apt upgrade issue– Fixed courtesy of @ajhdock Mount Cowrie logging, output, and downloads to EFS for persistance– configure Cowrie’s native S3 output module
- Expand instance to Spot instance pool to lower costs and/or increase instance count
- Ingest activity logs into $something for further analysis