Happy New Year all!
Whilst eating FAR too much turkey and chocolates over the festive break, I’ve managed to progress a couple of personal projects on (between stints on the kids’ Scalectrix track, thanks Santa). Still tasks to do(*), but a working EC2 User-Data script to build to automate deployment Cowrie honeypot has reached MVP stage.
#!/bin/bash
# based on https://cowrie.readthedocs.io/en/latest/INSTALL.html
apt -y update
DEBIAN_FRONTEND=noninteractive apt -y upgrade
apt -y install git python-virtualenv libssl-dev libffi-dev build-essential libpython3-dev python3-minimal authbind virtualenv
adduser --disabled-password --gecos "" cowrie
sudo -H -u cowrie /bin/bash -s << EOF >> /home/cowrie/heredoc.out
cd /home/cowrie/
git clone http://github.com/cowrie/cowrie
cd /home/cowrie/cowrie
virtualenv --python=python3 cowrie-env
source cowrie-env/bin/activate
pip install --upgrade pip
pip install --upgrade -r requirements.txt
bin/cowrie start
EOF
# runs with cowrie.cfg.dist - will need tuning to specific usecaseLatest version will be maintained here
*current items on back of beer mat project plan, which may or may not get completed, are:
- Customise cowrie.cfg, to launch on standard ports rather than default SSH on T:2222 – Completed
Fix apt upgrade issue– Fixed courtesy of @ajhdockMount Cowrie logging, output, and downloads to EFS for persistance– configure Cowrie’s native S3 output module- Expand instance to Spot instance pool to lower costs and/or increase instance count
- Ingest activity logs into $something for further analysis
—
Andrew Waite