Configuration Cowrie
Le Honeypot SSH : Installation, Configuration et Logs.
1. Configuration Réseau (Statique)
Fichier : /etc/network/interfaces
Option 1 : Commande temporaire (Immédiat)
Bash
sudo ip addr add 192.168.50.140/25 dev ens33
sudo ip route add default via 192.168.50.129
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.confOption 2 : Configuration Persistante (Netplan)
/etc/netplan/00-installer-config.yaml
network:
version: 2
renderer: networkd
ethernets:
ens33:
addresses:
- 192.168.50.140/25
routes:
- to: default
via: 192.168.50.129
nameservers:
addresses: [8.8.8.8]Appliquer avec : sudo netplan apply
2. Installation Rapide
Bash
# 1. Dépendances
sudo apt-get update && sudo apt-get upgrade -y
sudo apt-get install -y git python3-virtualenv libssl-dev libffi-dev build-essential libpython3-dev python3-pip
# 2. Utilisateur
sudo adduser --disabled-password cowrie
sudo su - cowrie
# 3. Installation
git clone http://github.com/cowrie/cowrie
cd cowrie
python3 -m venv cowrie-env
source cowrie-env/bin/activate
pip install --upgrade pip
pip install -r requirements.txt3. Configuration (cowrie.cfg)
Copiez cowrie.cfg.dist vers cowrie.cfg et modifiez :
cowrie.cfg
[honeypot]
# Nom d'hôte trompeur
hostname = prod-web-01
# Port d'écoute (doit correspondre au NAT pfSense)
listen_endpoints = tcp:2222:interface=0.0.0.0
[output_json]
enabled = true
logfile = log/cowrie.json4. Export des Logs (NFS)
Pour envoyer les logs vers le serveur ELK via NFS.
Bash
# 1. Installer le serveur NFS
sudo apt-get install -y nfs-kernel-server
# 2. Configurer l'export (/etc/exports)
echo "/home/cowrie/cowrie/log 192.168.50.10(rw,sync,no_subtree_check)" | sudo tee -a /etc/exports
# 3. Appliquer
sudo exportfs -a
sudo systemctl restart nfs-kernel-server5. Démarrage Automatique (Systemd)
Créer le fichier /etc/systemd/system/cowrie.service :
cowrie.service
[Unit]
Description=Cowrie SSH Honeypot
After=network.target
[Service]
User=cowrie
WorkingDirectory=/home/cowrie/cowrie
ExecStart=/home/cowrie/cowrie/cowrie-env/bin/python /home/cowrie/cowrie/cowrie-env/bin/cowrie start
Restart=on-failure
[Install]
WantedBy=multi-user.targetActiver le service :
Bash
sudo systemctl daemon-reload
sudo systemctl enable cowrie
sudo systemctl start cowrie