Role Name

Warning: This is not fully completed yet.

This role installs the Cowrie medium interaction honeypot on any Debian-based system. By default, the cowrie process listens on port 2222. IPTables is set up to redirect any requests from port 22 to port 2222.

Requirements

None

Role Variables

Defaults:

• cowrie_user: User that runs the process and owns the files. Default: cowrie
• cowrie_group: Group that owns the files. Default: {{ cowrie_user }}
• cowrie_repo: The Git repository to get the code from. Default: http://github.com/micheloosterhof/cowrie
• cowrie_dir: Directory where the code will be cloned. Default: /home/{{ cowrie_user }}/cowrie
• cowrie_version: Version tag to check out. Default: v2.0.0
• cowrie_port_pub: Public port for connections. Default: 22
• cowrie_port_priv: The port cowrie listens on. Default: 2222
• cowrie_hostname: Hostname shown in the cowrie environment. Default: srv02.
• cowrie_log_path: Path for log files. Default: var/log/cowrie.
• cowrie_download_path: Path for files that are downloaded/uploaded for analysis. Default: ${honeypot:state_path}/downloads
• cowrie_data_path: Directory for data. Default: data
• cowrie_share_path: Path for shared data. Default: share/cowrie
• cowrie_state_path: Path for state data. Default: var/lib/cowrie
• cowrie_etc_path: Path for configuration files. Default: etc
• cowrie_contents_path: Path for contents of files in the virtual filesystem. Default: honeyfs
• cowrie_txtcmds_path: Path for txtcmd files. Default: txtcmds
• cowrie_ttylog: Boolean to decide if tty session logging is enabled. Default: true
• cowrie_ttylog_path: Path for tty logs. Default: {{ cowrie_log_path }}/tty
• cowrie_interactive_timeout: Timeout for interactive logon in seconds. Default: 120
• cowrie_auth_class: Authentication class. Options: UserDB or AuthRandom. Default: UserDB
• cowrie_backend: Type of backend shown to attackers. Options: shell or proxy. Default: shell
• cowrie_filesystem: Location of virtual filesystem. Default: "${honeypot:share_path}/fs.pickle"
• cowrie_processes: Path to JSON file with process information. Default: share/cowrie/cmdoutput.json
• cowrie_arch: Fake architecture/OS shown in the honeypot. Default: linux-x64-lsb
• cowrie_kernel_version: Kernel version displayed in the honeypot. Default: 3.2.0-4-amd64
• cowrie_kernel_build_string: Kernel build string shown in the honeypot. Default: #1 SMP Debian 3.2.68-1+deb7u1
• cowrie_hardware_platform: Hardware platform displayed in the honeypot. Default: GNU/Linux
• cowrie_ssh_enabled: Boolean to control if SSH access is enabled.
• cowrie_rsa_public_key: Path to the public RSA host key. Default: ${honeypot:state_path}/ssh_host_rsa_key.pub
• cowrie_rsa_private_key: Path to the private RSA host key. Default: ${honeypot:state_path}/ssh_host_rsa_key
• cowrie_dsa_public_key: Path to the public DSA host key. Default: ${honeypot:state_path}/ssh_host_dsa_key.pub
• cowrie_dsa_private_key: Path to the private DSA host key. Default: ${honeypot:state_path}/ssh_host_dsa_key
• cowrie_ssh_version_string: Version shown when connections are attempted. Default: SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
• cowrie_ssh_listen_endpoints: Addresses for listening to new connections. Default: tcp:{{ cowrie_port_priv }}:interface=0.0.0.0
• cowrie_sftp_enabled: Flag to allow SFTP connections for file transfers.
• cowrie_ssh_forwarding: Flag to control if SSH forwarding is allowed. Default: false
• cowrie_forward_redirect: Flag to redirect ports to other addresses/honeypots. Default: false
• cowrie_userdb_location: Path to the user database file. Default: userdb.txt
• cowrie_manager: Service manager to control the cowrie service. Options: native, systemd. Default: systemd

Dependencies

None

Example Playbook

Here is an example playbook to install cowrie using the default settings:

---
# site.yml
- hosts: servers
  become: yes
  roles:
  - lksnyder0.cowrie

License

BSD 2-Clause (License FreeBSD/Simplified)