Install and setup cowrie honeypot on Ubuntu

SleepySycamore

已于 2025-03-14 13:32:16 修改

阅读量1k

点赞数 22

文章标签： ubuntu linux 运维

于 2025-03-14 13:31:33 首次发布

本文链接：https://blog.csdn.net/weixin_74036105/article/details/146255297

版权

Install and setup cowrie honeypot on Ubuntu

What is Cowrie honeypot?

The Cowrie honeypot is designed to impersonate SSH servers, specifically one with easily cracked credentials. Once an attacker logs in they will be accessing a fake Linux shell where they can execute commands which will look realistic. It will record all the sessions of an attacker. With Cowrie, the attacker will think they have hacked/attacked your server as if it was real. When an attacker tries to log into your server with the right username and password, the system will let them access a fake system in which they are not supposed to be. Honeypot keeps records of the attacker such as the commands he typed or the keys he pressed and all the activities of the attacker. The hosts SSH daemon will run on a highest port which is 22222, Cowrie will run on 2222, and port 22 (default SSH) will be redirected to 2222 using iptables. When the attacker connects to port 22 it will be redirected to our Honeypot on port 2222.

Before install Cowrie

If you have an ubuntu system, you should install the following dependencies before using it。

Pre-installation of python3

sudo apt update && sudo apt install python3

Verify installation and check python version:python3 --version

ps : python < 3.9 is not supported when it comes to employ Cowrie.

pip (Python package management tool)
Tools for installing third-party libraries and virtual environments

sudo apt install python3-pip

Verify installation and check pip3 version:pip3 --version

venv module (virtual environment support)

The venv module is a virtual environment tool that comes with Python 3.3+ and needs to be installed separately.

sudo apt install python3-venv

This is a necessary component for creating a virtual environment

Install Python, pip, and venv all at once:

sudo apt install python3 python3-pip python3-venv

SSH Service Core Dependency Packages

sudo apt install openssh-server

check ssh service status:sudo systemctl status ssh

manual activation:sudo systemctl start ssh

Setting up boot-up:sudo systemctl enble ssh

edition tool(anything you like)

sudo apt install vim

Before installing cowrie and our dependencies, change the default SSH port 22 to port 22222 in sshd_config file so that the attacker thinks that they are in real SSH port and restart SSH to see if it is listening to the newly configured port.

(sshd_config is only visible if openssh-server is installed.)

root@localhost:~# vim /etc/ssh/sshd_config

Replace port 22 with the highest port 22222 and restart ssh

root@localhost:~# systemctl restart ssh

root@localhost:~# systemctl status ssh

To confirm if it is listening to the newly configured port run the below command:

$ ssh [your-username]@localhost -p 22222

install cowrie honeypot on ubuntu

1.Update the system

$ sudo apt update #Updating the package list
$ sudo apt upgrade #Upgrading installed packages

2. Install all the dependencies of Cowrie

$ sudo apt-get install git python3-venv libssl-dev libffi-dev build-essential libpython3-dev python3-minimal authbind

3. Add a user Cowrie

$ sudo adduser Cowrie
$ sudo usermod -aG sudo Cowrie
$ su - Cowrie
$ sudo whoami #root

4.Git clone the code for cowire

$ git clone http://github.com/cowrie/cowrie

5.Setup Virtual Environment for Cowrie

$ cd cowrie
~/cowrie$ pwd
# /home/Cowrie/cowrie
~/cowrie$ python -m venv cowrie-env
# virtualenv cowrie-env

6.Activate the virtual environment and install packages

~/cowrie$ source cowrie-env/bin/activate
(cowrie-env):~/cowrie $ python -m pip install --upgrade pip
(cowrie-env):~/cowrie $ python -m pip install --upgrade -r requirements.txt

7. Edit configuration file

The configuration for Cowrie is stored in cowrie.cfg.dist and cowrie.cfg (Located in cowrie/etc). Both files are read on startup, where entries from cowrie.cfg take precedence. The .dist file can be overwritten by upgrades, cowrie.cfg will not be touched. To run with a standard configuration, there is no need to change anything.

(cowrie-env):~/cowrie $ cd etc/
(cowrie-env):~/cowrie/etc $ cp cowrie.cfg.dist cowrie.cfg
(cowrie-env):~/cowrie/etc $ sudo vim cowrie.cfg

change the hostname first and then enable telnet using any of the editors.

在这里插入图片描述

8.Redirect traffic using iptables

root@localhost:~# iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222

root@localhost:~# iptables -t nat -A PREROUTING -p tcp --dport 23 -j REDIRECT --to-port 2223

9. Start cowrie

(cowrie-env):~/cowrie $ bin/cowrie start

# You can stop cowrie by running the following command
(cowrie-env):~/cowrie $ bin/cowrie stop

10.To see the logs in realtime in honeypot use below command.

(cowrie-env):~/cowrie/var/log/cowrie $ tail -f cowrie.log

11.To get the logs of Honeypot use below command

(cowrie-env):~/cowrie/var/log/cowrie $ cat cowrie.log

Reference

1.Install and setup cowrie honeypot on Ubuntu

2.Installing Cowrie in seven steps

3.Cowrie蜜罐的部署（ubt亲测）