Setting up 🐝 Cowrie Honeypot

Welcome to the Cowrie Honeypot Setup Guide! In this tutorial, you will learn how to install, configure, and manage a Cowrie Honeypot on a virtual machine (VM).

Honeypots are powerful tools that help detect, log, and analyze unauthorized access attempts. By setting up Cowrie, you'll gain hands-on experience in monitoring attacks and understanding the behavior of malicious actors.

Follow the steps below to get your honeypot up and running!

1. Generate the SSH key

To generate the key, please follow these instructions

2. Set up the VM

To set up the VM, follow these instructions

3. Setup Cowrie on the VM

Attention

This is done on the VM you created in step 2

A. Install required packages

The command that installs required packages:

sudo apt-get install git python3-virtualenv libssl-dev libffi-dev build-essential libpython3-dev python3-minimal authbind virtualenv

sudo apt install python3.11-venv

This command installs Git, Python virtual environment tools, SSL libraries, development tools, authbind to allow non-root users to bind to restricted ports, and the Python 3.11 virtual environment.

More For Nerds

sudo: Run the command with superuser (admin) privileges.

apt-get install: Install the following packages.

git: Version control system for tracking code changes.

python3-virtualenv: Tool to create isolated Python 3 environments.

libssl-dev: Libraries for SSL/TLS encryption.

libffi-dev: Libraries for interfacing Python with C code.

build-essential: Essential tools for compiling software (e.g., gcc, g++).

libpython3-dev: Development files for Python 3 (for building Python modules).

python3-minimal: Minimal Python 3 installation.

authbind: Allows non-root users to bind to low-numbered ports.

virtualenv: Tool to create isolated Python environments.

python3.11-venv: Python 3.11 virtual environment for managing Python dependencies.

B. Install Cowrie

1. Clone the repo from Github using

   git clone http://github.com/cowrie/cowrie ~/cowrie 
   

2. Go to the cowrie folder

   cd ~/cowrie
   

3. Create a python environment

   python3 -m venv cowrie-env
   

4. Activate environment

   source ~/cowrie/cowrie-env/bin/activate
   

5. Upgrade pip within the virtual environment

   python -m pip install --upgrade pip
   

6. Install requirements from requirements.txt within the virtual environment

   python -m pip install --upgrade -r requirements.txt
   

7. Copy userdb.example to userdb.txt for setting up login credentials.

   cp ~/cowrie/etc/userdb.example ~/cowrie/etc/userdb.txt
   

C. Configure ports

1. Install iptables

   sudo apt install iptables
   

2. Edit the /etc/sysctl.conf file by uncommenting net.ipv4.ip_forward=1

   sudo nano /etc/sysctl.conf
   

3. Refresh system to apply changes

   sudo sysctl -p
   

4. Reroute traffic from port 22 to 2222

   sudo iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222
   

5. Save current iptables config

   sudo apt-get install iptables-persistent
   
   # Replace rules.v4 with current configuration
   
   sudo iptables-save | sudo tee /etc/iptables/<rules.v4>
   

6. See rules [optional]

   sudo iptables -L
   

4. Manage Cowrie Honeypot

Cowrie commands

1. Start Cowrie

   ~/cowrie/bin/cowrie start
   

2. Stop Cowrie

   ~/cowrie/bin/cowrie stop
   

3. Force-stop Cowrie

   ~/cowrie/bin/cowrie force-stop
   

4. Status of Cowrie

   ~/cowrie/bin/cowrie status
   

5. Restart Cowrie

   ~/cowrie/bin/cowrie restart
   

6. Shell Cowrie

   ~/cowrie/bin/cowrie shell
   

7. Sometimes it's useful to reload the daemon

   systemctl daemon-reload