mhn_cowrie

pdk
Module for adding a cowrie sensor to mhn

Marco Centurión

mcenturion

2,031 downloads

1,250 latest version

2.1 quality score

Version information

  • 0.3.1 (latest)
  • 0.3.0
  • 0.2.1
  • 0.2.0
  • 0.1.0
released Oct 30th 2019
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x
  • Puppet >= 6.10.0 < 7.0.0
  • CentOS

Start using this module

Documentation

mcenturion/mhn_cowrie — version 0.3.1 Oct 30th 2019

cowrie

Table of Contents

  1. Description
  2. Setup - The basics of getting started with cowrie
  3. Usage - Configuration options and additional functionality
  4. Limitations - OS compatibility, etc.
  5. Development - Guide for contributing to the module

Description

A module to add a cowrie honeypot

Setup

What cowrie affects

This module ensures that git is installed, clones the cowrie repo and configures it. In doing so it ensures that python2.7, pip and virtualenv are installed; it also installs supervisord.

Beginning with cowrie

mhn_cowrie{'cowrie':
    hpf_server => 'mhn.local',
    hpf_id     => '91ded218-eaec-11e9-954a-000c299b8253',
    hpf_secret => 'LId9U19VHuQOUnTU',
}

Usage

The following is a full usage case where every parameter is configured

mhn_cowrie{'cowrie':
  user        => 'cowrie',
  ssh_port    => 2232
  hpf_server  => 'mhn.local',
  hpf_port    => 4237,
  hpf_id      => '91ded218-eaec-11e9-954a-000c299b8253',
  hpf_secret  => 'LId9U19VHuQOUnTU',
  telnet_port => 2223,
}

Reference

mhn_cowrie

Parameters

user

The user that the cowrie service will be run as.

Defaults to 'cowrie'.

ssh_port

The port where cowrie will listen for ssh connections.

Defaults to 2222.

hpf_server

The HPFeeds server, in the intended use-case this will be the MHN server.

hpf_port

The port where your HPF server accepts reports.

Defaults to 10000.

hpf_id

The UUID that this honeypot will report as to the HPF server.

hpf_secret

The secret that this honeypot will use to communicate with the HPF server.

telnet_ports

The ports where cowrie will listen for telnet connections.

Defaults to undef.

Limitations

If you want cowrie to listen on port 22 you should make the appropriate changes somewhere else in you manifest:

  • Change the port that the real ssh service listens on
  • Make the appropriate changes in the firewall

This module is only tested con CentOS7. It might work on other RHEL7 based distros but there are no warranties.

Development

Any contributions are welcome in the form of Pull Requests on the main github repo.