Cowrie installation problem

[forensi...@gmail.com]

Hello all,

Just wondering if anyone else has experienced this issue with the installation of the Cowrie honeypot. I created a Ubuntu 14.04 server under VBox with only SSH installed. Cowrie was then installed. All seemed to be fine but when I run "sudo supervisorctl status", Cowrie responds with a "Fatal" error. According to the Cowrie error log, there seems to be a conflict between two twisted servers. I am interested in learning how to resolve this issue. Cowrie itself seems to be working as I sees attacks are being recorded.

Also, has anyone ported Cowrie to have the information show up under Kippo-Graph? I am interested in learning what changes were made to do this.

Thank you in advance to those who wish to help.

[Jason Trost]

Re cowrie, i was able to replicate the issue and i fixed it here: https://github.com/threatstream/mhn/pull/301

simply copy the contents from this file https://raw.githubusercontent.com/threatstream/mhn/master/scripts/deploy_cowrie.sh into your MHN webapp deploy page for cowrie and the click "Update".  You can fix on your already deployed honeypot by doing this:

sudo pkill -f twistd

cat > /etc/supervisor/conf.d/cowrie.conf <<EOF

[program:cowrie]

command=authbind --deep twistd -l log/cowrie.log --umask 0077 --pidfile cowrie.pid --nodaemon cowrie

directory=/opt/cowrie

stdout_logfile=/opt/cowrie/log/cowrie.out

stderr_logfile=/opt/cowrie/log/cowrie.err

autostart=true

autorestart=true

stopasgroup=true

killasgroup=true

user=cowrie

EOF

supervisorctl update

--
You received this message because you are subscribed to the Google Groups "Modern Honey Network" group.
To unsubscribe from this group and stop receiving emails from it, send an email to modern-honey-network+unsub...@googlegroups.com.
To post to this group, send email to modern-honey-network@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/modern-honey-network/616f7874-7135-45cd-af84-2ae4ed729e18%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Jason Trost | VP of Threat Research | www.anomali.com 

2317 Broadway, 3rd Floor| Redwood City, CA 94063

Phone:  386.235.0078 | Twitter:  @jason_trost 

[jefferso...@gmail.com]

Hello guys,

In order to add some useful information I had the same problem.

After install everything I had the following status:

root@localhost:~# supervisorctl status

cowrie: ERROR (abnormal termination)

Even after apply Jason suggestion, the error remained. My log presented the following error:

root@localhost:/opt/cowrie/log# cat cowrie.err

Unhandled Error

Traceback (most recent call last):

  File "/usr/lib/python2.7/dist-packages/twisted/application/app.py", line 604, in parseOptions

    usage.Options.parseOptions(self, options)

  File "/usr/lib/python2.7/dist-packages/twisted/python/usage.py", line 261, in parseOptions

    for (cmd, short, parser, doc) in self.subCommands:

  File "/usr/lib/python2.7/dist-packages/twisted/application/app.py", line 621, in subCommands

    for plug in sorted(plugins, key=attrgetter('tapname')):

  File "/usr/lib/python2.7/dist-packages/twisted/plugin.py", line 209, in getPlugins

    allDropins = getCache(package)

--- <exception caught here> ---

  File "/usr/lib/python2.7/dist-packages/twisted/plugin.py", line 167, in getCache

    provider = pluginModule.load()

  File "/usr/lib/python2.7/dist-packages/twisted/python/modules.py", line 383, in load

    return self.pathEntry.pythonPath.moduleLoader(self.name)

  File "/usr/lib/python2.7/dist-packages/twisted/python/_reflectpy3.py", line 266, in namedAny

    topLevelPackage = _importAndCheckStack(trialname)

  File "/usr/lib/python2.7/dist-packages/twisted/python/_reflectpy3.py", line 213, in _importAndCheckStack

    reraise(excValue, excTraceback)

  File "/opt/cowrie/twisted/plugins/cowrie_plugin.py", line 46, in <module>

    from cowrie.core.config import readConfigFile

  File "/opt/cowrie/cowrie/core/config.py", line 8, in <module>

    import configparser

exceptions.ImportError: No module named configparser

The message is clear, so I just needed to install the configparser (apt-get install python-configparser) and it was solved like a charm.

Regards all!

To post to this group, send email to modern-hon...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/modern-honey-network/616f7874-7135-45cd-af84-2ae4ed729e18%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.