Cowrie fails to start with supervisord

[Scott Keoseyan]

In the cowrie.log file I am seeing this: /usr/local/bin/twistd: Unknown command: cowrie

Any ideas? I am running the basic install script and it completes with no errors.

thanks,

—Scott

[Justin Shattuck]

Are you using docker and/or Ubuntu 16.04?  There is a known issue with Cowrie related to crypto pkg.

[Scott Keoseyan]

No. 14.04 but I noted that the newest version of twisted was installed. I back revved it to 15.1.0 and am trying again. 

--
Scott Keoseyan 
Typos courtesy of my  iPhone

--
You received this message because you are subscribed to the Google Groups "Modern Honey Network" group.
To unsubscribe from this group and stop receiving emails from it, send an email to modern-honey-net...@googlegroups.com.
To post to this group, send email to modern-hon...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/modern-honey-network/47698b32-6add-4a6e-9d4b-f0db0deba885%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Scott Keoseyan]

No - I get to the same exact place now as well.  If I update twisted using pip with the —upgrade option, I get crypto module errors when I try to start.

On Jan 18, 2017, at 1:00 PM, norm...@gmail.com wrote:

Any update on this?  I have Ubuntu 14.04.  Installed cowrie with scripts provided by MHN (threatstream.com).  They worked great, no errors.  I double-checked permissions on /opt/cowrie/ and /etc/authbind/byport/22 and they are owned by cowrie with correct permissions.
Versions: 
Ubunto 14.04
Twisted and supervisor

$:/opt/cowrie/log$ sudo apt list --installed | egrep "twisted|supervisor"

WARNING: apt does not have a stable CLI interface yet. Use with caution in scripts.

python-twisted/trusty,now 13.2.0-1ubuntu1 all [installed]
python-twisted-bin/trusty,now 13.2.0-1ubuntu1 i386 [installed]
python-twisted-conch/trusty,now 1:13.2.0-1ubuntu1 all [installed,automatic]
python-twisted-core/trusty,now 13.2.0-1ubuntu1 all [installed]
python-twisted-lore/trusty,now 13.2.0-1ubuntu1 all [installed,automatic]
python-twisted-mail/trusty,now 13.2.0-1ubuntu1 all [installed,automatic]
python-twisted-names/trusty,now 13.2.0-1ubuntu1 all [installed,automatic]
python-twisted-news/trusty,now 13.2.0-1ubuntu1 all [installed,automatic]
python-twisted-runner/trusty,now 13.2.0-1ubuntu1 i386 [installed,automatic]
python-twisted-web/trusty,now 13.2.0-1ubuntu1 all [installed,automatic]
python-twisted-words/trusty,now 13.2.0-1ubuntu1 all [installed,automatic]
supervisor/trusty,now 3.0b2-1 all [installed]

When I start

sudo supervisorctl start cowrie

I get

cowrie: ERROR (abnormal termination)

in cowrie.out:

/usr/bin/twistd: Unknown command: cowrie

in cowrie.err:

  File "/opt/cowrie/twisted/plugins/cowrie_plugin.py", line 45, in <module>
    from twisted.logger import ILogObserver, globalLogPublisher
exceptions.ImportError: No module named logger

On Thursday, 5 January 2017 21:47:49 UTC-7, Scott Keoseyan wrote:

No. 14.04 but I noted that the newest version of twisted was installed. I back revved it to 15.1.0 and am trying again. 

--
Scott Keoseyan 
Typos courtesy of my  iPhone

On Jan 5, 2017, at 18:13, Justin Shattuck <justins...@gmail.com> wrote:

Are you using docker and/or Ubuntu 16.04?  There is a known issue with Cowrie related to crypto pkg.

On Tuesday, January 3, 2017 at 2:19:56 PM UTC-8, Scott Keoseyan wrote:

In the cowrie.log file I am seeing this: /usr/local/bin/twistd: Unknown command: cowrie

Any ideas?  I am running the basic install script and it completes with no errors.  

thanks,

—Scott

--
You received this message because you are subscribed to the Google Groups "Modern Honey Network" group.

To unsubscribe from this group and stop receiving emails from it, send an email to modern-honey-network+unsub...@googlegroups.com.

To post to this group, send email to modern-hon...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/modern-honey-network/47698b32-6add-4a6e-9d4b-f0db0deba885%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Modern Honey Network" group.
To unsubscribe from this group and stop receiving emails from it, send an email to modern-honey-net...@googlegroups.com.
To post to this group, send email to modern-hon...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/modern-honey-network/d9deb6f9-70cb-43ed-bc23-084acb6f2223%40googlegroups.com.

[norm...@gmail.com]

Scott,
Any progress on this?  I have something very similar occurring.  Have posted my issue on cowrie git page.

On Thursday, 5 January 2017 21:47:49 UTC-7, Scott Keoseyan wrote:

No. 14.04 but I noted that the newest version of twisted was installed. I back revved it to 15.1.0 and am trying again. 

--
Scott Keoseyan 
Typos courtesy of my  iPhone

On Jan 5, 2017, at 18:13, Justin Shattuck <justins...@gmail.com> wrote:

Are you using docker and/or Ubuntu 16.04?  There is a known issue with Cowrie related to crypto pkg.

On Tuesday, January 3, 2017 at 2:19:56 PM UTC-8, Scott Keoseyan wrote:

In the cowrie.log file I am seeing this: /usr/local/bin/twistd: Unknown command: cowrie

Any ideas?  I am running the basic install script and it completes with no errors.  

thanks,

—Scott

--
You received this message because you are subscribed to the Google Groups "Modern Honey Network" group.

To unsubscribe from this group and stop receiving emails from it, send an email to modern-honey-network+unsub...@googlegroups.com.

[malbo...@gmail.com]

I have had the same issue. I have gotten cowrie to start but not through supervisorctl. 

To get a valid install I have done the following.

apt-get install libffi-dev libgmp3-dev libmpfr-dev libmpc-dev libssl-dev python-pip python-configparser -y

pip install twisted

pip install cryptography

pip install service_identity

sed -i "s/AUTHBIND_ENABLED=no/AUTHBIND_ENABLED=yes/g" start.sh

You can start cowrie succesfully via the cowrie user and it will report to MHN but it won't launch via supervisorctl.

[norm...@gmail.com]

I finally got mine to work...
Focused on getting supervisor to start at boot.  Once that was working, cowrie worked.  But I had to make some adjustments to cowrie.conf for supervisor.  Mine looks like this right now.  :

[program:cowrie]
command=authbind --deep twistd -n -l /opt/cowrie/log/cowrie.log --umask 0077 --pidfile /opt/cowrie/run/cowrie.pid cowrie
autorestart=true
autostart=true
directory=/opt/cowrie
environment=PYTHONPATH=/opt/cowrie
killasgroup=true
stderr_logfile=/opt/cowrie/log/cowrie.err
stdout_logfile=/opt/cowrie/log/cowrie.out
stopasgroup=true
user=cowrie

Changes:

• Added the python path.

• Changed the location of the pid file since the user cowrie doesn't have write access /var/run. 

Of course had to create a folder for the pid as well.  There's probably a smarter place, but I've spent enough time on this.

sudo mkdir /opt/cowrie/run
sudo chown cowrie:users /opt/cowrie/run.

then ran:

sudo supervisorctl update
sudo supervisorctl restart cowrie

Here are the versions I'm running.

ncook@nccowrie:/opt/cowrie$ cat /etc/os-release
NAME="Ubuntu"
VERSION="16.04.1 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.1 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
UBUNTU_CODENAME=xenial


ncook@nccowrie:/opt/cowrie$ pip list
DEPRECATION: The default format will switch to columns in the future. You can use --format=(legacy|columns) (or define a format=(legacy|columns) in your pip.conf under the [list] section) to disable this warning.
attrs (15.2.0)
cffi (1.9.1)
configparser (3.5.0)
constantly (15.1.0)
cryptography (1.7.1)
enum34 (1.1.6)
gmpy2 (2.0.8)
idna (2.2)
incremental (16.10.1)
ipaddress (1.0.18)
meld3 (1.0.2)
PAM (0.4.2)
pip (9.0.1)
pyasn1 (0.1.9)
pyasn1-modules (0.0.7)
pycparser (2.17)
pycrypto (2.6.1)
pyOpenSSL (16.2.0)
pyserial (3.0.1)
python-dateutil (2.6.0)
service-identity (16.0.0)
setuptools (33.1.1)
six (1.10.0)
supervisor (3.2.0)
tftpy (0.6.2)
Twisted (16.6.0)
wheel (0.29.0)
zope.interface (4.3.3)