1How to process Cowrie output in kippo-graph
2#############################################
3
4(Note: work in progress, instructions are not verified)
5Tested on Debian 9.
6
7
8Prerequisites
9****************
10
11* Working Cowrie installation
12* LAMP stack (Linux, Apache, MySQL, PHP)
13
14Installation
15****************
16
17This covers a simple installation, with kippo-graph and Cowrie on the same server.
18Please see here for installation: https://github.com/ikoniaris/kippo-graph
19
20
21MySQL configuration
22***********************
23
24Configuring Cowrie requires setting up the SQL tables and then telling Cowrie to use them.
25
26To install the tables and create the Cowrie user account enter the following commands::
27
28    mysql -u root -p
29    CREATE DATABASE cowrie;
30    GRANT ALL ON cowrie.* TO 'cowrie'@'localhost' IDENTIFIED BY 'PASSWORD HERE';
31    FLUSH PRIVILEGES;
32    exit
33
34Next create the database schema::
35
36    cd /opt/cowrie/
37    mysql -u cowrie -p
38    USE cowrie;
39    source ./docs/sql/mysql.sql;
40    exit
41
42disable MySQL strict mode::
43
44    vi /etc/mysql/conf.d/disable_strict_mode.cnf
45
46    [mysqld]
47    sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
48
49Cowrie configuration
50************************
51
52Edit cowrie.cfg::
53
54    vi /opt/cowrie/cowrie.cfg
55
56Activate output to mysql::
57
58    [output_mysql]
59    host = localhost
60    database = cowrie
61    username = cowrie
62    password = PASSWORD HERE
63    port = 3306
64    debug = false
65
66Set read access to tty-files for group www-data (group maybe differ on other distributions)::
67
68    sudo apt-get install acl
69    sudo setfacl -Rm g:www-data:rx /opt/cowrie/var/lib/cowrie/tty/
70
71kippo-graph Configuration
72****************************
73
74
75Edit config file::
76
77    vi /var/www/html/kippo-graph/config.php
78
79Change db settings::
80
81    define('DB_HOST', 'localhost');
82    define('DB_USER', 'cowrie');
83    define('DB_PASS', 'PASSWORD HERE');
84    define('DB_NAME', 'cowrie');
85    define('DB_PORT', '3306');
86
87Apache2 configuration (optional)
88************************************
89
90To secure the installation
91
92Create password database::
93
94    cd /etc/apache2/
95    htpasswd -c /etc/apache2/cowrie.passwd <username>
96    htpasswd /etc/apache2/cowrie.passwd <username> (second user)
97
98
99    vi /etc/apache2/sites-enabled/000-default.conf
100
101Between the <VirtualHost> </VirtualHost> tags, add::
102
103    <Location />
104        AuthBasicAuthoritative On
105        AllowOverride AuthConfig
106
107        AuthType Basic
108        AuthName "cowrie honeypot"
109        AuthUserFile /etc/apache2/cowrie.passwd
110        Require valid-user
111    </Location>
112
113
114