1How to process Cowrie output in kippo-graph 2############################################# 3 4(Note: work in progress, instructions are not verified) 5Tested on Debian 9. 6 7 8Prerequisites 9**************** 10 11* Working Cowrie installation 12* LAMP stack (Linux, Apache, MySQL, PHP) 13 14Installation 15**************** 16 17This covers a simple installation, with kippo-graph and Cowrie on the same server. 18Please see here for installation: https://github.com/ikoniaris/kippo-graph 19 20 21MySQL configuration 22*********************** 23 24Configuring Cowrie requires setting up the SQL tables and then telling Cowrie to use them. 25 26To install the tables and create the Cowrie user account enter the following commands:: 27 28 mysql -u root -p 29 CREATE DATABASE cowrie; 30 GRANT ALL ON cowrie.* TO 'cowrie'@'localhost' IDENTIFIED BY 'PASSWORD HERE'; 31 FLUSH PRIVILEGES; 32 exit 33 34Next create the database schema:: 35 36 cd /opt/cowrie/ 37 mysql -u cowrie -p 38 USE cowrie; 39 source ./docs/sql/mysql.sql; 40 exit 41 42disable MySQL strict mode:: 43 44 vi /etc/mysql/conf.d/disable_strict_mode.cnf 45 46 [mysqld] 47 sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION 48 49Cowrie configuration 50************************ 51 52Edit cowrie.cfg:: 53 54 vi /opt/cowrie/cowrie.cfg 55 56Activate output to mysql:: 57 58 [output_mysql] 59 host = localhost 60 database = cowrie 61 username = cowrie 62 password = PASSWORD HERE 63 port = 3306 64 debug = false 65 66Set read access to tty-files for group www-data (group maybe differ on other distributions):: 67 68 sudo apt-get install acl 69 sudo setfacl -Rm g:www-data:rx /opt/cowrie/var/lib/cowrie/tty/ 70 71kippo-graph Configuration 72**************************** 73 74 75Edit config file:: 76 77 vi /var/www/html/kippo-graph/config.php 78 79Change db settings:: 80 81 define('DB_HOST', 'localhost'); 82 define('DB_USER', 'cowrie'); 83 define('DB_PASS', 'PASSWORD HERE'); 84 define('DB_NAME', 'cowrie'); 85 define('DB_PORT', '3306'); 86 87Apache2 configuration (optional) 88************************************ 89 90To secure the installation 91 92Create password database:: 93 94 cd /etc/apache2/ 95 htpasswd -c /etc/apache2/cowrie.passwd <username> 96 htpasswd /etc/apache2/cowrie.passwd <username> (second user) 97 98 99 vi /etc/apache2/sites-enabled/000-default.conf 100 101Between the <VirtualHost> </VirtualHost> tags, add:: 102 103 <Location /> 104 AuthBasicAuthoritative On 105 AllowOverride AuthConfig 106 107 AuthType Basic 108 AuthName "cowrie honeypot" 109 AuthUserFile /etc/apache2/cowrie.passwd 110 Require valid-user 111 </Location> 112 113 114