目录
vim /etc/ssh/sshd_config
注:修改文件是 sshd_config 而不是 ssh_config !
#Port 22
Port 61234
systemctl restart sshd
shutdown -r now
注:若使用云服务器,需要在控制台修改防火墙规则,允许自定义端口连接。
https://blog.csdn.net/qq_40379977/article/details/129976637?spm=1001.2014.3001.5501
sudo docker pull ubuntu:latest
sudo docker run -it -p 22:2222 -p 23:2223 --name cowrie ubuntu /bin/bash
# -p 22:2222 指服务器的22端口转发至容器的2222端口
# -p 23:2223 指服务器的23端口转发至容器的2223端口
# --name cowrie 指容器名自定义为cowrie
apt update
apt install vim git python3-virtualenv libssl-dev libffi-dev build-essential libpython3-dev python3-minimal authbind
adduser cowrie
su cowrie
cd ~
git clone http://github.com/cowrie/cowriesu cowrie
virtualenv --python=python3 cowrie_env
source cowrie_env/bin/activate
pip3 install --upgrade -r cowrie/requirements.txt
参考官方文档:How to Send Cowrie output to a MySQL Database — cowrie 2.5.0 documentation
su cowrie
source cowrie_env/bin/activate
pip install mysql-connector-python
su root
apt install mysql-server
/etc/init.d/mysql start
mysql --version
若登录报以下错误:
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (13)
则可能是var/run/mysqld目录未创建,则只需:
mkdir -p /var/run/mysqld
chown mysql /var/run/mysqld/
chmod 777 /var/run/mysqld/
service mysql restart
mysql -u root -p
CREATE DATABASE cowrie;
CREATE USER 'cowrie'@'localhost' IDENTIFIED BY 'PASSWORD';
grant all privileges on cowrie.* to cowrie@'localhost' with grant option;
FLUSH PRIVILEGES;
exit
su cowrie
cd ~/cowrie/docs/sql/
mysql -u cowrie -p
use cowrie;
source mysql.sql;
exit
vim etc/cowrie.cfg
找到并修改以下字段:
[output_mysql]
host = localhost
database = cowrie
username = cowrie
password = PASSWORD HERE
port = 3306
debug = false
enabled = true
若想清空mysql表中所有数据,可执行:
mysql -u cowrie -p
use cowrie;
set foreign_key_checks=0;
truncate table auth;
truncate table clients;
truncate table doanloads;
truncate table input;
truncate table ipforwards;
truncate table ipforwardsdata;
truncate table keyfingerprints;
truncate table params;
truncate table sensors;
truncate table sessions;
truncate table ttylog;
set foreign_key_checks=1;
cowrie.cfg.dist:cowrie默认配置文件,可直接修改后重启cowrie生效。
cowrie.cfg:该配置文件需手动创建,具有最高优先级,内容可由cowrie.cfg.dist复制过来修改。
userdb.example:改配置文件设置能登录到cowrie蜜罐的用户名和密码。
# 每次启动前,需要切换到cowrie_env
source cowrie_env/bin/activate
# 控制指令包括:start、restart、stop
./cowrie/bin/cowrie start