Frequently asked questions
Do I need to copy all the content of cowrie.cfg.dist to cowrie.cfg?
No, Cowrie merges your local settings in cowrie.cfg
and
the default settings will automatically be read from cowrie.cfg.dist
Why certain commands aren’t implemented?
Implementing all possible UNIX commands in Python is not worth the time and effort. Cowrie tries to provide most common commands used by attackers of the honeypot. If you see attackers use a command that you’d like to see implemented, please let us know, or send a pull request.
How do I add or modify the default user?
The default Cowrie users is called phil these days. Having the same user always available is an easy way to identify Cowrie so it’s recommend to change this setup. You can modify it by doing the following:
$ vi honeyfs/etc/passwd
And edit the userid. Then:
$ bin/fsctl share/cowrie/fs.pickle
fs.pickle:/$ mv /home/phil /home/joe
And then restart Cowrie:
$ bin/cowrie restart
How do I add files to the file system?
The file system meta data is stored in the pickle file. The file contents is stored in the honeyfs directory. To add a file, the minimum action is to modify the pickle file. Doing this makes the file show up in ls and other commands. But it won’t have any contents available. To add file contents, you’ll need a file to honeyfs.
First add a file system entry, the 1024 here is the file size. The chown commands only takes numerical uid’s, they should match entries in honeyfs/etc/passwd:
$ bin/fsctl share/cowrie/fs.pickle
fs.pickle:/$ touch /home/phil/myfile 1024
fs.pickle:/$ chown 1000:1000 /home/phil/myfile
Then create or copy a file in the honeyfs:
$ cp myfile /honeyfs/home/phil