Permalink
Switch branches/tags
Nothing to show
Commits on Aug 7, 2018
Commits on Aug 6, 2018
  1. Full docker support (#830)

    craneworks authored and micheloosterhof committed Aug 6, 2018
    * Full docker support
    
    Currently Docker images are build by a second git repository.
    Changes to installation or starting cowrie would need to be done on
    both. Merging this into one repository prevents that those will be
    forgotten and makes it easier to understand why changes happen.
    
    The dockerfile is a different one then the one from the docker-cowrie
    repository.
    I chose to use a python2-alpine linux. In the end this image has 55%
    smaller image size than the Debian image. The build process is split
    into to parts. The first image has everything installed to compile the
    python modules. The second one has only things installed which are
    needed to run the daemon.
    There is no need to install python-virtualenv because we are using
    docker. We don't need that much layers.
    Twisted can drop his privileges when starting the daemon when `--uid`
    and `--gid` is passed. This works only with numerical id. The user
    nobody is used for this. This is on Docker a good idea since there
    should be only one service with this user running. In other systems
    there might be several services using this daemon which is not a good
    choise.
    
    When building a new Docker image for cowrie Docker multistage build
    images are created running flake8 and unittests to ensure that all
    future releases are stable and matching our code guidelines.
    
    Bonus effect is when using this as a git pre-push-hook a developer
    doesn't need to wait for travis to fail on an error.
    
    Based on the current project structure we need a lot of `COPY`
    instructions inside the dockerfile which has negative sideeffects.
    - bloading the dockerfile up
    - longer buildtimes
    - more layers are created
    - more diskspace is used
    
    We should find a way to reduce this. Best way for doing this is keeping
    the static files like `honeyfs` and `share` right next to the source
    code.
    
    * Removing UID 0 check
    
    Cowrie checked on startup if it was started with root privileges.
    This conflicts with the option to let cowrie drop his privileges on
    startup using the twisted option `--uid` and `--gid`.
    
    I tested it a day ago without removing the code block and it run through
    but now it is for some reasons blocking. My feeling is that the code for
    droping privileges is also asynchron and sometimes the check is faster
    then the dropping of the privileges. But I might be wrong here.
    
    The solution is to remove the hole check.
    Considering that the check is there for preventing new users to shoot
    their feet we fixed this problem on different levels.
    New users should the docker images which are far easier to control and
    deploy then everything else because we take care.
    If a user wants to deploy it from scratch onto their serves there is a
    install instruction with detailed steps. This steps includes creating a
    special system user for cowrie and starting it with this user.
    
    * Fix missing directory, simplify path
    
    I missed to create the TTY log path. That's now fixed.
    
    Also the path for the trial command has been simplified.
    
    * Revert "Removing UID 0 check"
    
    This reverts commit f76329c.
    
    * Introducint ENV var COWRIE_DOCKER
    
    The variable is used inside the docker image to let cowrie know that it
    is running inside docker and don't need to perform the "running as root"
    check.
    Inside the docker image cowrie is started with the `--uid` and `--gid`
    option and will drop to a different user then root.
    
    * Restructured Dockerfile, Added cowrie user
    
    The image is now builded with a user and group for running in the later
    image cowrie.
    
    Also the build steps are re-aranged to save build time.
    We assume that static files like `honeyfs` and `share` are less
    frequently updated and can be build into the base image where every
    other images is based on.
    
    * Renamed directory src -> cowrie
    
    The name cowrie should be more self-explaining then src.
    
    * Update cowrie_plugin.py
Commits on Aug 2, 2018
  1. Update install guide steps for updating Cowrie (#840)

    dwasss authored and micheloosterhof committed Aug 2, 2018
    Updated the order of operations for updating Cowrie for a more logical flow
Commits on Jul 28, 2018
  1. more flake8

    micheloosterhof committed Jul 28, 2018
  2. Flake8

    micheloosterhof committed Jul 28, 2018
  3. flake8

    micheloosterhof committed Jul 28, 2018
  4. extra comments

    micheloosterhof committed Jul 28, 2018
  5. fix head on py3

    micheloosterhof committed Jul 28, 2018
  6. docs

    micheloosterhof committed Jul 28, 2018
  7. wording changes

    micheloosterhof committed Jul 28, 2018
Commits on Jul 25, 2018
  1. Update INSTALL.md (#809)

    dwasss authored and micheloosterhof committed Jul 25, 2018
    * Update INSTALL.md
    
    Added updating requirements output dependencies.
    
    * Update INSTALL.md
    
    Updated text to include info about upgrading optional output plugin dependencies
Commits on Jul 23, 2018
  1. Fixed bug in ifconfig.py #827 (#829)

    dasouch authored and micheloosterhof committed Jul 23, 2018
  2. fix import

    micheloosterhof committed Jul 23, 2018
Commits on Jul 22, 2018
Commits on Jul 21, 2018