Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error in starting up #52

Closed
viks2015 opened this issue Oct 20, 2015 · 8 comments
Closed

Error in starting up #52

viks2015 opened this issue Oct 20, 2015 · 8 comments

Comments

@viks2015
Copy link

  1. When I try to start the honeypot with "start.sh", I get the message
    Starting cowrie in the background...
    Removing stale pidfile /home/honeydrive/Desktop/cowrie/cowrie.pid
  2. When I check the cowrie.log file it shows:-
    twistd 11.1.0 (/usr/bin/python 2.7.3) starting up.
    2015-10-20 12:54:48+0530 [-] reactor class: twisted.internet.pollreactor.PollReactor.
    2015-10-20 12:54:48+0530 [-] Traceback (most recent call last):
    2015-10-20 12:54:48+0530 [-] File "/usr/bin/twistd", line 14, in
    2015-10-20 12:54:48+0530 [-] run()
    2015-10-20 12:54:48+0530 [-] File "/usr/lib/python2.7/dist-packages/twisted/scripts/twistd.py", line 27, in run
    2015-10-20 12:54:48+0530 [-] app.run(runApp, ServerOptions)
    2015-10-20 12:54:48+0530 [-] File "/usr/lib/python2.7/dist-packages/twisted/application/app.py", line 652, in run
    2015-10-20 12:54:48+0530 [-] runApp(config)
    2015-10-20 12:54:48+0530 [-] File "/usr/lib/python2.7/dist-packages/twisted/scripts/twistd.py", line 23, in runApp
    2015-10-20 12:54:48+0530 [-] _SomeApplicationRunner(config).run()
    2015-10-20 12:54:48+0530 [-] File "/usr/lib/python2.7/dist-packages/twisted/application/app.py", line 390, in run
    2015-10-20 12:54:48+0530 [-] self.postApplication()
    2015-10-20 12:54:48+0530 [-] File "/usr/lib/python2.7/dist-packages/twisted/scripts/_twistd_unix.py", line 208, in postApplication
    2015-10-20 12:54:48+0530 [-] self.startApplication(self.application)
    2015-10-20 12:54:48+0530 [-] File "/usr/lib/python2.7/dist-packages/twisted/scripts/_twistd_unix.py", line 317, in startApplication
    2015-10-20 12:54:48+0530 [-] service.IService(application).privilegedStartService()
    2015-10-20 12:54:48+0530 [-] File "/usr/lib/python2.7/dist-packages/twisted/application/service.py", line 277, in privilegedStartService
    2015-10-20 12:54:48+0530 [-] service.privilegedStartService()
    2015-10-20 12:54:48+0530 [-] File "/usr/lib/python2.7/dist-packages/twisted/application/service.py", line 277, in privilegedStartService
    2015-10-20 12:54:48+0530 [-] service.privilegedStartService()
    2015-10-20 12:54:48+0530 [-] File "/usr/lib/python2.7/dist-packages/twisted/application/internet.py", line 105, in privilegedStartService
    2015-10-20 12:54:48+0530 [-] self._port = self._getPort()
    2015-10-20 12:54:48+0530 [-] File "/usr/lib/python2.7/dist-packages/twisted/application/internet.py", line 133, in _getPort
    2015-10-20 12:54:48+0530 [-] 'listen%s' % (self.method,))(_self.args, *_self.kwargs)
    2015-10-20 12:54:48+0530 [-] File "/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 436, in listenTCP
    2015-10-20 12:54:48+0530 [-] p.startListening()
    2015-10-20 12:54:48+0530 [-] File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 622, in startListening
    2015-10-20 12:54:48+0530 [-] raise CannotListenError, (self.interface, self.port, le)
    2015-10-20 12:54:48+0530 [-] twisted.internet.error.CannotListenError: Couldn't listen on 0.0.0.0:22: [Errno 13] Permission denied.
  3. How do I reslove the issue. It works when I use port 2222 but I want to use port 22 like kippo ssh
@micheloosterhof
Copy link
Member

To listen to port 22 you need to run as root. Non root user Ids are not
allowed to listen to ports < 1024.

Yo have three options:

  1. Run as root. Not recommended.
  2. Run on 2222 and redirect 22 traffic to 2222 with iptables. Recommended.
    Instructions are in the documentation.
  3. Use Linux capabilities to listen on 22 as non-root. You'll have to
    google how to do this, but it will involve setting the right capabilities.

On Tuesday, 20 October 2015, viks2015 notifications@github.com wrote:

When I try to start the honeypot with "start.sh", I get the message
Starting cowrie in the background...
Removing stale pidfile /home/honeydrive/Desktop/cowrie/cowrie.pid
2.

When I check the cowrie.log file it shows:-
twistd 11.1.0 (/usr/bin/python 2.7.3) starting up.
2015-10-20 12:54:48+0530 [-] reactor class:
twisted.internet.pollreactor.PollReactor.
2015-10-20 12:54:48+0530 [-] Traceback (most recent call last):
2015-10-20 12:54:48+0530 [-] File "/usr/bin/twistd", line 14, in
2015-10-20 12:54:48+0530 [-] run()
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/scripts/twistd.py", line 27, in
run
2015-10-20 12:54:48+0530 [-] app.run(runApp, ServerOptions)
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/application/app.py", line 652, in
run
2015-10-20 12:54:48+0530 [-] runApp(config)
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/scripts/twistd.py", line 23, in
runApp
2015-10-20 12:54:48+0530 [-] _SomeApplicationRunner(config).run()
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/application/app.py", line 390, in
run
2015-10-20 12:54:48+0530 [-] self.postApplication()
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/scripts/_twistd_unix.py", line
208, in postApplication
2015-10-20 12:54:48+0530 [-] self.startApplication(self.application)
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/scripts/_twistd_unix.py", line
317, in startApplication
2015-10-20 12:54:48+0530 [-]
service.IService(application).privilegedStartService()
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/application/service.py", line
277, in privilegedStartService
2015-10-20 12:54:48+0530 [-] service.privilegedStartService()
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/application/service.py", line
277, in privilegedStartService
2015-10-20 12:54:48+0530 [-] service.privilegedStartService()
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/application/internet.py", line
105, in privilegedStartService
2015-10-20 12:54:48+0530 [-] self._port = self._getPort()
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/application/internet.py", line
133, in _getPort
2015-10-20 12:54:48+0530 [-] 'listen%s' % (self.method,))(_self.args,
*_self.kwargs)
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 436,
in listenTCP
2015-10-20 12:54:48+0530 [-] p.startListening()
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 622, in
startListening
2015-10-20 12:54:48+0530 [-] raise CannotListenError, (self.interface,
self.port, le)
2015-10-20 12:54:48+0530 [-] twisted.internet.error.CannotListenError:
Couldn't listen on 0.0.0.0:22: [Errno 13] Permission denied.
3.

How do I reslove the issue. It works when I use port 2222 but I want
to use port 22 like kippo ssh


Reply to this email directly or view it on GitHub
#52.

@viks2015
Copy link
Author

Ok thanks issue resolved
Can this be intgerated with kippo graph or elastic search like kippo ssh

@micheloosterhof
Copy link
Member

Sure! There are log stash config files included.
You can also try Splunk. It has a free version and there is the Splunk
'Tango' app for reportting.

On Tuesday, 20 October 2015, viks2015 notifications@github.com wrote:

Ok thanks issue resolved
Can this be intgerated with kippo graph or elastic search like kippo ssh


Reply to this email directly or view it on GitHub
#52 (comment)
.

@viks2015
Copy link
Author

Thanks for all the help.
Which is best dashboard for the honeypot

@MarcoGeek
Copy link

After I restart Kippo it does not work. Connection refused on port 22. Not sure where to check. Any help is appreciated. Below are the logs.
2015-11-21 01:18:38+0000 [-] twistd 11.1.0 (/usr/bin/python 2.7.3) starting up.
2015-11-21 01:18:38+0000 [-] reactor class: twisted.internet.pollreactor.PollReactor.
2015-11-21 01:18:38+0000 [-] HoneyPotSSHFactory starting on 64222
2015-11-21 01:18:38+0000 [-] Starting factory <kippo.core.honeypot.HoneyPotSSHFactory instance at 0x2902128>
2015-11-21 04:29:39+0000 [-] Log opened.

@MikeDawg
Copy link
Contributor

Its not going to run on port 22. . . You should use the default port 2222, or anything 1024+

@micheloosterhof
Copy link
Member

It seems you are listening on port 64222. You probably changed this in the configuration file. So try to connect to port 64222 (ssh -p 64222 root@localhost)

@AdityaLad
Copy link

To use it on port 22 and without running it as root, you can use authbind. I tested and it worked fine.

  1. apt-get install authbind
  2. touch /etc/authbind/byport/22
  3. chown cowrie:cowrie /etc/authbind/byport/22 && chmod 777 /etc/authbind/byport/22
  4. Edit start.sh and change lastline to "authbind --deep twistd -l log/cowrie.log --pidfile cowrie.pid cowrie"
  5. And change ssh_port = 22

Ripped from -
https://www.digitalocean.com/community/tutorials/how-to-install-kippo-an-ssh-honeypot-on-an-ubuntu-cloud-server

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@MikeDawg @micheloosterhof @AdityaLad @viks2015 @MarcoGeek