Giter Site home page Giter Site logo

Error in starting up about cowrie HOT 8 CLOSED

cowrie avatar cowrie commented on May 14, 2024
Error in starting up

from cowrie.

Comments (8)

micheloosterhof avatar micheloosterhof commented on May 14, 2024

To listen to port 22 you need to run as root. Non root user Ids are not
allowed to listen to ports < 1024.

Yo have three options:

  1. Run as root. Not recommended.
  2. Run on 2222 and redirect 22 traffic to 2222 with iptables. Recommended.
    Instructions are in the documentation.
  3. Use Linux capabilities to listen on 22 as non-root. You'll have to
    google how to do this, but it will involve setting the right capabilities.

On Tuesday, 20 October 2015, viks2015 [email protected] wrote:

When I try to start the honeypot with "start.sh", I get the message
Starting cowrie in the background...
Removing stale pidfile /home/honeydrive/Desktop/cowrie/cowrie.pid
2.

When I check the cowrie.log file it shows:-
twistd 11.1.0 (/usr/bin/python 2.7.3) starting up.
2015-10-20 12:54:48+0530 [-] reactor class:
twisted.internet.pollreactor.PollReactor.
2015-10-20 12:54:48+0530 [-] Traceback (most recent call last):
2015-10-20 12:54:48+0530 [-] File "/usr/bin/twistd", line 14, in
2015-10-20 12:54:48+0530 [-] run()
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/scripts/twistd.py", line 27, in
run
2015-10-20 12:54:48+0530 [-] app.run(runApp, ServerOptions)
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/application/app.py", line 652, in
run
2015-10-20 12:54:48+0530 [-] runApp(config)
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/scripts/twistd.py", line 23, in
runApp
2015-10-20 12:54:48+0530 [-] _SomeApplicationRunner(config).run()
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/application/app.py", line 390, in
run
2015-10-20 12:54:48+0530 [-] self.postApplication()
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/scripts/_twistd_unix.py", line
208, in postApplication
2015-10-20 12:54:48+0530 [-] self.startApplication(self.application)
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/scripts/_twistd_unix.py", line
317, in startApplication
2015-10-20 12:54:48+0530 [-]
service.IService(application).privilegedStartService()
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/application/service.py", line
277, in privilegedStartService
2015-10-20 12:54:48+0530 [-] service.privilegedStartService()
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/application/service.py", line
277, in privilegedStartService
2015-10-20 12:54:48+0530 [-] service.privilegedStartService()
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/application/internet.py", line
105, in privilegedStartService
2015-10-20 12:54:48+0530 [-] self._port = self._getPort()
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/application/internet.py", line
133, in _getPort
2015-10-20 12:54:48+0530 [-] 'listen%s' % (self.method,))(_self.args,
*_self.kwargs)
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 436,
in listenTCP
2015-10-20 12:54:48+0530 [-] p.startListening()
2015-10-20 12:54:48+0530 [-] File
"/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 622, in
startListening
2015-10-20 12:54:48+0530 [-] raise CannotListenError, (self.interface,
self.port, le)
2015-10-20 12:54:48+0530 [-] twisted.internet.error.CannotListenError:
Couldn't listen on 0.0.0.0:22: [Errno 13] Permission denied.
3.

How do I reslove the issue. It works when I use port 2222 but I want
to use port 22 like kippo ssh


Reply to this email directly or view it on GitHub
#52.

from cowrie.

viks2015 avatar viks2015 commented on May 14, 2024

Ok thanks issue resolved
Can this be intgerated with kippo graph or elastic search like kippo ssh

from cowrie.

micheloosterhof avatar micheloosterhof commented on May 14, 2024

Sure! There are log stash config files included.
You can also try Splunk. It has a free version and there is the Splunk
'Tango' app for reportting.

On Tuesday, 20 October 2015, viks2015 [email protected] wrote:

Ok thanks issue resolved
Can this be intgerated with kippo graph or elastic search like kippo ssh


Reply to this email directly or view it on GitHub
#52 (comment)
.

from cowrie.

viks2015 avatar viks2015 commented on May 14, 2024

Thanks for all the help.
Which is best dashboard for the honeypot

from cowrie.

MarcoGeek avatar MarcoGeek commented on May 14, 2024

After I restart Kippo it does not work. Connection refused on port 22. Not sure where to check. Any help is appreciated. Below are the logs.
2015-11-21 01:18:38+0000 [-] twistd 11.1.0 (/usr/bin/python 2.7.3) starting up.
2015-11-21 01:18:38+0000 [-] reactor class: twisted.internet.pollreactor.PollReactor.
2015-11-21 01:18:38+0000 [-] HoneyPotSSHFactory starting on 64222
2015-11-21 01:18:38+0000 [-] Starting factory <kippo.core.honeypot.HoneyPotSSHFactory instance at 0x2902128>
2015-11-21 04:29:39+0000 [-] Log opened.

from cowrie.

MikeDawg avatar MikeDawg commented on May 14, 2024

Its not going to run on port 22. . . You should use the default port 2222, or anything 1024+

from cowrie.

micheloosterhof avatar micheloosterhof commented on May 14, 2024

It seems you are listening on port 64222. You probably changed this in the configuration file. So try to connect to port 64222 (ssh -p 64222 root@localhost)

from cowrie.

AdityaLad avatar AdityaLad commented on May 14, 2024

To use it on port 22 and without running it as root, you can use authbind. I tested and it worked fine.

  1. apt-get install authbind
  2. touch /etc/authbind/byport/22
  3. chown cowrie:cowrie /etc/authbind/byport/22 && chmod 777 /etc/authbind/byport/22
  4. Edit start.sh and change lastline to "authbind --deep twistd -l log/cowrie.log --pidfile cowrie.pid cowrie"
  5. And change ssh_port = 22

Ripped from -
https://www.digitalocean.com/community/tutorials/how-to-install-kippo-an-ssh-honeypot-on-an-ubuntu-cloud-server

from cowrie.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.