====== Downloads ====== ===== VM images ===== Here you can find the virtual machine images, which you can download and import into your virtualization environment. They contain either Cowrie or Dionaea, along with the necessary setup, monitoring and control scripts. The OS is Debian 12 (bookworm) x86_64. The default login credentials are ''root:debian''. We advise to change the password after login using the ''passwd'' command. Please contact us at sec-op@cesnet.cz before attempting to register. [[https://s3.cl2.du.cesnet.cz/f522e157_ef06_4b0f_b65d_f1465cff6980:hugo-public/releases/HUGO-hpcowrie.v0.95-beta7.ova|HUGO-hpcowrie.v0.95-beta7.ova]] (948 MiB, [[https://s3.cl2.du.cesnet.cz/f522e157_ef06_4b0f_b65d_f1465cff6980:hugo-public/releases/HUGO-hpcowrie.v0.95-beta7.ova.sha256|SHA256 checksum]]) \\ [[https://s3.cl2.du.cesnet.cz/f522e157_ef06_4b0f_b65d_f1465cff6980:hugo-public/releases/HUGO-hpcowrie.v0.95-beta7.qcow2|HUGO-hpcowrie.v0.95-beta7.qcow2]] (1 GiB, [[https://s3.cl2.du.cesnet.cz/f522e157_ef06_4b0f_b65d_f1465cff6980:hugo-public/releases/HUGO-hpcowrie.v0.95-beta7.qcow2.sha256|SHA256 checksum]]) \\ [[https://s3.cl2.du.cesnet.cz/f522e157_ef06_4b0f_b65d_f1465cff6980:hugo-public/releases/HUGO-hpcowrie.v0.95-beta7.vmdk|HUGO-hpcowrie.v0.95-beta7.vmdk]] (3.01 GiB, [[https://s3.cl2.du.cesnet.cz/f522e157_ef06_4b0f_b65d_f1465cff6980:hugo-public/releases/HUGO-hpcowrie.v0.95-beta7.vmdk.sha256|SHA256 checksum]]) \\ [[https://s3.cl2.du.cesnet.cz/f522e157_ef06_4b0f_b65d_f1465cff6980:hugo-public/releases/HUGO-hpdio.v0.95-beta7.ova|HUGO-hpdio.v0.95-beta7.ova]] (946 MiB, [[https://s3.cl2.du.cesnet.cz/f522e157_ef06_4b0f_b65d_f1465cff6980:hugo-public/releases/HUGO-hpdio.v0.95-beta7.ova.sha256|SHA256 checksum]]) \\ [[https://s3.cl2.du.cesnet.cz/f522e157_ef06_4b0f_b65d_f1465cff6980:hugo-public/releases/HUGO-hpdio.v0.95-beta7.qcow2|HUGO-hpdio.v0.95-beta7.qcow2]] (1 GiB, [[https://s3.cl2.du.cesnet.cz/f522e157_ef06_4b0f_b65d_f1465cff6980:hugo-public/releases/HUGO-hpdio.v0.95-beta7.qcow2.sha256|SHA256 checksum]]) \\ [[https://s3.cl2.du.cesnet.cz/f522e157_ef06_4b0f_b65d_f1465cff6980:hugo-public/releases/HUGO-hpdio.v0.95-beta7.vmdk|HUGO-hpdio.v0.95-beta7.vmdk]] (3.05 GiB, [[https://s3.cl2.du.cesnet.cz/f522e157_ef06_4b0f_b65d_f1465cff6980:hugo-public/releases/HUGO-hpdio.v0.95-beta7.vmdk.sha256|SHA256 checksum]]) \\ ===== Warden connectors ===== Use this section if you want to install Cowrie or Dionaea yourselves and only want to provide data to us. These connectors serve as output/ihandler plugins which output honeypot events as [[https://idea.cesnet.cz/|IDEA]] event files to a directory specified in their configuration files. They are created to work in tandem with our [[https://warden.cesnet.cz/en/participation|Warden Filer]] (hence the name), and so they expect the existence of the following directory structure: * ''tmp'' -- here, the event is created. * ''incoming'' -- after the event is created and completed in ''tmp'', it is then atomically moved here. Warden Filer then picks files up from this directory. * ''errors'' -- when an error in parsing, validation, or sending occurs, Warden Filer moves the event here. ==== Cowrie ==== **Current version (master):** [[https://gitlab.cesnet.cz/713/warden/warden-connectors/-/raw/master/cowrie/wardenfiler.py|wardenfiler.py]] **Installation:** - [[https://docs.cowrie.org/en/latest/INSTALL.html|Install Cowrie]] into the ''$COWRIE_DIR'' directory. - Download and save ''wardenfiler.py'' to the ''$COWRIE_DIR/src/cowrie/output'' directory. - Configure the connector using the ''$COWRIE_DIR/etc/cowrie.cfg'' file - create the ''[output_wardenfiler]'' section and insert the configuration as shown in the [[https://gitlab.cesnet.cz/713/warden/warden-connectors/-/blob/master/cowrie/cowrie.cfg.example?ref_type=heads#L87|example ''cowrie.cfg'']]. - Once started, Cowrie should start producing events to the directory specified in the ''[output_wardenfiler]'' section, ''output_dir'' key. At least the subdirectories ''tmp'' and ''incoming'' need to exist in this directory, and Cowrie must be granted R/W permissions to these. ==== Dionaea ==== **Current version (master):** [[https://gitlab.cesnet.cz/713/warden/warden-connectors/-/raw/master/dionaea/log_wardenfiler.py|log_wardenfiler.py]] **Installation from the source distribution:** - Download the Dionaea source code to the ''$DIO_DIR'' directory. - Download and save ''log_wardenfiler.py'' to the ''$DIO_DIR/modules/python/dionaea'' directory. - [[https://dionaea.readthedocs.io/en/latest/installation.html#from-source|Build Dionaea]]. - Configure the connector - put the configuration in ''$DIO_DIR/etc/dionaea/ihandlers-available/log_wardenfiler.yaml''. [[https://gitlab.cesnet.cz/713/warden/warden-connectors/-/blob/master/dionaea/log_wardenfiler.yaml.example|Example ''log_wardenfiler.yaml'' is available]]. - In ''$DIO_DIR/etc/dionaea/ihandlers-enabled'', create a symlink: ''ln -s ../ihandlers-available/log_wardenfiler.yaml log_wardenfiler.yaml'' - Once started, Dionaea should start producing events to the directory specified in the configuration file, key ''config.output_dir''. At least the subdirectories ''tmp'' and ''incoming'' need to exist in this directory, and Dionaea must be granted R/W permissions to these. ===== Helper scripts and utilities ===== [[cs:virtualbox-import|Example script]] for importing VM images to VirtualBox.