Downloads

Here you can find the virtual machine images, which you can download and import into your virtualization environment. They contain either Cowrie or Dionaea, along with the necessary setup, monitoring and control scripts. The OS is Debian 12 (bookworm) x86_64.

The default login credentials are root:debian. We advise to change the password after login using the passwd command.

Please contact us at sec-op@cesnet.cz before attempting to register.

HUGO-hpcowrie.v0.95-beta7.ova (948 MiB, SHA256 checksum)

HUGO-hpcowrie.v0.95-beta7.qcow2 (1 GiB, SHA256 checksum)

HUGO-hpcowrie.v0.95-beta7.vmdk (3.01 GiB, SHA256 checksum)

HUGO-hpdio.v0.95-beta7.ova (946 MiB, SHA256 checksum)

HUGO-hpdio.v0.95-beta7.qcow2 (1 GiB, SHA256 checksum)

HUGO-hpdio.v0.95-beta7.vmdk (3.05 GiB, SHA256 checksum)

Use this section if you want to install Cowrie or Dionaea yourselves and only want to provide data to us.

These connectors serve as output/ihandler plugins which output honeypot events as IDEA event files to a directory specified in their configuration files.

They are created to work in tandem with our Warden Filer (hence the name), and so they expect the existence of the following directory structure:

• tmp – here, the event is created.
• incoming – after the event is created and completed in tmp, it is then atomically moved here. Warden Filer then picks files up from this directory.
• errors – when an error in parsing, validation, or sending occurs, Warden Filer moves the event here.

Current version (master): wardenfiler.py

Installation:

1. Install Cowrie into the $COWRIE_DIR directory.
2. Download and save wardenfiler.py to the $COWRIE_DIR/src/cowrie/output directory.
3. Configure the connector using the $COWRIE_DIR/etc/cowrie.cfg file - create the [output_wardenfiler] section and insert the configuration as shown in the example ''cowrie.cfg''.
4. Once started, Cowrie should start producing events to the directory specified in the [output_wardenfiler] section, output_dir key. At least the subdirectories tmp and incoming need to exist in this directory, and Cowrie must be granted R/W permissions to these.

Current version (master): log_wardenfiler.py

Installation from the source distribution:

1. Download the Dionaea source code to the $DIO_DIR directory.
2. Download and save log_wardenfiler.py to the $DIO_DIR/modules/python/dionaea directory.
3. Build Dionaea.
4. Configure the connector - put the configuration in $DIO_DIR/etc/dionaea/ihandlers-available/log_wardenfiler.yaml. Example ''log_wardenfiler.yaml'' is available.
5. In $DIO_DIR/etc/dionaea/ihandlers-enabled, create a symlink: ln -s ../ihandlers-available/log_wardenfiler.yaml log_wardenfiler.yaml
6. Once started, Dionaea should start producing events to the directory specified in the configuration file, key config.output_dir. At least the subdirectories tmp and incoming need to exist in this directory, and Dionaea must be granted R/W permissions to these.

Example script for importing VM images to VirtualBox.