Setup a honeypot on aws EC2 instance. This playbook reads all EC2 instances for the given access key. Cowrie is installed to all machines that are tagged with Name:Cowrie
Following command will execute the playbook
ansible-playbook site.ymlBefore running the playbook you have to install the ansible roles used in this playbook. The roles should be installed the roles/ directory (default configuration in provided ansible.cfg).
ansible-galaxy install --force -r requirements.ymlAnsible managed machines need to have python installed. Please make sure python is installed in /usr/lib/python
Before running the aws related roles, export your access and secret keys to environment. See AWS EC2 External Inventory Script for more information.
export AWS_ACCESS_KEY_ID='AK123'
export AWS_SECRET_ACCESS_KEY='abc123'Short overview of used inventory variables and default values
# Group_vars cowrie
ansible_ssh_private_key_file: ~/.ssh/cowrie.pem
# Group_vars ubuntu
ansible_ssh_user: ubuntuTo establish a ssh connection to the EC2 instances you have to provide the correct key file. The playbooks supports only Ubuntu server at that time.
- Reads the aws machines for the given access keys
- Playbook will be executed for alle machines tagged in aws console with
Name:Cowrie - Hardening options
- change default ssh key to inventory variable
ansible_port - installs several iptables rule, only opening required cowrie ports
- Installs cowrie (for configuration options see role documentation)
- Install kippo-graph
For local testing purpose a vagrant config is added. First add roles in tests/playbook.yml. Start vagrant machine.
vagrant up --no-provisionChange the ssh port manually in /etc/ssh/sshd_config to the port configured in inventory and restart ssh service. If you use another port than 49222 you have to edit Vagrantfile.
Install python with sudo apt install python
You can provision the machine with
vagrant provisionMIT
© 2018 Written by Michael Koll