Michel Oosterhof

* No objection, but why would you want this? You could probably achieve this with a switch to disable download functionality in `wget` and `curl`. It still won't stop malware...

https://github.com/cowrie/cowrie/pull/1623/ Something like this?

Yes, agree on the logging, I spotted that as well, but hadn't fixed it. I also thought of an alternative approach, where Cowrie downloads the file but does not make...

I think the issue is still there. The 'tmp' files are temporary files, written by a process while the file is still being transferred. Once the file is complete is...

So possible root causes is incorrect cleanup. Sessions are terminated because of timeout or disconnect, but the temporary files are not correctly cleaned up.

Confirmed. These can be safely deleted. And we should probably look at why these files still remain.

I think having profiles is a good idea. To emulate multiple types of devices. Think full on Linux machines, embedded unix on other devices, IOT type of devices, etc. Then...

Most of the time it wants to print out a binary like /bin/ls and use that to determine the target system. To see if it's i386 ELF binaries or something...

Those links are not monitoring proxies, they are straightforward TCP forwarders. What is needed is something like that, but that also monitors in the process. In the cowrie source code...

So looking at `dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s`, keep in mind `||` is consider an `OR` in shell...