fix(telnet): replace Cowrie with real busybox telnetd + rsyslog logging

Cowrie was exposing an SSH daemon on port 22 alongside the telnet service even when COWRIE_SSH_ENABLED=false, contaminating deployments that did not request an SSH service. New implementation mirrors the SSH service pattern: - busybox telnetd in foreground mode on port 23 - /bin/login for real PAM authentication (brute-force attempts logged) - rsyslog RFC 5424 bridge piped to stdout for Docker log capture - Configurable root password and hostname via env vars - No Cowrie dependency
2026-04-12 00:34:45 -04:00
parent c384a3103a
commit 65d585569b
68 changed files with 142 additions and 271 deletions
--- a/tests/.hypothesis/constants/071376f7808c803b
+++ b/tests/.hypothesis/constants/071376f7808c803b
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/cli.py
-# hypothesis_version: 6.151.11
-
-[8000, ',', ', ', '--all', '--api', '--api-port', '--archetype', '--config', '--deckies', '--decky', '--distro', '--dry-run', '--emit-syslog', '--host', '--id', '--interface', '--ip-start', '--ipvlan', '--log-file', '--log-target', '--min-deckies', '--mode', '--mutate-interval', '--no-cache', '--output', '--port', '--randomize-distros', '--randomize-services', '--services', '--subnet', '--watch', '--web-port', '-a', '-c', '-d', '-f', '-i', '-m', '-n', '-o', '-w', '/index.html', 'Available Services', 'Default Services', 'Description', 'Display Name', 'Docker Image', 'Image', 'Machine Archetypes', 'Name', 'Ports', 'Slug', 'archetypes', 'bold cyan', 'correlate', 'decnet', 'decnet.cli', 'decnet.log', 'decnet.web.api:app', 'decnet_web', 'dim', 'dist', 'distros', 'green', 'json', 'linux', 'mutate', 'services', 'swarm', 'syslog', 'table', 'unihost', 'uvicorn', 'web']
--- a/tests/.hypothesis/constants/0ba82ca4ea63f3bc
+++ b/tests/.hypothesis/constants/0ba82ca4ea63f3bc
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/.venv/bin/pytest
-# hypothesis_version: 6.151.12
-
-['__main__']
--- a/tests/.hypothesis/constants/0ddcef3521551894
+++ b/tests/.hypothesis/constants/0ddcef3521551894
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/env.py
-# hypothesis_version: 6.151.11
-
-['.env', '.env.local', '0.0.0.0', '8000', '8080', 'DECNET_ADMIN_USER', 'DECNET_API_HOST', 'DECNET_API_PORT', 'DECNET_DEVELOPER', 'DECNET_JWT_SECRET', 'DECNET_WEB_HOST', 'DECNET_WEB_PORT', 'False', 'admin', 'true']
--- a/tests/.hypothesis/constants/15d50d1e53b9b5c3
+++ b/tests/.hypothesis/constants/15d50d1e53b9b5c3
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/tftp.py
-# hypothesis_version: 6.151.12
-
-['LOG_TARGET', 'NODE_NAME', 'build', 'container_name', 'context', 'environment', 'restart', 'templates', 'tftp', 'unless-stopped']
--- a/tests/.hypothesis/constants/19d5adc9efd5ec68
+++ b/tests/.hypothesis/constants/19d5adc9efd5ec68
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/web/ingester.py
-# hypothesis_version: 6.151.11
-
-['.json', 'decnet.web.ingester', 'r', 'replace', 'utf-8']
--- a/tests/.hypothesis/constants/1f005a833d034313
+++ b/tests/.hypothesis/constants/1f005a833d034313
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/logging/forwarder.py
-# hypothesis_version: 6.151.12
-
-[2.0, ':']
--- a/tests/.hypothesis/constants/1f12b014d4fe2068
+++ b/tests/.hypothesis/constants/1f12b014d4fe2068
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/mongodb.py
-# hypothesis_version: 6.151.12
-
-[27017, 'LOG_TARGET', 'NODE_NAME', 'build', 'container_name', 'context', 'environment', 'mongodb', 'restart', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/219a36e8b671f84b
+++ b/tests/.hypothesis/constants/219a36e8b671f84b
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/web/repository.py
-# hypothesis_version: 6.151.11
-
-[]
--- a/tests/.hypothesis/constants/2220ccbe8a25f02d
+++ b/tests/.hypothesis/constants/2220ccbe8a25f02d
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/snmp.py
-# hypothesis_version: 6.151.12
-
-[161, 'LOG_TARGET', 'NODE_NAME', 'build', 'container_name', 'context', 'environment', 'restart', 'snmp', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/2db3d63e8d96a289
+++ b/tests/.hypothesis/constants/2db3d63e8d96a289
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/deployer.py
-# hypothesis_version: 6.151.12
-
-[5.0, ', ', '--build', '--no-cache', '--watch', '-d', '-f', 'DECNET Deckies', 'Decky', 'Deployed Deckies', 'Hostname', 'IP', 'IPvlan', 'IPvlan L2', 'MACVLAN', 'Services', 'Status', '[green]up[/]', '[red]degraded[/]', 'absent', 'bold', 'build', 'cmdline', 'compose', 'decnet-compose.yml', 'decnet.cli', 'decnet.web.api:app', 'docker', 'down', 'green', 'manifest for', 'manifest unknown', 'mutate', 'name', 'not found', 'pid', 'pull access denied', 'red', 'rm', 'running', 'stop', 'up', 'uvicorn']
--- a/tests/.hypothesis/constants/2f0b53ebdb35c4e1
+++ b/tests/.hypothesis/constants/2f0b53ebdb35c4e1
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/sip.py
-# hypothesis_version: 6.151.12
-
-[5060, 'LOG_TARGET', 'NODE_NAME', 'build', 'container_name', 'context', 'environment', 'restart', 'sip', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/30a7ffe86227f7f1
+++ b/tests/.hypothesis/constants/30a7ffe86227f7f1
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/mssql.py
-# hypothesis_version: 6.151.12
-
-[1433, 'LOG_TARGET', 'NODE_NAME', 'build', 'container_name', 'context', 'environment', 'mssql', 'restart', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/349ec22a74b50191
+++ b/tests/.hypothesis/constants/349ec22a74b50191
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/composer.py
-# hypothesis_version: 6.151.11
-
-['/var/log/decnet', '3.8', 'BASE_IMAGE', 'DECNET_LOG_FILE', 'HOSTNAME', 'NET_ADMIN', 'args', 'bridge', 'build', 'cap_add', 'command', 'container_name', 'decnet_logs', 'depends_on', 'driver', 'environment', 'external', 'hostname', 'image', 'infinity', 'internal', 'ipv4_address', 'network_mode', 'networks', 'restart', 'services', 'sleep', 'sysctls', 'unless-stopped', 'version', 'volumes']
--- a/tests/.hypothesis/constants/37d6bf6c6c0b58e6
+++ b/tests/.hypothesis/constants/37d6bf6c6c0b58e6
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/elasticsearch.py
-# hypothesis_version: 6.151.12
-
-[9200, 'LOG_TARGET', 'NODE_NAME', 'build', 'container_name', 'context', 'elasticsearch', 'environment', 'restart', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/3cc47bb868bcb8f4
+++ b/tests/.hypothesis/constants/3cc47bb868bcb8f4
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/telnet.py
-# hypothesis_version: 6.151.12
-
-[':', 'COWRIE_SSH_ENABLED', 'NET_BIND_SERVICE', 'cap_add', 'container_name', 'cowrie/cowrie', 'environment', 'false', 'image', 'restart', 'telnet', 'true', 'unless-stopped']
--- a/tests/.hypothesis/constants/42a1dcb5c22b1ac1
+++ b/tests/.hypothesis/constants/42a1dcb5c22b1ac1
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/ini_loader.py
-# hypothesis_version: 6.151.11
-
-[100, 512, 1024, ',', '.', '1', '[', ']', 'amount', 'archetype', 'binary', 'custom-', 'exceeds maximum', 'exec', 'general', 'gw', 'interface', 'ip', 'log-target', 'log_target', 'mutate-interval', 'mutate_interval', 'net', 'nmap-os', 'nmap_os', 'ports', 'services']
--- a/tests/.hypothesis/constants/507a3145954fca93
+++ b/tests/.hypothesis/constants/507a3145954fca93
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/http.py
-# hypothesis_version: 6.151.12
-
-[443, '/opt/html_files', 'CUSTOM_BODY', 'EXTRA_HEADERS', 'FAKE_APP', 'FILES_DIR', 'LOG_TARGET', 'NODE_NAME', 'RESPONSE_CODE', 'SERVER_HEADER', 'build', 'container_name', 'context', 'custom_body', 'environment', 'extra_headers', 'fake_app', 'files', 'http', 'response_code', 'restart', 'server_header', 'templates', 'unless-stopped', 'volumes']
--- a/tests/.hypothesis/constants/53a42446f9f19b20
+++ b/tests/.hypothesis/constants/53a42446f9f19b20
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/ftp.py
-# hypothesis_version: 6.151.12
-
-['LOG_TARGET', 'NODE_NAME', 'build', 'container_name', 'context', 'environment', 'ftp', 'restart', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/574dbe54f9b23d3e
+++ b/tests/.hypothesis/constants/574dbe54f9b23d3e
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/correlation/engine.py
-# hypothesis_version: 6.151.11
-
-[3600, ',', 'Attacker IP', 'Deckies', 'Duration', 'Events', 'First Seen', 'Traversal Path', 'bold red', 'correlator', 'cyan', 'decnet-correlator', 'dim', 'events_indexed', 'lines_parsed', 'right', 'stats', 'traversal_detected', 'traversals', 'unique_ips', 'yellow']
--- a/tests/.hypothesis/constants/5a5554db0771f35b
+++ b/tests/.hypothesis/constants/5a5554db0771f35b
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/web/repository.py
-# hypothesis_version: 6.151.11
-
-[]
--- a/tests/.hypothesis/constants/5feefba3d1c668ca
+++ b/tests/.hypothesis/constants/5feefba3d1c668ca
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/web/ingester.py
-# hypothesis_version: 6.151.11
-
-['.json', 'attacker_ip', 'bounty_type', 'credential', 'decky', 'decnet.web.ingester', 'fields', 'password', 'payload', 'r', 'replace', 'service', 'username', 'utf-8']
--- a/tests/.hypothesis/constants/62e387790ed5b79f
+++ b/tests/.hypothesis/constants/62e387790ed5b79f
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/vnc.py
-# hypothesis_version: 6.151.12
-
-[5900, 'LOG_TARGET', 'NODE_NAME', 'build', 'container_name', 'context', 'environment', 'restart', 'templates', 'unless-stopped', 'vnc']
--- a/tests/.hypothesis/constants/66bd79275cd609e8
+++ b/tests/.hypothesis/constants/66bd79275cd609e8
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/correlation/parser.py
-# hypothesis_version: 6.151.11
-
-['"', '-', '\\', '\\"', '\\\\', '\\]', ']', 'client_ip', 'ip', 'remote_ip', 'src', 'src_ip']
--- a/tests/.hypothesis/constants/76302489300fdc45
+++ b/tests/.hypothesis/constants/76302489300fdc45
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/config.py
-# hypothesis_version: 6.151.11
-
-[0.0, ':', 'compose_path', 'config', 'debian', 'debian:bookworm-slim', 'decnet-state.json', 'linux', 'log_target', 'services', 'swarm', 'unihost']
--- a/tests/.hypothesis/constants/77b4b42ea3b9c9bf
+++ b/tests/.hypothesis/constants/77b4b42ea3b9c9bf
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/llmnr.py
-# hypothesis_version: 6.151.12
-
-[5353, 5355, 'LOG_TARGET', 'NODE_NAME', 'build', 'container_name', 'context', 'environment', 'llmnr', 'restart', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/79661beef79449a5
+++ b/tests/.hypothesis/constants/79661beef79449a5
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/registry.py
-# hypothesis_version: 6.151.11
-
-['base', 'decnet.services.', 'registry']
--- a/tests/.hypothesis/constants/7f9302a54093ce41
+++ b/tests/.hypothesis/constants/7f9302a54093ce41
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/correlation/__init__.py
-# hypothesis_version: 6.151.11
-
-['AttackerTraversal', 'CorrelationEngine', 'LogEvent', 'TraversalHop', 'parse_line']
--- a/tests/.hypothesis/constants/8029f0494746966f
+++ b/tests/.hypothesis/constants/8029f0494746966f
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/ldap.py
-# hypothesis_version: 6.151.12
-
-[389, 636, 'LOG_TARGET', 'NET_BIND_SERVICE', 'NODE_NAME', 'build', 'cap_add', 'container_name', 'context', 'environment', 'ldap', 'restart', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/87dce71ef389d477
+++ b/tests/.hypothesis/constants/87dce71ef389d477
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/mqtt.py
-# hypothesis_version: 6.151.12
-
-[1883, 'LOG_TARGET', 'NODE_NAME', 'build', 'container_name', 'context', 'environment', 'mqtt', 'restart', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/8b9368be0f77a253
+++ b/tests/.hypothesis/constants/8b9368be0f77a253
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/custom_service.py
-# hypothesis_version: 6.151.12
-
-['-', 'LOG_TARGET', 'NODE_NAME', '_', 'command', 'container_name', 'environment', 'image', 'restart', 'unless-stopped']
--- a/tests/.hypothesis/constants/8c8bf0135bf44b74
+++ b/tests/.hypothesis/constants/8c8bf0135bf44b74
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/web/api.py
-# hypothesis_version: 6.151.11
-
-[0.5, 400, 404, 500, 512, 1000, 1024, '*', '/api/v1/auth/login', '/api/v1/bounty', '/api/v1/deckies', '/api/v1/logs', '/api/v1/stats', '/api/v1/stream', '/docs', '/openapi.json', '/redoc', '1.0.0', 'Authentication', 'Authorization', 'Bearer', 'Bearer ', 'Bounty Vault', 'Decky not found', 'Fleet Management', 'Logs', 'No active deployment', 'Observability', 'WWW-Authenticate', 'access_token', 'admin', 'bearer', 'data', 'decnet.web.api', 'histogram', 'id', 'lastEventId', 'limit', 'logs', 'message', 'must_change_password', 'offset', 'password_hash', 'role', 'stats', 'text/event-stream', 'token', 'token_type', 'total', 'type', 'unihost', 'username', 'uuid']
--- a/tests/.hypothesis/constants/8c9335cb8231944a
+++ b/tests/.hypothesis/constants/8c9335cb8231944a
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/docker_api.py
-# hypothesis_version: 6.151.12
-
-[2375, 2376, 'LOG_TARGET', 'NODE_NAME', 'build', 'container_name', 'context', 'docker_api', 'environment', 'restart', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/8e330e30c399dccc
+++ b/tests/.hypothesis/constants/8e330e30c399dccc
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/real_ssh.py
-# hypothesis_version: 6.151.12
-
-['NET_BIND_SERVICE', 'SSH_HOSTNAME', 'SSH_ROOT_PASSWORD', 'admin', 'build', 'cap_add', 'container_name', 'context', 'environment', 'hostname', 'password', 'real_ssh', 'restart', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/9193e12e937c9da2
+++ b/tests/.hypothesis/constants/9193e12e937c9da2
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/logging/syslog_formatter.py
-# hypothesis_version: 6.151.11
-
-[255, '"', '-', '1', '\\', '\\"', '\\\\', '\\]', ']', 'decnet@55555']
--- a/tests/.hypothesis/constants/952b61539a326753
+++ b/tests/.hypothesis/constants/952b61539a326753
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/ssh.py
-# hypothesis_version: 6.151.12
-
-[2222, ':', 'COWRIE_HOSTNAME', 'COWRIE_SSH_VERSION', 'NET_BIND_SERVICE', 'NODE_NAME', 'build', 'cap_add', 'container_name', 'context', 'cowrie', 'environment', 'hardware_platform', 'kernel_build_string', 'kernel_version', 'restart', 'ssh', 'ssh_banner', 'templates', 'true', 'unless-stopped', 'users']
--- a/tests/.hypothesis/constants/95eb634544ca6000
+++ b/tests/.hypothesis/constants/95eb634544ca6000
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/smb.py
-# hypothesis_version: 6.151.12
-
-[139, 445, 'LOG_TARGET', 'NET_BIND_SERVICE', 'NODE_NAME', 'build', 'cap_add', 'container_name', 'context', 'environment', 'restart', 'smb', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/996aa9c745349122
+++ b/tests/.hypothesis/constants/996aa9c745349122
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/base.py
-# hypothesis_version: 6.151.11
-
-[]
--- a/tests/.hypothesis/constants/9f85e820bb1eb903
+++ b/tests/.hypothesis/constants/9f85e820bb1eb903
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/distros.py
-# hypothesis_version: 6.151.11
-
-['Alpine Linux 3.19', 'Arch Linux', 'CentOS 7', 'Debian 12 (Bookworm)', 'Fedora 39', 'Kali Linux (Rolling)', 'Rocky Linux 9', 'alpha', 'alpine', 'alpine:3.19', 'arch', 'archlinux:latest', 'backup', 'bravo', 'centos7', 'centos:7', 'charlie', 'db', 'debian', 'debian:bookworm-slim', 'delta', 'dev', 'echo', 'fedora', 'fedora:39', 'files', 'foxtrot', 'generic', 'golf', 'hotel', 'india', 'juliet', 'kali', 'kilo', 'lima', 'mail', 'mike', 'minimal', 'monitor', 'nova', 'oscar', 'prod', 'proxy', 'rhel', 'rocky9', 'rockylinux:9-minimal', 'rolling', 'stage', 'ubuntu20', 'ubuntu22', 'ubuntu:20.04', 'ubuntu:22.04', 'web']
--- a/tests/.hypothesis/constants/a115dde40ee13bf8
+++ b/tests/.hypothesis/constants/a115dde40ee13bf8
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/mysql.py
-# hypothesis_version: 6.151.12
-
-[3306, 'LOG_TARGET', 'MYSQL_VERSION', 'NODE_NAME', 'build', 'container_name', 'context', 'environment', 'mysql', 'restart', 'templates', 'unless-stopped', 'version']
--- a/tests/.hypothesis/constants/a3207e9522fed10c
+++ b/tests/.hypothesis/constants/a3207e9522fed10c
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/web/api.py
-# hypothesis_version: 6.151.11
-
-[1000, '*', '/api/v1/auth/login', '/api/v1/logs', '/api/v1/stats', '1.0.0', 'Bearer', 'WWW-Authenticate', 'access_token', 'admin', 'bearer', 'data', 'limit', 'message', 'must_change_password', 'offset', 'password_hash', 'role', 'token_type', 'total', 'username', 'uuid']
--- a/tests/.hypothesis/constants/a36433a7a8a46f4d
+++ b/tests/.hypothesis/constants/a36433a7a8a46f4d
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/smtp.py
-# hypothesis_version: 6.151.12
-
-[587, 'LOG_TARGET', 'NET_BIND_SERVICE', 'NODE_NAME', 'SMTP_BANNER', 'SMTP_MTA', 'banner', 'build', 'cap_add', 'container_name', 'context', 'environment', 'mta', 'restart', 'smtp', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/a36bdeb88e27cda2
+++ b/tests/.hypothesis/constants/a36bdeb88e27cda2
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/postgres.py
-# hypothesis_version: 6.151.12
-
-[5432, 'LOG_TARGET', 'NODE_NAME', 'build', 'container_name', 'context', 'environment', 'postgres', 'restart', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/a4b0cd024dec37b3
+++ b/tests/.hypothesis/constants/a4b0cd024dec37b3
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/pop3.py
-# hypothesis_version: 6.151.12
-
-[110, 995, 'LOG_TARGET', 'NODE_NAME', 'build', 'container_name', 'context', 'environment', 'pop3', 'restart', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/a92a9b5d6ef7fbda
+++ b/tests/.hypothesis/constants/a92a9b5d6ef7fbda
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/os_fingerprint.py
-# hypothesis_version: 6.151.11
-
-['128', '2', '255', '3', '6', '64', 'bsd', 'cisco', 'embedded', 'linux', 'windows']
--- a/tests/.hypothesis/constants/ad18d933a368774b
+++ b/tests/.hypothesis/constants/ad18d933a368774b
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/archetypes.py
-# hypothesis_version: 6.151.11
-
-[', ', 'Database Server', 'DevOps Host', 'Domain Controller', 'File Server', 'IoT Device', 'Linux Server', 'Mail Server', 'Monitoring Node', 'Network Printer', 'VoIP Server', 'Web Server', 'Windows Server', 'Windows Workstation', 'alpine', 'conpot', 'database-server', 'deaddeck', 'debian', 'devops-host', 'docker_api', 'domain-controller', 'embedded', 'fedora', 'file-server', 'ftp', 'http', 'imap', 'industrial-control', 'iot-device', 'k8s', 'ldap', 'linux', 'linux-server', 'llmnr', 'mail-server', 'monitoring-node', 'mqtt', 'mysql', 'pop3', 'postgres', 'printer', 'rdp', 'real_ssh', 'redis', 'rocky9', 'sip', 'smb', 'smtp', 'snmp', 'ssh', 'telnet', 'ubuntu20', 'ubuntu22', 'voip-server', 'web-server', 'windows', 'windows-server', 'windows-workstation']
--- a/tests/.hypothesis/constants/b0cdd7ca461ac3a7
+++ b/tests/.hypothesis/constants/b0cdd7ca461ac3a7
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/k8s.py
-# hypothesis_version: 6.151.12
-
-[6443, 8080, 'LOG_TARGET', 'NODE_NAME', 'build', 'container_name', 'context', 'environment', 'k8s', 'restart', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/b3ae76f264e289ba
+++ b/tests/.hypothesis/constants/b3ae76f264e289ba
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/redis.py
-# hypothesis_version: 6.151.12
-
-[6379, 'LOG_TARGET', 'NODE_NAME', 'REDIS_OS', 'REDIS_VERSION', 'build', 'container_name', 'context', 'environment', 'os_string', 'redis', 'restart', 'templates', 'unless-stopped', 'version']
--- a/tests/.hypothesis/constants/b4fbfe7d71d1fde1
+++ b/tests/.hypothesis/constants/b4fbfe7d71d1fde1
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/correlation/graph.py
-# hypothesis_version: 6.151.11
-
-[' → ', 'attacker_ip', 'deckies', 'decky', 'decky_count', 'duration_seconds', 'event_type', 'first_seen', 'hop_count', 'hops', 'last_seen', 'path', 'service', 'timestamp']
--- a/tests/.hypothesis/constants/c1bae63b725863f0
+++ b/tests/.hypothesis/constants/c1bae63b725863f0
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/imap.py
-# hypothesis_version: 6.151.12
-
-[143, 993, 'LOG_TARGET', 'NODE_NAME', 'build', 'container_name', 'context', 'environment', 'imap', 'restart', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/cac20128001ccd85
+++ b/tests/.hypothesis/constants/cac20128001ccd85
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/network.py
-# hypothesis_version: 6.151.11
-
-['/', 'add', 'addr', 'bridge', 'decnet_ipvlan0', 'decnet_lan', 'decnet_macvlan0', 'default', 'del', 'dev', 'inet ', 'inet6', 'ip', 'ipvlan', 'ipvlan_mode', 'l2', 'link', 'macvlan', 'mode', 'parent', 'route', 'set', 'show', 'type', 'up', 'via']
--- a/tests/.hypothesis/constants/ceb1d0465029fa83
+++ b/tests/.hypothesis/constants/ceb1d0465029fa83
@@ -1,4 +0,0 @@
-# file: /home/anti/.local/bin/pytest
-# hypothesis_version: 6.151.11
-
-['__main__']
--- a/tests/.hypothesis/constants/cf9d3e39a6bf6308
+++ b/tests/.hypothesis/constants/cf9d3e39a6bf6308
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/web/sqlite_repository.py
-# hypothesis_version: 6.151.11
-
-[' AND ', ' WHERE ', ':', '[^a-zA-Z0-9_]', 'active_deckies', 'attacker', 'attacker-ip', 'attacker_ip', 'bounty_type', 'bounty_type = ?', 'bucket_time', 'count', 'decky', 'decnet.db', 'deployed_deckies', 'event', 'event_type', 'fields', 'id > ?', 'max_id', 'msg', 'must_change_password', 'password_hash', 'payload', 'raw_line', 'role', 'service', 'time', 'timestamp', 'timestamp <= ?', 'timestamp >= ?', 'total', 'total_logs', 'unique_attackers', 'username', 'uuid']
--- a/tests/.hypothesis/constants/d479b632891acb05
+++ b/tests/.hypothesis/constants/d479b632891acb05
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/logging/file_handler.py
-# hypothesis_version: 6.151.11
-
-[1024, '%(message)s', 'DECNET_LOG_FILE', 'decnet.syslog', 'utf-8']
--- a/tests/.hypothesis/constants/da39a3ee5e6b4b0d
+++ b/tests/.hypothesis/constants/da39a3ee5e6b4b0d
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/__init__.py
-# hypothesis_version: 6.151.11
-
-[]
--- a/tests/.hypothesis/constants/da43cd4d80a43169
+++ b/tests/.hypothesis/constants/da43cd4d80a43169
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/web/sqlite_repository.py
-# hypothesis_version: 6.151.11
-
-['SELECT * FROM logs', 'active_deckies', 'attacker_ip', 'decky', 'decnet.db', 'event_type', 'fields', 'msg', 'must_change_password', 'password_hash', 'raw_line', 'role', 'service', 'timestamp', 'total', 'total_logs', 'unique_attackers', 'username', 'uuid']
--- a/tests/.hypothesis/constants/df40fa14165138c7
+++ b/tests/.hypothesis/constants/df40fa14165138c7
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/web/auth.py
-# hypothesis_version: 6.151.11
-
-[1440, 'DECNET_SECRET_KEY', 'HS256', 'exp', 'iat', 'utf-8']
--- a/tests/.hypothesis/constants/e04c4b026eeb7e26
+++ b/tests/.hypothesis/constants/e04c4b026eeb7e26
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/rdp.py
-# hypothesis_version: 6.151.12
-
-[3389, 'LOG_TARGET', 'NODE_NAME', 'build', 'container_name', 'context', 'environment', 'rdp', 'restart', 'templates', 'unless-stopped']
--- a/tests/.hypothesis/constants/f9f2aace37ce402b
+++ b/tests/.hypothesis/constants/f9f2aace37ce402b
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/web/auth.py
-# hypothesis_version: 6.151.11
-
-[1440, 'HS256', 'exp', 'iat', 'utf-8']
--- a/tests/.hypothesis/constants/fb7b3bbd8bd7b0f3
+++ b/tests/.hypothesis/constants/fb7b3bbd8bd7b0f3
@@ -1,4 +0,0 @@
-# file: /home/anti/Tools/DECNET/decnet/services/conpot.py
-# hypothesis_version: 6.151.12
-
-[161, 502, 'CONPOT_TEMPLATE', 'conpot', 'container_name', 'default', 'environment', 'honeynet/conpot', 'image', 'restart', 'unless-stopped']
--- a/tests/.hypothesis/unicode_data/16.0.0/charmap.json.gz
+++ b/tests/.hypothesis/unicode_data/16.0.0/charmap.json.gz
--- a/tests/.hypothesis/unicode_data/16.0.0/codec-utf-8.json.gz
+++ b/tests/.hypothesis/unicode_data/16.0.0/codec-utf-8.json.gz
--- a/tests/test_composer.py
+++ b/tests/test_composer.py
@@ -20,13 +20,13 @@ APT_COMPATIBLE = {
 }

 BUILD_SERVICES = [
-    "ssh", "http", "rdp", "smb", "ftp", "smtp", "elasticsearch",
+    "ssh", "telnet", "http", "rdp", "smb", "ftp", "smtp", "elasticsearch",
    "pop3", "imap", "mysql", "mssql", "redis", "mongodb", "postgres",
    "ldap", "vnc", "docker_api", "k8s", "sip",
    "mqtt", "llmnr", "snmp", "tftp", "conpot"
 ]

-UPSTREAM_SERVICES = ["telnet"]
+UPSTREAM_SERVICES: list = []


 def _make_config(services, distro="debian", base_image=None, build_base=None):
--- a/tests/test_services.py
+++ b/tests/test_services.py
@@ -31,9 +31,7 @@ def _is_build_service(name: str) -> bool:
 # Tier 1: upstream-image services (non-build)
 # ---------------------------------------------------------------------------

-UPSTREAM_SERVICES = {
-    "telnet": ("cowrie/cowrie",  [23]),
-}
+UPSTREAM_SERVICES: dict = {}

 # ---------------------------------------------------------------------------
 # Tier 2: custom-build services (including ssh, which now uses build)
@@ -41,6 +39,7 @@ UPSTREAM_SERVICES = {

 BUILD_SERVICES = {
    "ssh":           ([22],         "ssh"),
+    "telnet":        ([23],         "telnet"),
    "http":          ([80, 443],    "http"),
    "rdp":           ([3389],       "rdp"),
    "smb":           ([445, 139],   "smb"),
@@ -155,7 +154,8 @@ def test_build_service_restart_policy(name):
    assert frag.get("restart") == "unless-stopped"


-_NODE_NAME_SERVICES = [n for n in BUILD_SERVICES if n not in ("ssh", "real_ssh")]
+_RSYSLOG_SERVICES = {"ssh", "real_ssh", "telnet"}
+_NODE_NAME_SERVICES = [n for n in BUILD_SERVICES if n not in _RSYSLOG_SERVICES]


@pytest.mark.parametrize("name", _NODE_NAME_SERVICES)
@@ -166,8 +166,8 @@ def test_build_service_node_name_env(name):
    assert env["NODE_NAME"] == "test-decky"


-# ssh and real_ssh do not use LOG_TARGET (rsyslog handles log forwarding inside the container)
-_LOG_TARGET_SERVICES = [n for n in BUILD_SERVICES if n not in ("ssh", "real_ssh")]
+# ssh, real_ssh, and telnet do not use LOG_TARGET (rsyslog handles log forwarding inside the container)
+_LOG_TARGET_SERVICES = [n for n in BUILD_SERVICES if n not in _RSYSLOG_SERVICES]


@pytest.mark.parametrize("name", _LOG_TARGET_SERVICES)
@@ -339,21 +339,24 @@ def test_redis_default_no_extra_env():

 # Telnet ---------------------------------------------------------------------

-def test_telnet_log_target_uses_cowrie_tcp_output():
-    """Telnet forwards logs via Cowrie TCP output, same pattern as SSH."""
-    env = _fragment("telnet", log_target="10.0.0.1:5140").get("environment", {})
-    assert env.get("COWRIE_OUTPUT_TCP_ENABLED") == "true"
-    assert env.get("COWRIE_OUTPUT_TCP_HOST") == "10.0.0.1"
-    assert env.get("COWRIE_OUTPUT_TCP_PORT") == "5140"
+def test_telnet_uses_build_context():
+    """Telnet uses a build context (no Cowrie image)."""
+    frag = _fragment("telnet")
+    assert "build" in frag
+    assert "image" not in frag


-def test_telnet_no_log_target_omits_tcp_output():
+def test_telnet_default_password():
    env = _fragment("telnet").get("environment", {})
-    assert "COWRIE_OUTPUT_TCP_ENABLED" not in env
-    assert "COWRIE_OUTPUT_TCP_HOST" not in env
+    assert env.get("TELNET_ROOT_PASSWORD") == "admin"


-def test_telnet_ssh_disabled_in_telnet_only_container():
+def test_telnet_custom_password():
+    env = _fragment("telnet", service_cfg={"password": "s3cr3t"}).get("environment", {})
+    assert env.get("TELNET_ROOT_PASSWORD") == "s3cr3t"
+
+
+def test_telnet_no_cowrie_env_vars():
+    """Ensure no Cowrie env vars bleed into the real telnet service."""
    env = _fragment("telnet").get("environment", {})
-    assert env.get("COWRIE_SSH_ENABLED") == "false"
-    assert env.get("COWRIE_TELNET_ENABLED") == "true"
+    assert not any(k.startswith("COWRIE_") for k in env)