Honeypots mailing list archives
Sebek-client module must be reinstalled after every shutdown??
From: Jason Schoenbrun <athlon () umd edu>
Date: Fri, 4 Mar 2005 15:39:48 -0500
Thank you for all your help so far, The other day my Sebek server was successfully logging all read data from the Sebek client. Exciting! But, when I restart the computer, (with the server still monitoring the same port) the server never logs anything beyond the previous shutdown system commands. To get it to work again, I have to log back in to root on the client and ./sbk_install.sh again. Is that normal? (I assume not) On a an unrelated note, once I get it set up, I'm planning on studying system calls so that I can manually parse through the captured data to understand what the hacker was doing. This sounds rather tedious compared to the possibility of having a perl script or the like to automatically parse the code for certain patterns identifiable as known exploits. Do such programs/scripts exist? Thanks again, Jason
Current thread:
- Sebek-client module must be reinstalled after every shutdown?? Jason Schoenbrun (Mar 04)
- Re: Sebek-client module must be reinstalled after every shutdown?? Javier Fernandez-Sanguino (Mar 14)