Honeypots mailing list archives

RE: honeyd 1.0 and rrdtool error

From: "Williams Jon" <WilliamsJonathan () JohnDeere com>
Date: Wed, 5 Jan 2005 10:26:27 -0600

I am also having problems with the webserver part.  The logs seem to
indicate that everything is working properly:

Jan  5 11:14:14 ldxccs2 honeyd[29384]: started with -d -p
/usr/local/etc/nmap.prints -f /usr/local/etc/honeyd.conf -x
/usr/local/etc/xprobe2.prints -a /usr/local/etc/nmap.assoc -0
/usr/local/share/honeyd/pf.os -u 99 -g 99 --webserver-port 80
--webserver-root /usr/local/etc/webserver/htdocs --disable-update
--rrdtool-path=/usr/local/bin/rrdtool -l /var/log/honeyd/honeyd
Jan  5 11:14:14 ldxccs2 honeyd[29384]: listening promiscuously on eth0:
(arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip ))
and not dst net 169.254.0.0/16 and not dst net 224.0.0.0/4 and not src
net X.X.X.0/22 and not host Y.Y.Y.Y and not ether src 00:50:8b:ef:34:25
Jan  5 11:14:14 ldxccs2 honeyd[29384]: HTTP server listening on port 80
Jan  5 11:14:14 ldxccs2 honeyd[29384]: HTTP server root at
/usr/local/etc/webserver/htdocs
Jan  5 11:14:14 ldxccs2 honeyd[29384]: Demoting process privileges to
uid 99, gid 99

But no matter what URL I put in, I get a 404 error back.  I've tried
using the default webserver directory as well as copying the webserver
files to other locations, but so far, I've not been able to figure out
just what combination I should be using.

Any suggestions?

Thanks.

Jon

-----Original Message-----
From: Niels Provos [mailto:provos () citi umich edu] 
Sent: Wednesday, January 05, 2005 9:40 AM
To: Olaf Gellert
Cc: insideout () orcon net nz; honeypots () securityfocus com
Subject: Re: honeyd 1.0 and rrdtool error

Use the --rrdtool-path to provide the correct path.  You might also have
to run --fix-webserver-permissions if you get 403s.

Niels.

On Wed, Jan 05, 2005 at 04:18:54PM +0100, Olaf Gellert wrote:

insideout wrote:

Hi all,
I've just installed honeyd-1.0 on RH 8 (not the latest I know, but 
all I had on hand). I added the current  libevent, libdnet and 
rrdtool-1.0.49 as required, libpcap and python were already there. 
Everything appears to have gone fine, but on starting honeyd I get 
the following repeating in the logs:
honeyd: rrdtool_fork: execv(/usr/local/rrdtool-1.0.49/): Permission 
denied
honeyd[825]: rrdtool returning errors - restarting.
honeyd[825]: Respawing rrdtool too quickly

Just a short guess without having a closer look:
The error message seems to say, that execv is trying to execute a 
directory (instead of a binary in this directory). Maybe I am wrong, 
but I could not resist.

Olaf

-- 
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Consultant,                              Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og () pre-secure de

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet

Current thread:

honeyd 1.0 and rrdtool error insideout (Jan 05)
- Re: honeyd 1.0 and rrdtool error Zof (Jan 05)
- Re: honeyd 1.0 and rrdtool error Olaf Gellert (Jan 05)
  - Re: honeyd 1.0 and rrdtool error Niels Provos (Jan 05)
- <Possible follow-ups>
- RE: honeyd 1.0 and rrdtool error Williams Jon (Jan 05)
- RE: honeyd 1.0 and rrdtool error William Meloney VII (Jan 05)
- RE: honeyd 1.0 and rrdtool error Williams Jon (Jan 05)
  - Re: honeyd 1.0 and rrdtool error Chris (Jan 14)
    - Re: honeyd 1.0 and rrdtool error Mike Zupan (Jan 14)