Honeypots mailing list archives
Re: can't make sebek-3.0.3 work - [solved]
From: Manolis Stamatogiannakis <mstamat () ics forth gr>
Date: Wed, 08 Jun 2005 17:54:28 +0300
Hello again, Now things seem to work :-) I checked the bugs page and noticed this post: https://bugs.honeynet.org/show_bug.cgi?id=134 I guess it refers to sebek2, but I installed the sources as described: apt-get install kernel-source-`uname -r|sed -e 's/-.*//'` kernel-headers-`uname -r` Then I compiled sebek3 as before. Only differences: 1. I changed sbk_install.sh before compiling (but that doesn't matter, does it?) 2. I added '-f' to the insmods of the script. Without the -f in insmods, I was getting: Installing Sebek: foobar.o: kernel-module version mismatch foobar.o was compiled for kernel version 2.4.27 while this kernel is version 2.4.27-2-386. foobar.o install failed Then I run sbk_install.sh from created sebek-linux-3.0.3-bin.tar. Sebek gets installed (although the kernel gets tainted). Ethereal reads packets without problem, although it seems unable to extract any meaningful data from them (passwords, files etc). Perhaps (?) it decodes them as sebek2 packets. I guess roo will be able to decode the packets. Note that I tried sebek both with KEYSTROKE_ONLY=0 and KEYSTROKE_ONLY=1 without problems. I wonder what the cause of my previous problems was... I'll try to reproduce it and I'll submit a bug if I crash again. Thanks again, Manolis Edward Balas wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would recommend you submit a bug report via: https://bugs.honeynet.org/ In it please include: The message that was barfed to the screen when the kernel crashed, or an aproxmiation if you cant get at the data. The configuration you used within sbk_install, no need to provide the magic value or ip info , but did you run keystrokes only, socket tracking, or testing. If the kernel is crashing, there is a problem ;-) Edward -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCoHNVlKB5oSzVKwoRArOpAJ9JfY6o9rQaVZC5i1HmKj9zk17mLACgkBan hHCXyI19FQJ07iTVYXUvK4U= =eaQw -----END PGP SIGNATURE-----
Current thread:
- can't make sebek-3.0.3 work Manolis Stamatogiannakis (Jun 03)
- Re: can't make sebek-3.0.3 work Edward Balas (Jun 03)
- Re: can't make sebek-3.0.3 work - [solved] Manolis Stamatogiannakis (Jun 08)
- Re: can't make sebek-3.0.3 work Edward Balas (Jun 03)