Honeypots mailing list archives
Re: LKM - Sebek
From: Mike lim <bugtraq77 () yahoo com>
Date: Wed, 18 Dec 2002 17:42:22 -0800 (PST)
Hi, Thanks for the info, I managed to get it working. What happened is that I had 3 different kernels in the system and stupid me got the wrong one running when I thought I was running the correct one. And yes, sebek isn't friendly with redhat 6.2. It needs quite alot of stuffz that does not come default with 6.2. I have to manually copy all the library and include files before I am able to get it compiled and run. (troubleshooting package dependecies in 6.2 is more difficult than manually copying the needed files) Basically, I need to have a bootdisk ready to replace some of the sytem critical files such as: libdl-2.3.1.so libc-2.3.1.so libnss_files-2.3.1.so libthread_db-1.0.so Edward Balas <ebalas () iu edu> wrote: On Wed, 18 Dec 2002, Mike lim wrote:
Has anybody has success running this adore-modified key logger?
Yes. Sorry for the lack of sutable HOWTO etc. This is a comon error when the kernel source you compile to does not match the kernel you are trying to use the module with. If I recall sebek isnt so happy on RH6.2
I managed to compile the kernel modules successfully in Redhat 6.2. However, the client when run (./sebek.sh start) produced the following: ----------------------------------------------------------------- rmmod: module cleaner is not loaded Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File '/tmp/sebek/adore.o' hided. Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File '/tmp/sebek/cleaner.o' hided. Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File '/tmp/sebek/sdm' hided. Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File '/tmp/sebek/ava' hided. Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File '/tmp/sebek/sebek.sh' hided. Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File '/tmp/sebek' hided. Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File '/dev/sebek' hided. Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... Can't hide process. Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File './sebek.sh' hided. ------------------------------------------------------------------ The error apparantly comes from adore (ava) as the following commands produced the following: ./ava h LICENSE Couldn't authorize myself. Trying anyway ... Potential sebek config/version mismatch... File 'LICENSE' hided. In addition, the FIle 'LICENSE' hided it not hidden. --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now
--------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now
Current thread:
- LKM - Sebek Mike lim (Dec 18)
- Re: LKM - Sebek Edward Balas (Dec 18)
- Re: LKM - Sebek Mike lim (Dec 19)
- Re: LKM - Sebek Edward Balas (Dec 18)