Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

Sebek client (2.1.7) issues with Debian 3.1 (sarge)

From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Mon, 21 Feb 2005 12:52:49 +0100
Hi everyone,
I've browsed the mailing list first and I can't find an answer to my question so here it goes. I'm using Sebek 2.1.7 and trying to get it work with a Debian 3.1 (sarge) system.
1- First, I had to change the Makefile since, obvioulsy, /usr/src/linux-2.4 does not exist in Debian. I actually used /usr/src/kernel-source-2.4.27 (from the Debian package that provides the kernel sources) and adjusted KERN_SRC in the Makefile accordingly. Secondly, I adjusted the INCLUDES in the Makefile to the include files of the kernel the honeypot will be running (2.4.27-2-386) by installing kernel-headers-2.4.27-2 and changing INCLUDES to '-I/usr/src/kernel-headers-2.4.27-2/include'
2.- af_packet.c wouldn't patch properly, it turns out this was because of a spurious line inserted in chunk @-190,7, +193,7 before 'struct tpacket_hdr **iovec'. I remade the patch so that it wouldn't break there.
2.- Compiling issues. Like Rock Lobster, I've also had issues compiling sebek. I believe this are related to the use of a newer Gcc release and are probably not important. I'm using gcc 3.3.5 (Debian package 1:3.3.5-8):
gcc -c -I/usr/src/linux-2.4/include -O2 -DUSE_MOD_LICENSE -DUSE_FUDGE ./sebek.c -o sebek.o 
In file included from sebek.c:41:
af_packet.c: In function `packet_recvmsg':
af_packet.c:1102: warning: use of cast expressions as lvalues is deprecated af_packet.c:1103: warning: use of cast expressions as lvalues is deprecated 
sebek.c: At top level:
sebek.c:369: warning: conflicting types for built-in function `log'
sebek.c: In function `init_module':
sebek.c:599: warning: use of cast expressions as lvalues is deprecated
rm af_packet.c
3.- When trying to insert the new module I get a kernel-module mismatch ("XXXX was compiled for kernel version 2.4.27-2 while this kernel version is version 2.4.27-2-386". I just modified sbk_install.sh to use 'insmod -f'. I expected this, however. 

4.- When forcing the module installation it won't install:

"XXXX  unresolved symbol __write_lock_failed
XXXXX  unresolved symbol kernel_flag_cacheline
XXXXX  unresolved symbol __read_lock_failed"
I'm going to try with a custom kernel (not the stock one provided by Debian) but I was wondering if somebody had these same issues.... 

Regards

Javier
PS: It seems that a number of people in the list have succesfully made Sebek work in Debian systems. So maybe there's something wrong with my installation or with me :-)
Previous By Date Next
Previous By Thread Next

Current thread: