Honeypots mailing list archives
Sebek client (2.1.7) issues with Debian 3.1 (sarge)
From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Mon, 21 Feb 2005 12:52:49 +0100
Hi everyone,I've browsed the mailing list first and I can't find an answer to my question so here it goes. I'm using Sebek 2.1.7 and trying to get it work with a Debian 3.1 (sarge) system.
1- First, I had to change the Makefile since, obvioulsy, /usr/src/linux-2.4 does not exist in Debian. I actually used /usr/src/kernel-source-2.4.27 (from the Debian package that provides the kernel sources) and adjusted KERN_SRC in the Makefile accordingly. Secondly, I adjusted the INCLUDES in the Makefile to the include files of the kernel the honeypot will be running (2.4.27-2-386) by installing kernel-headers-2.4.27-2 and changing INCLUDES to '-I/usr/src/kernel-headers-2.4.27-2/include'
2.- af_packet.c wouldn't patch properly, it turns out this was because of a spurious line inserted in chunk @-190,7, +193,7 before 'struct tpacket_hdr **iovec'. I remade the patch so that it wouldn't break there.
2.- Compiling issues. Like Rock Lobster, I've also had issues compiling sebek. I believe this are related to the use of a newer Gcc release and are probably not important. I'm using gcc 3.3.5 (Debian package 1:3.3.5-8):
gcc -c -I/usr/src/linux-2.4/include -O2 -DUSE_MOD_LICENSE -DUSE_FUDGE ./sebek.c -o sebek.o
In file included from sebek.c:41: af_packet.c: In function `packet_recvmsg':af_packet.c:1102: warning: use of cast expressions as lvalues is deprecated af_packet.c:1103: warning: use of cast expressions as lvalues is deprecated
sebek.c: At top level: sebek.c:369: warning: conflicting types for built-in function `log' sebek.c: In function `init_module': sebek.c:599: warning: use of cast expressions as lvalues is deprecated rm af_packet.c3.- When trying to insert the new module I get a kernel-module mismatch ("XXXX was compiled for kernel version 2.4.27-2 while this kernel version is version 2.4.27-2-386". I just modified sbk_install.sh to use 'insmod -f'. I expected this, however.
4.- When forcing the module installation it won't install: "XXXX unresolved symbol __write_lock_failed XXXXX unresolved symbol kernel_flag_cacheline XXXXX unresolved symbol __read_lock_failed"I'm going to try with a custom kernel (not the stock one provided by Debian) but I was wondering if somebody had these same issues....
Regards JavierPS: It seems that a number of people in the list have succesfully made Sebek work in Debian systems. So maybe there's something wrong with my installation or with me :-)
Current thread:
- Sebek client (2.1.7) issues with Debian 3.1 (sarge) Javier Fernandez-Sanguino (Feb 22)
- Re: Sebek client (2.1.7) issues with Debian 3.1 (sarge) Valdis . Kletnieks (Feb 22)
- Re: Sebek client (2.1.7) issues with Debian 3.1 (sarge) Javier Fernandez-Sanguino (Feb 23)