Re: Sebek client (2.1.7) issues with Debian 3.1 (sarge)

[Javier Fernandez-Sanguino <jfernandez () germinus com>]

Javier Fernandez-Sanguino wrote:
> Hi everyone,
>
> I've browsed the mailing list first and I can't find an answer to my 
> question so here it goes. I'm using Sebek 2.1.7 and trying to get it 
> work with a Debian 3.1 (sarge) system.
>
>
> 1- First, I had to change the Makefile since, obvioulsy, 
> /usr/src/linux-2.4 does not exist in Debian. I actually used 
> /usr/src/kernel-source-2.4.27 (from the Debian package that provides the 
> kernel sources) and adjusted KERN_SRC in the Makefile accordingly. 
> Secondly, I adjusted the INCLUDES in the Makefile to the include files 
> of the kernel the honeypot will be running (2.4.27-2-386) by installing 
> kernel-headers-2.4.27-2 and changing INCLUDES to 
> '-I/usr/src/kernel-headers-2.4.27-2/include'

Here's the mistake I made. I should have used the 
kernel-headers-2.4.27-2-$MYARCH packages instead of the average kernel 
headers. Once you do this all will work (no version mismatch after 
this point and no errors regarding symbols).

Of course, an alternative I had made work previously was to install 
the Debian kernel-sources (kernel-source packages), compile the 
sources with your specific needs and make the sebek Makefile point there.

So basicly, for those wanting to get Sebek 2.1.7 up and running in 
Debian fast you should:

1.- Install the appropiate packages:
apt-get install kernel-source-`uname -r|sed -e 's/-.*//'` 
kernel-headers-`uname -r`

2.- Change the Makefile:
KERN_SRC = /usr/src/kernel-source-$(shell uname -r|sed -e 's/-.*//')
INCLUDES = /usr/src/kernel-headers-$(shell uname -r)/include

3.- Fix the patch to af_packet.c so it does not get rejected. (remove 
chunk hunk @-190,7, +193,7)

4.- Compile

5.- Install sebek

Enjoy!

Regards

Javier