Re: Sebek BSD 3.0 beta

[Pierre LALET <pierre () droids-corp org>]

On Wed, 15 Jun 2005, aq wrote:
> > As announced on the Honeynet Project web site
> > <http://www.honeynet.org/>, a beta version of Sebek clients for BSD
> > systems has been released. It can be obtainned here :
> > <http://honeynet.droids-corp.org/>.
>
> Pierre, i cannot find any changelog for this version?

Well... I cannot either ;-)

Short changelog (1.2 -> 3.0-cvs):
 - Bug fixes
 - Support for Sebek Protocol version 3 (new syscalls)

About the new syscalls ; from sebek/sebek.h :

#define SEBEK_READ 0
#define SEBEK_READV SEBEK_READ
#define SEBEK_WRITE 1
#define SEBEK_WRITEV SEBEK_WRITE
#define SEBEK_SOCKET 2
#define SEBEK_OPEN 3
#define SEBEK_FHOPEN SEBEK_OPEN

and :

#define SEBEK_SOCKET_BIND 2
#define SEBEK_SOCKET_CONNECT 3
#define SEBEK_SOCKET_LISTEN 4
#define SEBEK_SOCKET_ACCEPT 5
#define SEBEK_SOCKET_SENDMSG 16
#define SEBEK_SOCKET_RECVMESG 17
#define SEBEK_SOCKET_SENDTO 11
#define SEBEK_SOCKET_RECVFROM 12

> does sebek 3 support 2.6 kernel? if not, it is too late, isnt it? 2.6
> out for almost 2 years.

Well...

These clients are for *BSD* (Free, Net & Open [tell us if you need another
BSD]) systems. I suppose you mean *Linux* kernel. You have to know
something : BSD systems do *not* run Linux kernels...

Regarding Linux clients, I'm not the one who can help you.

Anyway, Sebek is free software, you can contribute if you are not
satisfied with the current versions (and this is true for each Sebek
client, the server, etc.).

Regards,

Pierre

-- 
Pierre LALET
http://pierre.droids-corp.org/
Droids Corporation & Team rstack
French Honeynet Project