Re: Sebek question

[Jason Schoenbrun <athlon () umd edu>]

Hi Kiran,

Funny, I'm also a student who had trouble with beginner stuff.
Well, I still do since I'm trying to learn Linux without any
background to begin with, but fortunately I can help you.

Firstly, the Sebek module is only able, for now, to run on the
Linux 2.4 Kernel. There's discussion about perhaps a newer
version supporting it, but I'm not sure when/if it's coming
out. So I'm running the client on Fedora Core 1.
On the server side though, you can have Kernel version 2.6 if
you want.
FYI, you also need to have the Kernel source code installed
when you install your 2.4 kernerl.

As to your server issue, I'm assuming you're running version
3.0.3. The documentation isn't great, especially because it
refers to a file that doesn't exist. You will want to use
sebekd.pl instead of sbk_upload.pl and instead of -u, use -U
(I think). I'm pretty sure that's the correct command line
syntax to use.
I can't get my Server 3.0.3 to work, but that's related to
creating the mySQL databases correctly, I'm pretty sure.
But I do have version 2.1.7 working, and so I'm pretty sure
about my corrections for your command line syntax.

Let me know if you have any more issues. (It seems the
Honeynet listserv moderator, Lance Spitzner, refuses to post
my posts probably because my questions are too basic. Like the
question of how to get version 3.0.3's database set up
correctly- that's why I still don't have it working. Either
way, I'm glad to help since it seems tough to get any from the
listserv if you don't already know a lot)

Good luck,
Jason

---- Original message ----
> Date: Tue, 2 Aug 2005 16:57:42 -0600 (MDT)
> From: kiranmai () nmt edu  
> Subject: Sebek question  
> To: athlon () umd edu
>
>  Greetings Sir,
>
>     I am a student.And I am involved in a research work on
Honeypot
> Detection.For this I tried to install sebek.But had some
> problems.Hope you will help me to get rid of them.
>
> Sebek Client:
>
> The problem while cofiguiring Sebek client is it gives me an
error stating
>  " error:Kernel source should be installed in
/usr/src/linux-2.4."
>  I am using Fedora Linux version 2.6.11.Is that the problem?
>
> Sebek Server:
>
> I installed sebek server properly.But while running the
sbk-extract command
> it has the following errors
>
>   sbk_upload.pl - command not found
>   ioctl         - no such device
>
> To run sbk-extract I used the following command
> " sbk_extract -i eth1 -p 1101 | sbk_upload.pl -u sebek_uid
-p sebek_pw -d
> sebek "
>
>       Please help me to clear these errors.
>
>                 Thankyou,
>
>                                                            
  Regards,
>                                                            
   kiran*
>