Re: Problems building Sebek

["Andreas Derdemezis" <ader () ait edu gr>]

> I'm trying to install a Sebek client onto a SUSE 10.0 honeypot, but it's
> failing the make. This is with the gcc 4.01 compiler. I tried
> configuring first with the patched af_packet.c and then again by just
> copying af_packet.c from the linux source into the sebek path (after
> config) and still get the same failure. Any thoughts?
>
> See output below.
>
> - Mark
>
> patch  ./src/af_packet.c ./src/af_packet.diff
> patching file ./src/af_packet.c
> Hunk #2 succeeded at 1048 (offset 6 lines).
> Hunk #3 succeeded at 1080 (offset 6 lines).
> Hunk #4 succeeded at 1092 (offset 6 lines).
> Hunk #5 succeeded at 1930 with fuzz 1 (offset 12 lines).
> ./gen_fudge.pl > ./src/fudge.h
> cp ./sbk_install.sh ./src
> cp ./parameters.sh  ./src
> cd ./src; make -C /usr/src/linux
> SUBDIRS=/home/mjh/sebek-lin26-3.1.2b/src modules
> make[1]: Entering directory `/usr/src/linux-2.6.13-15.10'
>
>    WARNING: Symbol version dump /usr/src/linux-2.6.13-15.10/Module.symvers
>             is missing; modules will have no dependencies and modversions.
>
>    CC [M]  /home/mjh/sebek-lin26-3.1.2b/src/sebek.o
>    CC [M]  /home/mjh/sebek-lin26-3.1.2b/src/net.o
> In file included from /home/mjh/sebek-lin26-3.1.2b/src/net.c:24:
> /home/mjh/sebek-lin26-3.1.2b/src/af_packet.c: In function
> ‘packet_recvmsg’:
> /home/mjh/sebek-lin26-3.1.2b/src/af_packet.c:1102: error: invalid lvalue
> in assignment
> /home/mjh/sebek-lin26-3.1.2b/src/af_packet.c:1103: error: invalid lvalue
> in assignment
> /home/mjh/sebek-lin26-3.1.2b/src/net.c: In function ‘sprintf_stats’:
> /home/mjh/sebek-lin26-3.1.2b/src/net.c:489: warning: format ‘%8lu’
> expects type ‘long unsigned int’, but argument 12 has type ‘u32’
> /home/mjh/sebek-lin26-3.1.2b/src/net.c:489: warning: format ‘%7lu’
> expects type ‘long unsigned int’, but argument 13 has type ‘u32’
> make[2]: *** [/home/mjh/sebek-lin26-3.1.2b/src/net.o] Error 1
> make[1]: *** [_module_/home/mjh/sebek-lin26-3.1.2b/src] Error 2
> make[1]: Leaving directory `/usr/src/linux-2.6.13-15.10'
> make: *** [sebek] Error 2
Greetings, I think we had the same problem with you when installing sebek
3.0.3 on a slackware Linux system. From what i can see from the errors you
get, WITHOUT being a C / OS expert... The problem seems to be some
directory path that has doesn't correspond your specific OS.
Are you 100% sure that the kernel version and SEBEK client are compatible?
Are you sure that all Paths are correct for your system??? We had to Make
changes in several lines of the configuration files in order to make the C
code work for our system...
Again i could be totally wrong... Just a though... Hope it helps

-- 
Andreas Derdemezis
BEng IT  -  MSc ICT (e-Tech)  - MSc ITT