Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Honeypots: RE: honeyd 1.0 and rrdtool error

RE: honeyd 1.0 and rrdtool error

From: Williams Jon <WilliamsJonathan_at_JohnDeere.com>
Date: Wed, 5 Jan 2005 10:26:27 -0600

I am also having problems with the webserver part. The logs seem to
indicate that everything is working properly:

Jan 5 11:14:14 ldxccs2 honeyd[29384]: started with -d -p
/usr/local/etc/nmap.prints -f /usr/local/etc/honeyd.conf -x
/usr/local/etc/xprobe2.prints -a /usr/local/etc/nmap.assoc -0
/usr/local/share/honeyd/pf.os -u 99 -g 99 --webserver-port 80
--webserver-root /usr/local/etc/webserver/htdocs --disable-update
--rrdtool-path=/usr/local/bin/rrdtool -l /var/log/honeyd/honeyd
Jan 5 11:14:14 ldxccs2 honeyd[29384]: listening promiscuously on eth0:
(arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip ))
and not dst net 169.254.0.0/16 and not dst net 224.0.0.0/4 and not src
net X.X.X.0/22 and not host Y.Y.Y.Y and not ether src 00:50:8b:ef:34:25
Jan 5 11:14:14 ldxccs2 honeyd[29384]: HTTP server listening on port 80
Jan 5 11:14:14 ldxccs2 honeyd[29384]: HTTP server root at
/usr/local/etc/webserver/htdocs
Jan 5 11:14:14 ldxccs2 honeyd[29384]: Demoting process privileges to
uid 99, gid 99

But no matter what URL I put in, I get a 404 error back. I've tried
using the default webserver directory as well as copying the webserver
files to other locations, but so far, I've not been able to figure out
just what combination I should be using.

Any suggestions?

Thanks.

Jon

-----Original Message-----
From: Niels Provos [mailto:provos_at_citi.umich.edu]
Sent: Wednesday, January 05, 2005 9:40 AM
To: Olaf Gellert
Cc: insideout_at_orcon.net.nz; honeypots_at_securityfocus.com
Subject: Re: honeyd 1.0 and rrdtool error

Use the --rrdtool-path to provide the correct path. You might also have
to run --fix-webserver-permissions if you get 403s.

Niels.

On Wed, Jan 05, 2005 at 04:18:54PM +0100, Olaf Gellert wrote:
> insideout wrote:
> > Hi all,
> > I've just installed honeyd-1.0 on RH 8 (not the latest I know, but
> > all I had on hand). I added the current libevent, libdnet and
> > rrdtool-1.0.49 as required, libpcap and python were already there.
> > Everything appears to have gone fine, but on starting honeyd I get
> > the following repeating in the logs:
> > honeyd: rrdtool_fork: execv(/usr/local/rrdtool-1.0.49/): Permission
> > denied
> > honeyd[825]: rrdtool returning errors - restarting.
> > honeyd[825]: Respawing rrdtool too quickly
> >
> Just a short guess without having a closer look:
> The error message seems to say, that execv is trying to execute a
> directory (instead of a binary in this directory). Maybe I am wrong,
> but I could not resist.
>
> Olaf
>
> --
> Dipl.Inform. Olaf Gellert PRESECURE (R)
> Consultant, Consulting GmbH
> Phone: (+49) 0700 / PRESECURE og_at_pre-secure.de
>
> A daily view on Internet Attacks
> https://www.ecsirt.net/sensornet
Received on Jan 05 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]