LinuxQuestions.org - honeyd set up

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - honeyd set up (https://www.linuxquestions.org/questions/linux-server-73/honeyd-set-up-817138/)

hi,

i run opensuse 11.2 and have installed honeyd for trial.

when i run the honeyd -dP as a superuser i get following error -

started with -dP
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"
honeyd[5088]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip )) and not ether src 00:1e:90:35:ef:28
honeyd[5088]: switching to polling mode
honeyd[5088]: HTTP server listening on 127.0.0.1:80
honeyd[5088]: HTTP server root at /usr/share/honeyd/webserver/htdocs
honeyd[5088]: Demoting process privileges to uid 65534, gid 65533
honeyd[5088]: webserver: require write read access to /usr/share/honeyd/webserver/htdocs/.: Permission denied

I get verification right -

linux-lst5:/home/david # honeyd --verify-config
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
honeyd[5332]: started with --verify-config
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"
honeyd: parsing configuration file successful

I have set appropriate permissions. getting this package in suse repo was difficult but the build team did a favor. let me know if i have done anything stupid.

best,

david

Quote:

Originally Posted by grumpy.biatch (Post 4019156)

It probably messed up post updates.

Did reconfig-

linux-lst5:/home/david # honeyd --fix-webserver-permissions
Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos
honeyd[5393]: started with --fix-webserver-permissions
Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"
honeyd[5393]: listening promiscuously on eth0: (arp or ip proto 47 or (udp and src port 67 and dst port 68) or (ip )) and not ether src 00:1e:90:35:ef:28
honeyd[5393]: HTTP server listening on 127.0.0.1:80
honeyd[5393]: HTTP server root at /usr/share/honeyd/webserver/htdocs
honeyd[5393]: Fixing ownership: /usr/share/honeyd/webserver/htdocs/graphs
honeyd[5393]: Fixing ownership: /usr/share/honeyd/webserver/htdocs/.
honeyd[5393]: Fixing ownership: /usr/share/honeyd/webserver/htdocs/images
honeyd[5393]: Fixing ownership: /usr/share/honeyd/webserver/htdocs/styles
honeyd[5393]: Fixing ownership: /usr/share/honeyd/webserver/htdocs/templates
honeyd[5393]: Fixing ownership: /usr/share/honeyd/webserver/htdocs/templates/inc
Honeyd starting as background process

Let me know if this is right or wrong.

Quote:

Originally Posted by grumpy.biatch (Post 4019156)

Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"
Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"

See http://www.honeyd.org/faq.php#warning (ignore).

I had a kernel panic last night, managed to sort that out but honeyd isnt working anymore.

Code:

linux-zsof:/home/david # honeyd

Honeyd V1.5c Copyright (c) 2002-2007 Niels Provos

honeyd[8352]: started with 

Warning: Impossible SI range in Class fingerprint "IBM OS/400 V4R2M0"

Warning: Impossible SI range in Class fingerprint "Microsoft Windows NT 4.0 SP3"

honeyd: interface_new: bad interface configuration: eth0 is not IP

You have mail in /var/spool/mail/david

There are no messages in that folder.

How do I get to resolve this.