search

DinoTools / dionaea

Home of the dionaea honeypot
https://dionaea.readthedocs.io/
GNU General Public License v2.0
713 stars 182 forks source link

Unstable with one of the latest commits #115

Closed t3chn0m4g3 closed 7 years ago

t3chn0m4g3 commented 7 years ago

One of the latest commits causes dionaea to exit prematurely with the error message [19062017 21:00:39] nfq nfq.c:116: error during nfq_unbind_pf() family 2. Have any dependencies changed? Last good version is commit be43edcbecbd69931348891c5b529854501d103 which works perfectly fine.

phibos commented 7 years ago

There were only a few changes since the commit you mentioned.

But there is no commit changing the behaviour how the nfq module works.

t3chn0m4g3 commented 7 years ago

That's odd. I am using docker, but as mentioned everything works perfectly fine with commit https://github.com/DinoTools/dionaea/commit/be43edcbecbd69931348891c5b529854501d1030.

t3chn0m4g3 commented 7 years ago

If it helps I can run dionaea with debug logging enabled.

t3chn0m4g3 commented 7 years ago

Q: Does the cleanup job run on a per minute basis by any chance? Dionaea stops working within the timespan of max. 59 seconds.

Svenito commented 7 years ago

I have similar issues with instability with the latest nightly from the PPA. I have now reverted to 99e9cfc and things are looking a lot better.

It seems to segfault after a short while. 


/lib/x86_64-linux-gnu/libc.so.6(+0x36cb0)[0x7f79c5647cb0]
/usr/lib/x86_64-linux-gnu/libev.so.4(ev_feed_event+0x63)[0x7f79c694f4f3]
/usr/lib/x86_64-linux-gnu/libev.so.4(ev_run+0x548)[0x7f79c6951c28]
/opt/dionaea/bin/dionaea(main+0x1328)[0x40b9ca]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7f79c5632f45]
/opt/dionaea/bin/dionaea[0x409919]
ghost commented 7 years ago

Same problem also: https://github.com/DinoTools/dionaea/issues/116 : dionaea stops after several seconds.

t3chn0m4g3 commented 7 years ago

@Svenito Can confirm commit 99e9cfc is stable.

Svenito commented 7 years ago

Might be related to the cleanup timer then, which would explain why it crashes after a certain time period

ghost commented 7 years ago

@Svenito How to install it on an existing machine? Or will wait for the improvement that will appear in the PPA?

Svenito commented 7 years ago

@br1877 I followed the build instructions in the doc on an Ubuntu 14 box. Worked perfectly.

Clone the repo, checkout the 99e9cfc commit and follow the instructions after removing the PPA package

262nos commented 7 years ago

Did a little debugging on my own and apparently the cleanup loop is initialised twice in the python sip module ("init.py"). I've attached a modified init.py. That for the moment doesn't crash. init.txt

@t3chn0m4g3 Also for the nfq error starting the docker container with --privileged should fix it.

phibos commented 7 years ago

The fix from @262nos has been merged into the master branch. Thanks for all your work and comments.

@t3chn0m4g3 As @262nos mentioned. --privileged should fix your nfq error but if you don't setup iptables to send the packages into user space the module is useless and can be deactivated.

t3chn0m4g3 commented 7 years ago

@phibos Thanks, disabled nfq for now, since I am using honeytrap for that.

ghost commented 7 years ago

@Svenito Still I do not know how to do that. Following the instruction:

  1. Clone PPA master Dionaea repo. Clear.
  2. Commit - how to use it? Unclear for me.
  3. Remove PPA Dionaea. Clear.
Svenito commented 7 years ago

@br1877 once you've cloned this repo, cd into the directory you cloned it and run

git checkout 99e9cfc

Then build it as per documentation

ghost commented 7 years ago

Crap.

  1. I have followed into: https://github.com/DinoTools/dionaea/commit/99e9cfc88cfa8f3715813b18ec7006bca2622d76
  2. cd /opt and run git clone https://github.com/DinoTools/dionaea.git
  3. run git check out 9e99cfc and error fatal: Not a git repository (or any of the parent directories)
t3chn0m4g3 commented 7 years ago

@br1877 You can also try T-Pot, works on Docker, includes other honeypots as well and comes with the ELK stack.

ghost commented 7 years ago

@t3chn0m4g3 I do not want. I need a lot of Dionaea honeypots.

Svenito commented 7 years ago

@br1877 

cd ~
git clone https://github.com/DinoTools/dionaea.git
cd dionaea
git checkout 99ecfc

then follow the instructions here https://dionaea.readthedocs.io/en/latest/installation.html#from-source to configure, compile, and install it

ghost commented 7 years ago

Thanks, but still didnt works:

/opt/dionaea# git checkout 99ecfc
error: pathspec '99ecfc' did not match any file(s) known to git.
Svenito commented 7 years ago

ok, don't clone it into opt, that's why I added the cd ~ there. I got the hash wrong, it should be

git checkout 99e9cfc

ghost commented 7 years ago

Didn't help.

root@HitlerSS:~# git clone https://github.com/DinoTools/dionaea.git
Cloning into 'dionaea'...
remote: Counting objects: 10063, done.
remote: Compressing objects: 100% (10/10), done.
remote: Total 10063 (delta 7), reused 14 (delta 6), pack-reused 10047
Receiving objects: 100% (10063/10063), 1.88 MiB | 2.65 MiB/s, done.
Resolving deltas: 100% (7536/7536), done.
Checking connectivity... done.
root@nameVPS:~# cd dionaea
root@nameVPS:~/dionaea# git checkout 99ecfc
error: pathspec '99ecfc' did not match any file(s) known to git.
Svenito commented 7 years ago

99e9cfc not 99ecfc

ghost commented 7 years ago

@Svenito Right. Now seems work. But installation from source gives another errors:

sudo apt-get install \
    autoconf \
    automake \
    build-essential \
    check \
    cython3 \
    libcurl4-openssl-dev \
    libemu-dev \
    libev-dev \
    libglib2.0-dev \
    libloudmouth1-dev \
    libnetfilter-queue-dev \
    libnl-dev \
    libpcap-dev \
    libssl-dev \
    libtool \
    libudns-dev \
    python3 \
    python3-dev \
    python3-bson \
    python3-yaml

Error:

Preparing to unpack .../libemu2_0.2.0+git20120122-1.2_amd64.deb ... Unpacking libemu2 (0.2.0+git20120122-1.2) ... dpkg: error processing archive /var/cache/apt/archives/libemu2_0.2.0+git20120122-1.2_amd64.deb (--unpack): trying to overwrite '/usr/lib/libemu.so.2.0.0', which is also in package libemu 1:0.2.0+git20130410+571-0ubuntu2~trusty dpkg-deb: error: subprocess paste was killed by signal (Broken pipe) Preparing to unpack .../libemu-dev_0.2.0+git20120122-1.2_amd64.deb ... Unpacking libemu-dev (0.2.0+git20120122-1.2) ... dpkg: error processing archive /var/cache/apt/archives/libemu-dev_0.2.0+git20120122-1.2_amd64.deb (--unpack): trying to overwrite '/usr/lib/libemu.a', which is also in package libemu 1:0.2.0+git20130410+571-0ubuntu2~trusty dpkg-deb: error: subprocess paste was killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/libemu2_0.2.0+git20120122-1.2_amd64.deb /var/cache/apt/archives/libemu-dev_0.2.0+git20120122-1.2_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1)

phibos commented 7 years ago

@br1877 You might have noticed that there is a conflict with the libemu package. Try to remove conflicting package from your system and reinstall the dependencies.

@br1877 The fix has been merged into the master branch, so you can checkout the master branch and build the honeypot. The dionaea package for Ubuntu 14.04 has been rebuild last night using the latest version from the master branch. So you can also update your packages and it should be ready to go.