Closed Theory5 closed 10 years ago
desaster
commented
10 years ago This sounds strange, kippo itself shouldn't do any directory removals.
The pid file is created by twistd, and for myself I've never seen the file disappear.
Maybe try keeping the pidfile outside of /var/run/ and see if it's an issue with the underlying OS.
Theory5
commented
10 years ago Oops, I forgot to mention:
My OS is an AWS ubuntu 12.04 LTS server edition
I'll try that. I thought it was strange too, but since I implemented my script I believe kippo hasn't had this issue. No other program (Dionaea, honeyd, etc etc) seems to have the same issue.
desaster
commented
10 years ago closing this, since the problem seems to be somewhere else
Hello, I installed kippo on a honeypot instance using this script: https://github.com/andrewmichaelsmith/honeypot-setup-script
However, at what I perceive to be random intervals (usually weeks apart) kippo will delete the /kippo/ directory and pid file from /var/run/ . All logs simply say that kippo can't find the directory or pid file and therefore doesn't start (because it deleted the directory).
I wrote a small script that works for my exact instance to keep checking that it's running and fix it if it isn't. NOTE: it checks by looking for the kippo pid file in /var/run/kippo/kippo.pid
Any improvements, advice, comments etc etc are welcome and feel free to use this script as you wish. If you want to make changes or fix bugs, go for it or open an issue on my github. (Also, if you are sending STDOUT somewhere and set this up in crontab, you're probably going to get swamped with the echo "kippo is running" that I added for testing purposes. Cheers!)
https://github.com/Theory5/otherscripts/blob/master/kippoantipill.sh