dkindlund
commented
14 years ago Author: Justin UPDATE: IPv4 can be installed by linking to 2.4 kernel. However Manager still fails to start.
Open dkindlund opened 14 years ago
dkindlund
commented
14 years ago Author: Justin UPDATE: IPv4 can be installed by linking to 2.4 kernel. However Manager still fails to start.
dkindlund
commented
14 years ago Author: kindlund What version of HoneyClient are you using? 1.0.2?
dkindlund
commented
14 years ago Author: kindlund Here is some additional clarification:
{{{ 2008-10-05 17:01:44 WARN HoneyClient::Manager::_handleFault - Error occurred during processing. soap:Server: Error, could not connect to IPTABLES interface: iptables who? (do you need to insmod?) at HoneyClient/Manager/FW.pm line 1379 }}}
This error is '''not''' from the host system. In fact, it's an error that is occurring within the Firewall VM itself. This is indicated by the "soap:Server: Error..." prefix.
So, are you using '''firewall-3.tar.gz''' as the basis for your Firewall VM? Please let me know.
Regards,
-- Darien
dkindlund
commented
14 years ago Author: Justin Darien, Yes, I am using FWv3. I did have to re-ip the VM to match the new VMware NAT addresses x.x.191.128. I also made sure that the IPTables modules were loading. I was able to move a few steps forward but comms. w/ the firewall seem to continue to be an issue. Maybe not an IPTables issue?
thx, Justin
{{{ Starting new session... 2008-10-06 09:15:13 INFO HoneyClient::Manager::VM::init - Initializing VM daemon at PID: 27663 2008-10-06 09:15:13 INFO HoneyClient::Manager::VM::Clone::new - Setting VM (/home/vm/master/master.vmx) as master. 2008-10-06 09:15:13 ERROR HoneyClient::Util::SOAP::_handleFault - Error occurred during processing. 500 Server closed connection without sending any data back HoneyClient::Util::SOAP->handleFault(): Error occurred during processing. 500 Server closed connection without sending any data back at lib/HoneyClient/Util/SOAP.pm line 284. Killed }}}
I see a series of TCP FIN's from the Firewall VM just before this fails, after SOAP sends "allowAllTraffic"
dkindlund
commented
14 years ago Author: xkovah I think there may be two different issues occuring here.
With respect to the apparent installation failture of IPTables::IPv4, I believe that the perl package has grown somewhat stale, and may not support the newest versions of iptables. I have it working on an Ubuntu 7.03 system, which uses iptables v1.3.6. What system and version of iptables are you using?
Darien: IPTables::IPv4 not seeming to be activly maintained was an issue I had identified when I had previously tried to make a new, smaller, firewall VM. I had also tried to migrate to IPTables::libiptc at the same time, but since the VM in general wasn't working, that change didn't get made. I'll make sure I put in a ticket.
The second issue is that you say you're getting FINs back from the communication which is sent at the firewall. Can you confirm that the SOAP listener is listening on port 8083 (at least that's what it is on my system) by either
a) from the host linux, "telnet
b) log on to the vm and do "ps aux | grep start" and you should see a perl process running /hc/bin/fw/startFWListener.pl in which case, again, it should be running (and of course you can double check by doing "netstat -an | grep 8083" to make sure it's listening on the right IP)
Xeno
dkindlund
commented
14 years ago Author: kindlund Replying to [comment:4 Justin]:
Darien, Yes, I am using FWv3. I did have to re-ip the VM to match the new VMware NAT addresses x.x.191.128. I also made sure that the IPTables modules were loading. I was able to move a few steps forward but comms. w/ the firewall seem to continue to be an issue. Maybe not an IPTables issue?
Hi Justin,
Yeah, I don't think this is an IPTables issue. The Firewall v3 VM should function just fine -- as is. In other words, there should be no need to update/change any of the code inside the VM. For example, if you tried to do a CPAN upgrade of the FWv3, then I could see (perhaps) the newer versions of the IPTables codebase causing compatibility problems.
So, if all you changed was the IP address of the FWv3 VM, then I would look at that, first.
Specifically, most of the HoneyClient code base '''assumes''' the following network architecture:
http://www.honeyclient.org/trac/wiki/UserGuide#ConfigureVMwareServer
If you decide to '''NOT''' use these IP addresses, then there are a variety of other locations in the code that you'll have to change (not just the etc/honeyclient.xml file). For example, you'll have to update /etc/vmware/vmnet1/dhcpd/dhcpd.conf on the host system.
To reconcile all the suggestions made so far, try Xeno's suggestions and paste the output in this ticket. Moreover, as a test comparison, I'd suggest you revert the IP addressing scheme back to the original scheme and then test to see if you still run into these problems. If the problems disappear, then the IP addressing scheme is the issue; otherwise, we can try to troubleshoot further.
-- Darien
dkindlund
commented
14 years ago Author: Justin Darien/Xeno,
I gave it a shot. I reverted to the default untouched FWv3 and I reconfigured the VMware interfaces. Same error. Again, the manager can connect to the FW without a problem, and the FW was able to pull the svn updates.
I'll upload the debug trace in a few minutes.
Starting new session... 2008-10-06 11:22:29 INFO HoneyClient::Manager::VM::init - Initializing VM daemon at PID: 5860 2008-10-06 11:22:30 INFO HoneyClient::Manager::VM::Clone::new - Setting VM (/home/vm/master/master.vmx) as master. 2008-10-06 11:22:30 ERROR HoneyClient::Util::SOAP::_handleFault - Error occurred during processing. 500 Server closed connection without sending any data back HoneyClient::Util::SOAP->handleFault(): Error occurred during processing. 500 Server closed connection without sending any data back at lib/HoneyClient/Util/SOAP.pm line 284. Killed
dkindlund
commented
14 years ago Author: Justin Consolidated Mgr/FW logs:
{{{ Oct 6 12:10:43 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_set_ip_forwarding - Entering _set_ip_forwarding() function Oct 6 12:10:43 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_set_ip_forwarding - Setting /proc/sys/net/ipv4/ip_forward to 0 Oct 6 12:10:43 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_setAcceptPolicy - Setting all chains to ACCEPT policy Oct 6 12:10:43 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_setAcceptPolicy - Setting INPUT to ACCEPT policy now Oct 6 12:10:43 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_setAcceptPolicy - Setting FORWARD to ACCEPT policy now Oct 6 12:10:43 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_setAcceptPolicy - Setting OUTPUT to ACCEPT policy now Oct 6 12:10:43 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_setAcceptPolicy - Setting PREROUTING to ACCEPT policy now Oct 6 12:10:43 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_setAcceptPolicy - Setting POSTROUTING to ACCEPT policy now Oct 6 12:10:43 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_setAcceptPolicy - Setting OUTPUT to ACCEPT policy now Oct 6 12:10:43 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_flushChains - Flushing iptables chains Oct 6 12:10:43 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_flushChains - Flushing INPUT entry in filter table Oct 6 12:10:43 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_flushChains - Flushing FORWARD entry in filter table Oct 6 12:10:43 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_flushChains - Flushing OUTPUT entry in filter table Oct 6 12:10:43 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_flushChains - Flushing PREROUTING entry in nat table Oct 6 12:10:43 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_flushChains - Flushing POSTROUTING entry in nat table Oct 6 12:10:43 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_flushChains - Flushing OUTPUT entry in nat table Oct 6 12:10:44 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_set_ip_forwarding - Entering _set_ip_forwarding() function Oct 6 12:10:44 10.10.0.254 /hc/startFWListener.pl: INFO HoneyClient::Manager::FW::_set_ip_forwarding - Setting /proc/sys/net/ipv4/ip_forward to 1 Oct 6 12:10:45 10.10.0.1 bin/StartManager.pl: INFO HoneyClient::Manager::VM::init - Initializing VM daemon at PID: 8699 Oct 6 12:10:45 10.10.0.1 bin/StartManager.pl: INFO HoneyClient::Manager::VM::Clone::new - Setting VM (/home/vm/master/master.vmx) as master. Oct 6 12:10:45 10.10.0.1 bin/StartManager.pl: ERROR HoneyClient::Util::SOAP::_handleFault - Error occurred during processing. 500 Server closed connection without sending any data back
}}}
dkindlund
commented
14 years ago Author: kindlund Hi Justin,
To be clear, you're using the latest release version of the code (1.0.2) -- correct?
-- Darien
dkindlund
commented
14 years ago Author: xkovah And I still need to know what version of iptables you have installed on the host linux system (the one on which the manager runs).
Xeno
dkindlund
commented
14 years ago Author: kindlund Actually, I'm pretty sure IPTables isn't used by any code running on the host system -- it's just used by the Firewall VM. So that shouldn't matter.
Justin, this error looks to be something specific with the VM SOAP server that automatically runs on the host system every time you start up the Manager.
Here's what I need you to do on the '''host system''':
ps aux command to this ticket.{{{ cd ~/honeyclient perl -Ilib t/honeyclient_manager_vm.t }}}
When prompted, answer '''yes''' to all questions and paste the output to this ticket.
-- Darien
dkindlund
commented
14 years ago Author: justin Yeah 1.0.2 I downloaded the latest version Friday.
iptables -v iptables v1.4.0:
IPTables::IPv4 .0.98
{{{
ok 1 - use ExtUtils::MakeMaker; ok 2 - use Log::Log4perl; ok 3 - use HoneyClient::Util::Config; ok 4 - use HoneyClient::Manager::VM; ok 5 - use HoneyClient::Util::SOAP; ok 6 - use File::Basename; ok 7 - use File::Copy::Recursive; ok 8 - use Data::Dumper; ok 9 - use File::stat; ok 10 - use Digest::MD5; ok 11 - use DateTime::HiRes; ok 12 - use Fcntl; ok 13 - use VMware::VmPerl; ok 14 - use VMware::VmPerl::Server; ok 15 - use VMware::VmPerl::ConnectParams; ok 16 - use VMware::VmPerl::VM; ok 17 - use VMware::VmPerl::Question; ok 18 - use threads; ok 19 - use threads::shared; ok 20 - use Thread::Queue; ok 21 - use Thread::Semaphore; ok 22 - require ExtUtils::MakeMaker; ok 23 - ExtUtils::MakeMaker->can('prompt')
ok 24 - require Log::Log4perl; ok 25 - require HoneyClient::Util::Config; ok 26 - HoneyClient::Util::Config->can('getVar') ok 27 - require HoneyClient::Manager::VM; ok 28 - HoneyClient::Manager::VM->can('init') ok 29 - HoneyClient::Manager::VM->can('destroy') ok 30 - require HoneyClient::Util::SOAP; ok 31 - HoneyClient::Util::SOAP->can('getServerHandle') ok 32 - HoneyClient::Util::SOAP->can('getClientHandle') ok 33 - require File::Basename; ok 34 - File::Basename->can('dirname') ok 35 - File::Basename->can('basename') ok 36 - require File::Copy::Recursive; ok 37 - File::Copy::Recursive->can('dircopy') ok 38 - File::Copy::Recursive->can('pathrmdir') ok 39 - require Data::Dumper; ok 40 - require File::stat; ok 41 - require Digest::MD5; ok 42 - Digest::MD5->can('md5_hex') ok 43 - require DateTime::HiRes; ok 44 - require Fcntl; ok 45 - require VMware::VmPerl; ok 46 - require VMware::VmPerl::Server; ok 47 - require VMware::VmPerl::ConnectParams; ok 48 - require VMware::VmPerl::VM; ok 49 - require VMware::VmPerl::Question; ok 50 - require threads; ok 51 - require threads::shared; ok 52 - require Thread::Queue; ok 53 - require Thread::Semaphore;
ok 54 - init() ok 55 - destroy() not ok 56 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 57 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 58 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 59 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 60 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 61 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 62 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 63 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 64 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 65 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 66 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 67 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 68 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 69 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 70 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 71 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 72 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 73 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 74 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
not ok 75 - HoneyClient::Util::SOAP->handleFault(): Error occurred during processing.
1..75
}}}
dkindlund
commented
14 years ago Author: kindlund Okay, so we've confirmed that it's a problem with the VM SOAP server.
Justin, I still need the "ps aux" printout of your host system '''after''' you've killed off any lingering Manager-related perl processes. I'll also need a printout of the "netstat -an" command after these processes are dead.
-- Darien
dkindlund
commented
14 years ago Author: anonymous
{{{
SigmaApex honeyclient # ps -aux
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 1592 548 ? Ss Oct04 0:01 init [3]
root 2 0.0 0.0 0 0 ? S< Oct04 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S< Oct04 0:00 [migration/0]
root 4 0.0 0.0 0 0 ? S< Oct04 0:48 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< Oct04 0:00 [watchdog/0]
root 6 0.0 0.0 0 0 ? S< Oct04 0:00 [migration/1]
root 7 0.0 0.0 0 0 ? S< Oct04 0:08 [ksoftirqd/1]
root 8 0.0 0.0 0 0 ? S< Oct04 0:00 [watchdog/1]
root 9 0.0 0.0 0 0 ? S< Oct04 0:01 [events/0]
root 10 0.0 0.0 0 0 ? S< Oct04 0:00 [events/1]
root 11 0.0 0.0 0 0 ? S< Oct04 0:00 [khelper]
root 87 0.0 0.0 0 0 ? S< Oct04 0:01 [kblockd/0]
root 88 0.0 0.0 0 0 ? S< Oct04 0:00 [kblockd/1]
root 91 0.0 0.0 0 0 ? S< Oct04 0:00 [kacpid]
root 92 0.0 0.0 0 0 ? S< Oct04 0:00 [kacpi_notify]
root 179 0.0 0.0 0 0 ? S< Oct04 0:00 [ata/0]
root 180 0.0 0.0 0 0 ? S< Oct04 0:00 [ata/1]
root 181 0.0 0.0 0 0 ? S< Oct04 0:00 [ata_aux]
root 183 0.0 0.0 0 0 ? S< Oct04 0:00 [ksuspend_usbd]
root 188 0.0 0.0 0 0 ? S< Oct04 0:00 [khubd]
root 191 0.0 0.0 0 0 ? S< Oct04 0:00 [kseriod]
root 199 0.0 0.0 0 0 ? S< Oct04 0:00 [kmmcd]
root 204 0.0 0.0 0 0 ? S< Oct04 0:00 [btaddconn]
root 205 0.0 0.0 0 0 ? S< Oct04 0:00 [btdelconn]
root 254 0.0 0.0 0 0 ? S< Oct04 0:06 [kswapd0]
root 299 0.0 0.0 0 0 ? S< Oct04 0:00 [aio/0]
root 300 0.0 0.0 0 0 ? S< Oct04 0:00 [aio/1]
root 972 0.0 0.0 0 0 ? S< Oct04 0:00 [sony-laptop]
root 1002 0.0 0.0 0 0 ? S< Oct04 0:00 [scsi_eh_0]
root 1004 0.0 0.0 0 0 ? S< Oct04 0:00 [scsi_eh_1]
root 1021 0.0 0.0 0 0 ? S< Oct04 0:00 [khpsbpkt]
root 1030 0.0 0.0 0 0 ? S< Oct04 0:00 [knodemgrd_0]
root 1034 0.0 0.0 0 0 ? S< Oct04 0:00 [pccardd]
root 1094 0.0 0.0 0 0 ? S< Oct04 0:00 [scsi_eh_2]
root 1095 0.0 0.0 0 0 ? S< Oct04 0:01 [usb-storage]
root 1113 0.0 0.0 0 0 ? S< Oct04 0:00 [kpsmoused]
root 1130 0.0 0.0 0 0 ? S< Oct04 0:00 [kondemand/0]
root 1131 0.0 0.0 0 0 ? S< Oct04 0:00 [kondemand/1]
root 1160 0.0 0.0 0 0 ? S< Oct04 0:00 [rpciod/0]
root 1161 0.0 0.0 0 0 ? S< Oct04 0:00 [rpciod/1]
root 1167 0.0 0.0 0 0 ? S< Oct04 0:00 [reiserfs/0]
root 1168 0.0 0.0 0 0 ? S< Oct04 0:00 [reiserfs/1]
root 1360 0.0 0.0 1980 632 ? S<s Oct04 0:00 /sbin/udevd --daemon
root 2533 0.0 0.0 0 0 ? S< Oct04 0:02 [iwl3945/0]
root 2534 0.0 0.0 0 0 ? S< Oct04 0:00 [iwl3945/1]
root 2536 0.0 0.0 0 0 ? S< Oct04 0:18 [iwl3945]
root 2553 0.0 0.0 0 0 ? S< Oct04 0:00 [tifm]
root 2592 0.0 0.0 0 0 ? S< Oct04 0:00 [kmemstick]
root 3440 0.0 0.0 1588 564 ? Ss Oct04 0:00 /usr/sbin/acpid
101 3620 0.0 0.0 2440 1152 ? Ss Oct04 0:01 /usr/bin/dbus-daemon --system
root 3680 0.0 0.0 1924 772 ? Ss Oct04 0:00 hcid: processing events
root 3749 0.0 0.0 0 0 ? S 11:07 0:01 [pdflush]
root 4509 0.0 0.0 1756 568 ? Ss Oct04 0:04 /sbin/dhcpcd -h SigmaApex -N -Y eth0
root 4594 0.1 1.8 85852 39100 ? Ssl 11:08 0:12 /usr/lib/vmware/bin/vmware-hostd -a -d -u /etc/vmware/hostd/config.xml
root 4951 0.0 0.0 4092 1900 ? Ss Oct04 0:09 /sbin/wpa_supplicant -w -Dwext -u -dd -c/etc/wpa_supplicant/wpa_supplicant.conf -W -W -B -iwlan0 -P/var/run/wpa_su
root 4962 0.0 0.0 2084 432 ? Ss Oct04 0:02 /bin/wpa_cli -a/etc/wpa_supplicant/wpa_cli.sh -p/var/run/wpa_supplicant -iwlan0 -P/var/run/wpa_cli-wlan0.pid -B
neuro 5534 0.0 0.7 47316 15724 pts/1 S 11:11 0:00 /home/neuro/.mozilla/firefox/bwty4u0g.default/extensions/VMwareVMRC@vmware.com/plugins/bin/../bin/vmware-vmrc-daem
102 5847 0.0 0.1 5012 3272 ? Ss Oct04 0:03 /usr/sbin/hald --use-syslog --verbose=no
root 5848 0.0 0.0 3076 1036 ? S Oct04 0:00 hald-runner
neuro 5849 0.0 0.7 47316 15724 pts/1 S Oct05 0:04 /home/neuro/.mozilla/firefox/bwty4u0g.default/extensions/VMwareVMRC@vmware.com/plugins/bin/../bin/vmware-vmrc-daem
root 5854 0.0 0.0 3140 1012 ? S Oct04 0:02 hald-addon-input: Listening on /dev/input/event1 /dev/input/event0 /dev/input/event2 /dev/input/event3 /dev/input/
root 5856 0.0 0.0 3152 988 ? S Oct04 0:00 /usr/libexec/hald-addon-cpufreq
102 5857 0.0 0.0 2068 940 ? S Oct04 0:00 hald-addon-acpi: listening on acpid socket /var/run/acpid.socket
root 5859 0.0 0.0 3144 1016 ? S Oct04 0:29 hald-addon-storage: polling /dev/hda (every 2 sec)
root 5868 0.0 0.0 3144 1012 ? S Oct04 0:05 hald-addon-storage: polling /dev/sdb (every 2 sec)
root 6078 0.0 0.0 11392 1736 ? Ss Oct04 0:00 /usr/bin/gdm
root 6085 0.0 0.1 11868 2868 ? S Oct04 0:00 /usr/bin/gdm
root 6101 1.3 2.9 68332 60960 tty7 SLs+ Oct04 35:20 /usr/bin/X :0 -audit 0 -auth /var/gdm/:0.Xauth -nolisten tcp vt7
root 6144 0.0 0.0 4132 916 ? Ss Oct04 0:00 /usr/sbin/sshd
root 6207 0.0 0.0 1864 704 ? Ss Oct04 0:00 /usr/sbin/cron
root 6274 0.0 0.0 1724 744 tty1 Ss+ Oct04 0:00 /sbin/agetty 38400 tty1 linux
root 6275 0.0 0.0 1724 744 tty2 Ss+ Oct04 0:00 /sbin/agetty 38400 tty2 linux
root 6276 0.0 0.0 1724 748 tty3 Ss+ Oct04 0:00 /sbin/agetty 38400 tty3 linux
root 6277 0.0 0.0 1724 748 tty4 Ss+ Oct04 0:00 /sbin/agetty 38400 tty4 linux
root 6278 0.0 0.0 1724 744 tty5 Ss+ Oct04 0:00 /sbin/agetty 38400 tty5 linux
root 6279 0.0 0.0 1724 740 tty6 Ss+ Oct04 0:00 /sbin/agetty 38400 tty6 linux
root 6385 0.0 0.0 2916 1096 ? Ss 11:36 0:00 /usr/sbin/syslog-ng
neuro 6914 0.0 0.5 38756 10668 ? Ssl Oct04 0:00 gnome-session
neuro 6930 0.0 0.0 2920 656 ? S Oct04 0:00 /usr/bin/dbus-launch --sh-syntax --exit-with-session
neuro 6931 0.0 0.0 2256 892 ? Ss Oct04 0:00 /usr/bin/dbus-daemon --fork --print-pid 6 --print-address 9 --session
neuro 6934 0.0 0.0 3680 504 ? Ss Oct04 0:00 /usr/bin/ssh-agent -- gnome-session
neuro 6937 0.0 0.1 4412 2860 ? S Oct04 0:01 /usr/libexec/gconfd-2 6
neuro 6939 0.0 0.1 13000 2080 ? S Oct04 0:00 /usr/bin/gnome-keyring-daemon
neuro 6942 0.0 0.4 37508 9004 ? Sl Oct04 0:19 /usr/libexec/gnome-settings-daemon
neuro 6954 0.0 0.4 14384 9188 ? S Oct04 0:43 metacity --sm-client-id 110a01010f000119617622500000084520000
neuro 6956 0.1 0.9 38228 20256 ? S Oct04 3:01 gnome-panel --sm-config-prefix /gnome-panel-Uvt02n/ --sm-client-id 110a01010f000119004609200000067000000 --screen
neuro 6957 0.0 1.0 66296 21192 ? Sl Oct04 0:07 nautilus --sm-config-prefix /nautilus-jINSgw/ --sm-client-id 110a01010f000119004609300000067000002 --screen 0 --lo
neuro 6959 0.0 0.1 39604 2976 ? Ssl Oct04 0:00 /usr/libexec/bonobo-activation-server --ac-activate --ior-output-fd=16
neuro 6961 0.0 1.7 69128 36580 ? Rl Oct04 2:24 gnome-terminal --sm-config-prefix /gnome-terminal-MbO8Ap/ --sm-client-id 1073162ae0000119004959100000063130008 --s
neuro 6962 0.4 0.4 24764 8696 ? S Oct04 11:50 gkrellm2 --sm-client-id 110a01010f000119005016300000063130000
neuro 6965 0.0 0.0 3624 1772 ? S Oct04 0:00 /usr/libexec/gvfsd
neuro 6974 0.0 0.4 40108 9844 ? S Oct04 0:00 nm-applet --sm-disable
neuro 6985 0.0 0.1 12268 2404 ? S Oct04 0:00 /usr/libexec/gvfsd-trash --spawner :1.4 /org/gtk/gvfs/exec_spaw/0
neuro 7002 0.0 0.5 64252 10632 ? S Oct04 0:00 /usr/libexec/gweather-applet-2 --oaf-activate-iid=OAFIID:GNOME_GWeatherApplet_Factory --oaf-ior-fd=21
neuro 7005 0.0 0.3 18208 7800 ? S Oct04 1:02 /usr/libexec/multiload-applet-2 --oaf-activate-iid=OAFIID:GNOME_MultiLoadApplet_Factory --oaf-ior-fd=27
neuro 7012 0.0 0.4 19156 9476 ? S Oct04 0:21 /usr/libexec/cpufreq-applet --oaf-activate-iid=OAFIID:GNOME_CPUFreqApplet_Factory --oaf-ior-fd=33
neuro 7014 0.0 0.5 40384 11100 ? Sl Oct04 0:50 /usr/libexec/mixer_applet2 --oaf-activate-iid=OAFIID:GNOME_MixerApplet_Factory --oaf-ior-fd=39
neuro 7016 0.0 0.4 19112 9640 ? S Oct04 0:00 /usr/libexec/battstat-applet-2 --oaf-activate-iid=OAFIID:GNOME_BattstatApplet_Factory --oaf-ior-fd=45
neuro 7018 0.0 0.0 2620 720 ? S Oct04 0:00 gnome-pty-helper
neuro 7019 0.0 0.0 2988 1572 pts/0 Ss Oct04 0:00 -bash
neuro 7023 0.0 0.0 2988 1600 pts/1 Ss Oct04 0:00 -bash
neuro 7025 0.0 0.0 2988 1580 pts/2 Ss Oct04 0:00 -bash
neuro 7027 0.0 0.0 2988 1584 pts/3 Ss+ Oct04 0:00 -bash
root 7045 0.0 0.0 2344 1116 pts/0 S Oct04 0:00 su -l
root 7048 0.0 0.0 2856 1632 pts/0 S Oct04 0:00 -su
neuro 7060 0.0 0.0 2516 1148 pts/1 S Oct04 0:00 /bin/sh /usr/lib/mozilla-firefox/firefox https://127.0.0.1:8333
neuro 7064 0.0 0.0 2516 1176 pts/1 S Oct04 0:00 /bin/sh /usr/lib/mozilla-firefox/run-mozilla.sh /usr/lib/mozilla-firefox/firefox-bin https://127.0.0.1:8333
neuro 7069 4.0 5.3 235664 110184 pts/1 Sl Oct04 104:48 /usr/lib/mozilla-firefox/firefox-bin
root 7389 0.0 0.0 1892 440 ? Ss 11:56 0:00 /usr/bin/vmnet-bridge -d /var/run/vmnet-bridge-0.pid -n 0 -i wlan0
root 7400 0.0 0.0 2396 420 ? Ss 11:56 0:00 /usr/bin/vmnet-dhcpd -cf /etc/vmware/vmnet1/dhcpd/dhcpd.conf -lf /etc/vmware/vmnet1/dhcpd/dhcpd.leases -pf /var/ru
root 7417 0.0 0.0 2396 420 ? Ss 11:56 0:00 /usr/bin/vmnet-dhcpd -cf /etc/vmware/vmnet8/dhcpd/dhcpd.conf -lf /etc/vmware/vmnet8/dhcpd/dhcpd.leases -pf /var/ru
root 7422 0.0 0.0 2360 648 ? Ss 11:56 0:01 /usr/bin/vmnet-natd -d /var/run/vmnet-natd-8.pid -m /var/run/vmnet-natd-8.mac -c /etc/vmware/vmnet8/nat/nat.conf
root 7681 0.0 0.0 2648 736 ? Ss 11:56 0:00 /usr/sbin/vmware-authdlauncher
root 7689 0.0 0.0 2520 1176 pts/2 S 11:56 0:00 /bin/sh /usr/bin/vmware-watchdog -s webAccess -u 30 -q 5 /usr/lib/vmware/webAccess/java/jre1.5.0_15/bin/webAccess
root 7698 0.3 3.2 265004 68116 ? Ssl 11:56 0:16 /usr/lib/vmware/webAccess/java/jre1.5.0_15/bin/webAccess -client -Xmx64m -XX:MinHeapFreeRatio=30 -XX:MaxHeapFreeRa
root 7813 0.0 0.0 1868 264 ? Ss 11:56 0:00 /usr/bin/vmnet-netifup -d /var/run/vmnet-netifup-vmnet8.pid /dev/vmnet8 vmnet8
root 7819 0.0 0.0 1868 264 ? Ss 11:56 0:00 /usr/bin/vmnet-netifup -d /var/run/vmnet-netifup-vmnet1.pid /dev/vmnet1 vmnet1
root 7918 4.8 13.8 501668 286684 ? Ssl 11:58 4:10 /usr/lib/vmware/bin/vmware-vmx -# product=2;name=VMware Server;version=2.0.0;buildnumber=116503;licensename=VMware
neuro 7922 0.0 1.8 77724 38380 pts/1 S 11:58 0:02 /home/neuro/.mozilla/firefox/bwty4u0g.default/extensions/VMwareVMRC@vmware.com/plugins/bin/vmware-vmrc -h 127.0.0.
root 8061 0.0 0.0 2344 1116 pts/1 S Oct05 0:00 su -l
root 8309 0.0 0.0 2852 1592 pts/1 S Oct05 0:00 -su
neuro 8326 0.0 0.7 47188 15708 pts/1 S 11:58 0:00 /home/neuro/.mozilla/firefox/bwty4u0g.default/extensions/VMwareVMRC@vmware.com/plugins/bin/../bin/vmware-vmrc-daem
root 8327 0.4 0.0 0 0 ? S 11:58 0:23 [vmware-rtc]
neuro 8332 0.1 0.3 31148 7792 pts/1 S 11:58 0:06 /home/neuro/.mozilla/firefox/bwty4u0g.default/extensions/VMwareVMRC@vmware.com/plugins/bin/vmware-remotemks -@ vmd
root 8471 0.0 0.0 0 0 ? S 12:03 0:00 [pdflush]
root 10714 0.0 0.0 2220 892 pts/0 R+ 13:25 0:00 ps -aux
mysql 12163 0.0 1.4 135972 29764 ? Ssl Oct05 0:26 /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/var/run/mys
root 12201 0.0 1.5 34300 31904 pts/1 S+ Oct05 0:02 ruby script/server -e production
root 14838 0.0 0.0 2344 1120 pts/2 S Oct05 0:00 su -l
root 14843 0.0 0.0 2856 1616 pts/2 S+ Oct05 0:00 -su
neuro 17810 0.0 0.0 2988 1576 pts/5 Ss Oct05 0:00 -bash
root 17818 0.0 0.0 2344 1116 pts/5 S Oct05 0:00 su -l
root 17821 0.0 0.0 2856 1676 pts/5 S+ Oct05 0:00 -su
root 25746 0.0 0.0 1756 276 ? Ss Oct05 0:00 /sbin/dhcpcd -h SigmaApex -N -Y -m 2000 wlan0
}}}
{{{
SigmaApex honeyclient # netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:902 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8333 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8307 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8222 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8307 127.0.0.1:53173 ESTABLISHED
tcp 0 0 127.0.0.1:53173 127.0.0.1:8307 ESTABLISHED
tcp 0 0 127.0.0.1:49947 127.0.0.1:3306 ESTABLISHED
tcp 0 0 127.0.0.1:8307 127.0.0.1:53174 ESTABLISHED
tcp 0 0 127.0.0.1:53174 127.0.0.1:8307 ESTABLISHED
tcp 0 0 127.0.0.1:8333 127.0.0.1:37600 ESTABLISHED
tcp 1 0 127.0.0.1:8307 127.0.0.1:40923 CLOSE_WAIT
tcp 0 0 127.0.0.1:8222 127.0.0.1:54311 ESTABLISHED
tcp 0 0 127.0.0.1:3306 127.0.0.1:49947 ESTABLISHED
tcp 0 0 127.0.0.1:37552 127.0.0.1:8333 ESTABLISHED
tcp 0 0 127.0.0.1:37555 127.0.0.1:8333 ESTABLISHED
tcp 0 0 127.0.0.1:8307 127.0.0.1:53170 ESTABLISHED
tcp 1 0 127.0.0.1:8307 127.0.0.1:51311 CLOSE_WAIT
tcp 1 0 127.0.0.1:8307 127.0.0.1:54820 CLOSE_WAIT
tcp 0 0 127.0.0.1:37554 127.0.0.1:8333 ESTABLISHED
tcp 0 0 127.0.0.1:53170 127.0.0.1:8307 ESTABLISHED
tcp 1 0 127.0.0.1:8307 127.0.0.1:44019 CLOSE_WAIT
tcp 0 0 127.0.0.1:8333 127.0.0.1:37554 ESTABLISHED
tcp 0 0 127.0.0.1:8307 127.0.0.1:49192 ESTABLISHED
tcp 0 0 127.0.0.1:53847 127.0.0.1:8308 ESTABLISHED
tcp 0 0 127.0.0.1:49192 127.0.0.1:8307 ESTABLISHED
tcp 0 0 127.0.0.1:8333 127.0.0.1:37552 ESTABLISHED
tcp 0 0 127.0.0.1:37600 127.0.0.1:8333 ESTABLISHED
tcp 0 0 127.0.0.1:8333 127.0.0.1:37555 ESTABLISHED
tcp 1 0 127.0.0.1:8307 127.0.0.1:52715 CLOSE_WAIT
tcp6 0 0 127.0.0.1:8005 :::* LISTEN
tcp6 0 0 :::8009 :::* LISTEN
tcp6 0 0 :::8308 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 127.0.0.1:54311 127.0.0.1:8222 ESTABLISHED
tcp6 0 0 127.0.0.1:8308 127.0.0.1:53842 TIME_WAIT
tcp6 0 0 127.0.0.1:8308 127.0.0.1:53847 ESTABLISHED
udp 0 0 0.0.0.0:514 0.0.0.0:*
raw 0 0 0.0.0.0:1 0.0.0.0:* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 1711979 /var/run/vmware/root_0/1223308730521701_7918/ui-fd
unix 2 [ ACC ] STREAM LISTENING 1711983 /var/run/vmware/root_0/1223308730521701_7918/mks-fd
unix 2 [ ACC ] STREAM LISTENING 721538 /var/run/mysqld/mysqld.sock
unix 2 [ ] DGRAM 8312 /tmp/wpa_ctrl_4961-0
unix 2 [ ACC ] STREAM LISTENING 1711986 /var/run/vmware/root_0/1223308730521701_7918/vmx-vmdb-fd
unix 3 [ ] DGRAM 8308 /var/run/wpa_supplicant/wlan0
unix 2 [ ACC ] STREAM LISTENING 12048 /tmp/orbit-neuro/linc-1b02-0-2a556cce9559a
unix 2 [ ACC ] STREAM LISTENING 12583 /tmp/orbit-neuro/linc-1b2d-0-315a99bba8f39
unix 2 [ ACC ] STREAM LISTENING 12878 /tmp/orbit-neuro/linc-1b31-0-17ddae161138d
unix 2 [ ACC ] STREAM LISTENING 12892 /tmp/orbit-neuro/linc-1b3e-0-520f5a64310e
unix 2 [ ACC ] STREAM LISTENING 12896 /tmp/orbit-neuro/linc-1b2f-0-60ac753d8bc45
unix 2 [ ACC ] STREAM LISTENING 13358 /tmp/orbit-neuro/linc-1b5d-0-4d91084be6e0b
unix 2 [ ACC ] STREAM LISTENING 13374 /tmp/orbit-neuro/linc-1b64-0-783d6661e8a8b
unix 2 [ ACC ] STREAM LISTENING 13390 /tmp/orbit-neuro/linc-1b66-0-59ec408eeaf90
unix 2 [ ACC ] STREAM LISTENING 13407 /tmp/orbit-neuro/linc-1b68-0-161a94fc8759
unix 2 [ ACC ] STREAM LISTENING 1684232 /var/run/vmware/proxy-mob
unix 2 [ ACC ] STREAM LISTENING 12236 /tmp/.ICE-unix/6914
unix 2 [ ACC ] STREAM LISTENING 1712074 /var/run/vmware/root_0/1223308730521701_7918/remoteDevice-fd
unix 2 [ ACC ] STREAM LISTENING 1050642 /tmp/vmware-neuro/vmplayer-daemon-:0.0
unix 2 [ ACC ] STREAM LISTENING 13339 /tmp/orbit-neuro/linc-1b5a-0-3639cd39dcd0d
unix 2 [ ACC ] STREAM LISTENING 1709972 /var/run/vmnat.7422
unix 2 [ ACC ] STREAM LISTENING 1712594 /tmp/vmware-neuro/vmplayer-daemon-:0.0
unix 2 [ ACC ] STREAM LISTENING 12250 /tmp/orbit-neuro/linc-1b1a-0-170bac6437ec1
unix 2 [ ACC ] STREAM LISTENING 6284 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 22685 /tmp/orbit-neuro/linc-1b9d-0-16e930d0229ec
unix 2 [ ACC ] STREAM LISTENING 9266 @/var/run/hald/dbus-sImILZv7Bl
unix 2 [ ACC ] STREAM LISTENING 12286 /tmp/orbit-neuro/linc-1b1e-0-3f73ba974dec8
unix 2 [ ACC ] STREAM LISTENING 12490 /tmp/orbit-neuro/linc-1b2a-0-702efed544eb8
unix 2 [ ACC ] STREAM LISTENING 1684204 /var/run/vmware/proxy-webserver
unix 2 [ ] DGRAM 374 @/org/kernel/udev/udevd
unix 2 [ ACC ] STREAM LISTENING 6550 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 12005 /tmp/ssh-OSeYaq6914/agent.6914
unix 2 [ ] DGRAM 9292 @/org/freedesktop/hal/udev_event
unix 2 [ ACC ] STREAM LISTENING 1686720 /tmp/vmware-neuro/vmplayer-daemon-:0.0
unix 2 [ ACC ] STREAM LISTENING 12255 /tmp/keyring-t2lfMq/socket
unix 2 [ ACC ] STREAM LISTENING 12038 /tmp/orbit-neuro/linc-1b19-0-1754b09d94b69
unix 2 [ ACC ] STREAM LISTENING 1699762 /dev/log
unix 2 [ ACC ] STREAM LISTENING 1684195 /var/run/vmware/root_0/1223305731253704_4594/ha-nfc-fd
unix 2 [ ACC ] STREAM LISTENING 1684202 /var/run/vmware/root_0/1223305731253704_4594/ha-nfcssl-fd
unix 2 [ ACC ] STREAM LISTENING 9263 @/var/run/hald/dbus-8ReLB7lvwd
unix 2 [ ACC ] STREAM LISTENING 1684230 /var/run/vmware/root_0/1223305731253704_4594/hostd-vmdb-fd
unix 2 [ ACC ] STREAM LISTENING 12532 /tmp/orbit-neuro/linc-1b2c-0-55477f8063af2
unix 2 [ ACC ] STREAM LISTENING 11998 @/tmp/dbus-Rfb6Siftkh
unix 2 [ ACC ] STREAM LISTENING 9777 /var/run/gdm_socket
unix 2 [ ACC ] STREAM LISTENING 9924 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 12257 /tmp/keyring-t2lfMq/ssh
unix 2 [ ACC ] STREAM LISTENING 1711963 /var/run/vmware/root_0/1223308730521701_7918/testAutomation-fd
unix 2 [ ACC ] STREAM LISTENING 1711975 /var/run/vmware/root_0/1223308730521701_7918/servercontrol-fd
unix 2 [ ACC ] STREAM LISTENING 12259 /tmp/keyring-t2lfMq/socket.pkcs11
unix 2 [ ACC ] STREAM LISTENING 1711977 /var/run/vmware/root_0/1223308730521701_7918/control-fd
unix 3 [ ] STREAM CONNECTED 1712846 /tmp/vmware-neuro/vmplayer-daemon-:0.0
unix 3 [ ] STREAM CONNECTED 1712845
unix 3 [ ] STREAM CONNECTED 1712762 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 1712761
unix 3 [ ] STREAM CONNECTED 1712682
unix 3 [ ] STREAM CONNECTED 1712681
unix 3 [ ] STREAM CONNECTED 1712680
unix 3 [ ] STREAM CONNECTED 1712679
unix 3 [ ] STREAM CONNECTED 1712619
unix 3 [ ] STREAM CONNECTED 1712618
unix 3 [ ] STREAM CONNECTED 1712586 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 1712585
unix 3 [ ] STREAM CONNECTED 1712503 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 1712502
unix 3 [ ] STREAM CONNECTED 1712462 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 1712461
unix 3 [ ] STREAM CONNECTED 1712102
unix 3 [ ] STREAM CONNECTED 1712101
unix 3 [ ] STREAM CONNECTED 1711957 /tmp/vmhsdaemon-0/vmxd90f296361536f35
unix 3 [ ] STREAM CONNECTED 1711956
unix 3 [ ] STREAM CONNECTED 1709944 /dev/log
unix 3 [ ] STREAM CONNECTED 1709943
unix 3 [ ] STREAM CONNECTED 1709921 /dev/log
unix 3 [ ] STREAM CONNECTED 1709920
unix 3 [ ] STREAM CONNECTED 1709909 /dev/log
unix 3 [ ] STREAM CONNECTED 1709908
unix 3 [ ] STREAM CONNECTED 1708999 /dev/log
unix 3 [ ] STREAM CONNECTED 1708998
unix 3 [ ] STREAM CONNECTED 1699924 /dev/log
unix 3 [ ] STREAM CONNECTED 1699921
unix 3 [ ] STREAM CONNECTED 1686710 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 1686709
unix 3 [ ] STREAM CONNECTED 1684149 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 1684148
unix 3 [ ] STREAM CONNECTED 1050635 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 1050634
unix 3 [ ] STREAM CONNECTED 919505 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 919504
unix 3 [ ] STREAM CONNECTED 919501 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 919493
unix 3 [ ] STREAM CONNECTED 879537 @/tmp/dbus-Rfb6Siftkh
unix 3 [ ] STREAM CONNECTED 879536
unix 2 [ ] STREAM CONNECTED 299213
unix 3 [ ] STREAM CONNECTED 22688 /tmp/orbit-neuro/linc-1b9d-0-16e930d0229ec
unix 3 [ ] STREAM CONNECTED 22687
unix 3 [ ] STREAM CONNECTED 22684 /tmp/orbit-neuro/linc-1b19-0-1754b09d94b69
unix 3 [ ] STREAM CONNECTED 22683
unix 3 [ ] STREAM CONNECTED 22642 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 22641
unix 3 [ ] STREAM CONNECTED 13614 /tmp/orbit-neuro/linc-1b2c-0-55477f8063af2
unix 3 [ ] STREAM CONNECTED 13613
unix 3 [ ] STREAM CONNECTED 13612 /tmp/orbit-neuro/linc-1b2c-0-55477f8063af2
unix 3 [ ] STREAM CONNECTED 13611
unix 3 [ ] STREAM CONNECTED 13610 /tmp/orbit-neuro/linc-1b2c-0-55477f8063af2
unix 3 [ ] STREAM CONNECTED 13609
unix 3 [ ] STREAM CONNECTED 13608 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 13607
unix 3 [ ] STREAM CONNECTED 13605 /tmp/orbit-neuro/linc-1b2c-0-55477f8063af2
unix 3 [ ] STREAM CONNECTED 13604
unix 3 [ ] STREAM CONNECTED 13603 /tmp/orbit-neuro/linc-1b2c-0-55477f8063af2
unix 3 [ ] STREAM CONNECTED 13602
unix 3 [ ] STREAM CONNECTED 13601 /tmp/orbit-neuro/linc-1b66-0-59ec408eeaf90
unix 3 [ ] STREAM CONNECTED 13600
unix 3 [ ] STREAM CONNECTED 13599 /tmp/orbit-neuro/linc-1b68-0-161a94fc8759
unix 3 [ ] STREAM CONNECTED 13598
unix 3 [ ] STREAM CONNECTED 13597 /tmp/orbit-neuro/linc-1b5d-0-4d91084be6e0b
unix 3 [ ] STREAM CONNECTED 13596
unix 3 [ ] STREAM CONNECTED 13595 /tmp/orbit-neuro/linc-1b64-0-783d6661e8a8b
unix 3 [ ] STREAM CONNECTED 13594
unix 3 [ ] STREAM CONNECTED 13593 /tmp/orbit-neuro/linc-1b5a-0-3639cd39dcd0d
unix 3 [ ] STREAM CONNECTED 13592
unix 3 [ ] STREAM CONNECTED 13417
unix 3 [ ] STREAM CONNECTED 13416
unix 3 [ ] STREAM CONNECTED 13414 /tmp/orbit-neuro/linc-1b68-0-161a94fc8759
unix 3 [ ] STREAM CONNECTED 13413
unix 3 [ ] STREAM CONNECTED 13412 /tmp/orbit-neuro/linc-1b2f-0-60ac753d8bc45
unix 3 [ ] STREAM CONNECTED 13411
unix 3 [ ] STREAM CONNECTED 13410 /tmp/orbit-neuro/linc-1b68-0-161a94fc8759
unix 3 [ ] STREAM CONNECTED 13409
unix 3 [ ] STREAM CONNECTED 13406 /tmp/orbit-neuro/linc-1b19-0-1754b09d94b69
unix 3 [ ] STREAM CONNECTED 13405
unix 3 [ ] STREAM CONNECTED 13401 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 13400
unix 3 [ ] STREAM CONNECTED 13397 /tmp/orbit-neuro/linc-1b66-0-59ec408eeaf90
unix 3 [ ] STREAM CONNECTED 13396
unix 3 [ ] STREAM CONNECTED 13395 /tmp/orbit-neuro/linc-1b2f-0-60ac753d8bc45
unix 3 [ ] STREAM CONNECTED 13394
unix 3 [ ] STREAM CONNECTED 13393 /tmp/orbit-neuro/linc-1b66-0-59ec408eeaf90
unix 3 [ ] STREAM CONNECTED 13392
unix 3 [ ] STREAM CONNECTED 13389 /tmp/orbit-neuro/linc-1b19-0-1754b09d94b69
unix 3 [ ] STREAM CONNECTED 13388
unix 3 [ ] STREAM CONNECTED 13384 /tmp/orbit-neuro/linc-1b64-0-783d6661e8a8b
unix 3 [ ] STREAM CONNECTED 13383
unix 3 [ ] STREAM CONNECTED 13381 /tmp/orbit-neuro/linc-1b2f-0-60ac753d8bc45
unix 3 [ ] STREAM CONNECTED 13380
unix 3 [ ] STREAM CONNECTED 13379 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 13378
unix 3 [ ] STREAM CONNECTED 13377 /tmp/orbit-neuro/linc-1b64-0-783d6661e8a8b
unix 3 [ ] STREAM CONNECTED 13376
unix 3 [ ] STREAM CONNECTED 13373 /tmp/orbit-neuro/linc-1b19-0-1754b09d94b69
unix 3 [ ] STREAM CONNECTED 13372
unix 3 [ ] STREAM CONNECTED 13366 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 13365
unix 3 [ ] STREAM CONNECTED 13382 /tmp/orbit-neuro/linc-1b5d-0-4d91084be6e0b
unix 3 [ ] STREAM CONNECTED 13364
unix 3 [ ] STREAM CONNECTED 13363 /tmp/orbit-neuro/linc-1b2f-0-60ac753d8bc45
unix 3 [ ] STREAM CONNECTED 13362
unix 3 [ ] STREAM CONNECTED 13361 /tmp/orbit-neuro/linc-1b5d-0-4d91084be6e0b
unix 3 [ ] STREAM CONNECTED 13360
unix 3 [ ] STREAM CONNECTED 13357 /tmp/orbit-neuro/linc-1b19-0-1754b09d94b69
unix 3 [ ] STREAM CONNECTED 13356
unix 3 [ ] STREAM CONNECTED 13350 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 13349
unix 3 [ ] STREAM CONNECTED 13346 /tmp/orbit-neuro/linc-1b5a-0-3639cd39dcd0d
unix 3 [ ] STREAM CONNECTED 13345
unix 3 [ ] STREAM CONNECTED 13344 /tmp/orbit-neuro/linc-1b2f-0-60ac753d8bc45
unix 3 [ ] STREAM CONNECTED 13343
unix 3 [ ] STREAM CONNECTED 13342 /tmp/orbit-neuro/linc-1b5a-0-3639cd39dcd0d
unix 3 [ ] STREAM CONNECTED 13341
unix 3 [ ] STREAM CONNECTED 13338 /tmp/orbit-neuro/linc-1b19-0-1754b09d94b69
unix 3 [ ] STREAM CONNECTED 13337
unix 3 [ ] STREAM CONNECTED 13333 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 13332
unix 3 [ ] STREAM CONNECTED 13053 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 13052
unix 3 [ ] STREAM CONNECTED 12989 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 12988
unix 3 [ ] STREAM CONNECTED 12987 @/tmp/dbus-Rfb6Siftkh
unix 3 [ ] STREAM CONNECTED 12986
unix 3 [ ] STREAM CONNECTED 12985 /tmp/.ICE-unix/6914
unix 3 [ ] STREAM CONNECTED 12984
unix 3 [ ] STREAM CONNECTED 12962 @/dbus-vfs-daemon/socket-4Mi1amUJ
unix 3 [ ] STREAM CONNECTED 12961
unix 3 [ ] STREAM CONNECTED 12963 @/dbus-vfs-daemon/socket-9tcpxQlT
unix 3 [ ] STREAM CONNECTED 12960
unix 3 [ ] STREAM CONNECTED 12952 @/dbus-vfs-daemon/socket-WNrJPnO8
unix 3 [ ] STREAM CONNECTED 12951
unix 3 [ ] STREAM CONNECTED 12953 @/dbus-vfs-daemon/socket-NyYqxIMe
unix 3 [ ] STREAM CONNECTED 12950
unix 3 [ ] STREAM CONNECTED 12946 @/tmp/dbus-Rfb6Siftkh
unix 3 [ ] STREAM CONNECTED 12945
unix 3 [ ] STREAM CONNECTED 12939 @/tmp/dbus-Rfb6Siftkh
unix 3 [ ] STREAM CONNECTED 12938
unix 3 [ ] STREAM CONNECTED 12917 @/tmp/dbus-Rfb6Siftkh
unix 3 [ ] STREAM CONNECTED 12916
unix 3 [ ] STREAM CONNECTED 12913 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 12912
unix 3 [ ] STREAM CONNECTED 12908 /tmp/orbit-neuro/linc-1b31-0-17ddae161138d
unix 3 [ ] STREAM CONNECTED 12907
unix 3 [ ] STREAM CONNECTED 12910 /tmp/orbit-neuro/linc-1b2c-0-55477f8063af2
unix 3 [ ] STREAM CONNECTED 12906
unix 3 [ ] STREAM CONNECTED 12909 /tmp/orbit-neuro/linc-1b2d-0-315a99bba8f39
unix 3 [ ] STREAM CONNECTED 12905
unix 3 [ ] STREAM CONNECTED 12904 /tmp/orbit-neuro/linc-1b2f-0-60ac753d8bc45
unix 3 [ ] STREAM CONNECTED 12902
unix 3 [ ] STREAM CONNECTED 12903 /tmp/orbit-neuro/linc-1b2f-0-60ac753d8bc45
unix 3 [ ] STREAM CONNECTED 12901
unix 3 [ ] STREAM CONNECTED 12900 /tmp/orbit-neuro/linc-1b2f-0-60ac753d8bc45
unix 3 [ ] STREAM CONNECTED 12899
unix 3 [ ] STREAM CONNECTED 12895 /tmp/orbit-neuro/linc-1b3e-0-520f5a64310e
unix 3 [ ] STREAM CONNECTED 12894
unix 3 [ ] STREAM CONNECTED 12891 /tmp/orbit-neuro/linc-1b19-0-1754b09d94b69
unix 3 [ ] STREAM CONNECTED 12890
unix 3 [ ] STREAM CONNECTED 12886 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 12885
unix 3 [ ] STREAM CONNECTED 12881 /tmp/orbit-neuro/linc-1b31-0-17ddae161138d
unix 3 [ ] STREAM CONNECTED 12880
unix 3 [ ] STREAM CONNECTED 12877 /tmp/orbit-neuro/linc-1b19-0-1754b09d94b69
unix 3 [ ] STREAM CONNECTED 12876
unix 3 [ ] STREAM CONNECTED 12875 /tmp/.ICE-unix/6914
unix 3 [ ] STREAM CONNECTED 12802
unix 3 [ ] STREAM CONNECTED 12798 /tmp/.X11-unix/X0
unix 4 [ ] STREAM CONNECTED 12797
unix 3 [ ] STREAM CONNECTED 12780 @/tmp/dbus-Rfb6Siftkh
unix 3 [ ] STREAM CONNECTED 12779
unix 3 [ ] STREAM CONNECTED 12681 @/tmp/dbus-Rfb6Siftkh
unix 3 [ ] STREAM CONNECTED 12680
unix 3 [ ] STREAM CONNECTED 12649 /tmp/.X11-unix/X0
unix 4 [ ] STREAM CONNECTED 12648
unix 3 [ ] STREAM CONNECTED 12586 /tmp/orbit-neuro/linc-1b2d-0-315a99bba8f39
unix 3 [ ] STREAM CONNECTED 12585
unix 3 [ ] STREAM CONNECTED 12582 /tmp/orbit-neuro/linc-1b19-0-1754b09d94b69
unix 3 [ ] STREAM CONNECTED 12581
unix 3 [ ] STREAM CONNECTED 12580 /tmp/.ICE-unix/6914
unix 3 [ ] STREAM CONNECTED 12579
unix 3 [ ] STREAM CONNECTED 12575 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 12574
unix 3 [ ] STREAM CONNECTED 12535 /tmp/orbit-neuro/linc-1b2c-0-55477f8063af2
unix 3 [ ] STREAM CONNECTED 12534
unix 3 [ ] STREAM CONNECTED 12531 /tmp/orbit-neuro/linc-1b19-0-1754b09d94b69
unix 3 [ ] STREAM CONNECTED 12530
unix 3 [ ] STREAM CONNECTED 12529 /tmp/.ICE-unix/6914
unix 3 [ ] STREAM CONNECTED 12527
unix 3 [ ] STREAM CONNECTED 12528 /tmp/.ICE-unix/6914
unix 3 [ ] STREAM CONNECTED 12501
unix 3 [ ] STREAM CONNECTED 12497 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 12496
unix 3 [ ] STREAM CONNECTED 12493 /tmp/orbit-neuro/linc-1b2a-0-702efed544eb8
unix 3 [ ] STREAM CONNECTED 12492
unix 3 [ ] STREAM CONNECTED 12489 /tmp/orbit-neuro/linc-1b19-0-1754b09d94b69
unix 3 [ ] STREAM CONNECTED 12488
unix 3 [ ] STREAM CONNECTED 12484 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 12483
unix 3 [ ] STREAM CONNECTED 12289 /tmp/orbit-neuro/linc-1b1e-0-3f73ba974dec8
unix 3 [ ] STREAM CONNECTED 12288
unix 3 [ ] STREAM CONNECTED 12285 /tmp/orbit-neuro/linc-1b19-0-1754b09d94b69
unix 3 [ ] STREAM CONNECTED 12284
unix 3 [ ] STREAM CONNECTED 12280 @/tmp/dbus-Rfb6Siftkh
unix 3 [ ] STREAM CONNECTED 12279
unix 3 [ ] STREAM CONNECTED 12278 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 12277
unix 3 [ ] STREAM CONNECTED 12270 @/tmp/dbus-Rfb6Siftkh
unix 3 [ ] STREAM CONNECTED 12269
unix 3 [ ] STREAM CONNECTED 12268 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 12267
unix 3 [ ] STREAM CONNECTED 12264 @/tmp/dbus-Rfb6Siftkh
unix 3 [ ] STREAM CONNECTED 12263
unix 3 [ ] STREAM CONNECTED 12235 /tmp/orbit-neuro/linc-1b02-0-2a556cce9559a
unix 3 [ ] STREAM CONNECTED 12234
unix 3 [ ] STREAM CONNECTED 12233 /tmp/orbit-neuro/linc-1b19-0-1754b09d94b69
unix 3 [ ] STREAM CONNECTED 12047
unix 2 [ ] STREAM CONNECTED 12033
unix 3 [ ] STREAM CONNECTED 12010 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 12009
unix 3 [ ] STREAM CONNECTED 12002 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 12001
unix 3 [ ] STREAM CONNECTED 12000
unix 3 [ ] STREAM CONNECTED 11999
unix 375 [ ] STREAM CONNECTED 11988 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 11987
unix 3 [ ] STREAM CONNECTED 11945 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 11944
unix 2 [ ] STREAM CONNECTED 10019
unix 375 [ ] STREAM CONNECTED 10239 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 9965
unix 3 [ ] STREAM CONNECTED 9536 @/var/run/hald/dbus-8ReLB7lvwd
unix 3 [ ] STREAM CONNECTED 9535
unix 3 [ ] STREAM CONNECTED 9521 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 9520
unix 3 [ ] STREAM CONNECTED 9418 @/var/run/hald/dbus-8ReLB7lvwd
unix 3 [ ] STREAM CONNECTED 9405
unix 3 [ ] STREAM CONNECTED 9404 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 9403
unix 3 [ ] STREAM CONNECTED 9380 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 9379
unix 2 [ ] STREAM CONNECTED 9377
unix 3 [ ] STREAM CONNECTED 9375 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 9374
unix 3 [ ] STREAM CONNECTED 9369 @/var/run/hald/dbus-8ReLB7lvwd
unix 3 [ ] STREAM CONNECTED 9366
unix 3 [ ] STREAM CONNECTED 9368 @/var/run/hald/dbus-8ReLB7lvwd
unix 3 [ ] STREAM CONNECTED 9356
unix 3 [ ] STREAM CONNECTED 9336 @/var/run/hald/dbus-8ReLB7lvwd
unix 3 [ ] STREAM CONNECTED 9333
unix 3 [ ] STREAM CONNECTED 9283 @/var/run/hald/dbus-sImILZv7Bl
unix 3 [ ] STREAM CONNECTED 9282
unix 3 [ ] STREAM CONNECTED 9265 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 9264
unix 3 [ ] STREAM CONNECTED 8257 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 8256
unix 3 [ ] STREAM CONNECTED 6650 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 6649
unix 3 [ ] STREAM CONNECTED 6554
unix 3 [ ] STREAM CONNECTED 6553
}}}
dkindlund
commented
14 years ago Author: kindlund Okay, I think I see the issue, here. Specifically, it looks like you're running VMware Server v2.0.0.
VMware just moved their VMware Server v2.0.0 out of beta status and is now the latest version. I believe this code has been tested with only VMware Server v1.0.7.
Justin, as an immediate fix, please use v1.0.7 and see if that resolves your issue.
If so, we'll mark this ticket as a TODO for VMware Server v2.0.0
-- Darien
dkindlund
commented
14 years ago Author: Justin Will do. I'll test it now and let you guys know.
-Justin
dkindlund
commented
14 years ago Author: Justin The tests were successful with the old version of VM. However, I have to rebuild the master vm since the volumes are not compatible. More to follow.
dkindlund
commented
14 years ago Author: kindlund Okay, glad to hear this resolves the original issue. I'll update the UserGuide with a note indicating this compatibility issue and leave this ticket open as a TODO.
If you run into any other issues, please create a new ticket, as those issues will be different than this one.
Thanks,
-- Darien
Unable to install IPTables::IPv4 IPTables::libiptc can be installed forcefully
{{{ Writing Makefile for IPTables::IPv4 cp IPv4/TableTie.pm blib/lib/IPTables/IPv4/TableTie.pm cp IPv4/Chain.pm blib/lib/IPTables/IPv4/Chain.pm cp IPv4.pm blib/lib/IPTables/IPv4.pm AutoSplitting blib/lib/IPTables/IPv4.pm (blib/lib/auto/IPTables/IPv4) cp IPv6.pm blib/lib/IPTables/IPv6.pm AutoSplitting blib/lib/IPTables/IPv6.pm (blib/lib/auto/IPTables/IPv6) cp IPv4/Toplevel.pm blib/lib/IPTables/IPv4/Toplevel.pm cp IPv4/Rule.pm blib/lib/IPTables/IPv4/Rule.pm cp IPv4/RuleList.pm blib/lib/IPTables/IPv4/RuleList.pm /usr/bin/perl5.8.8 /usr/lib/perl5/5.8.8/ExtUtils/xsubpp -noprototypes -typemap /usr/lib/perl5/5.8.8/ExtUtils/typemap -typemap IPTables.typemap IPv4.xs > IPv4.xsc && mv IPv4.xsc IPv4.c i686-pc-linux-gnu-gcc -c -Iinclude -I/usr/src/linux/include -Wall -DMODULE_PATH=\"/usr/lib/IPTables-IPv4\" -O2 -march=i686 -pipe -DVERSION=\"0.98\" -DXS_VERSION=\"0.98\" -fPIC "-I/usr/lib/perl5/5.8.8/i686-linux-thread-multi/CORE" IPv4.c In file included from /usr/src/linux/include/linux/netfilter_ipv4.h:8, from /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:18, from include/libiptc/libiptc.h:6, from IPv4.xs:28: /usr/src/linux/include/linux/netfilter.h:41: error: expected specifier-qualifier-list before 'be32' IPv4.xs: In function 'XS_IPTablesIPv4Table_set_policy': IPv4.xs:329: warning: dereferencing type-punned pointer will break strict-aliasing rules IPv4.xs: In function 'XS_IPTablesIPv4__Table_get_references': IPv4.xs:379: warning: pointer targets in passing argument 1 of 'iptc_get_references' differ in signedness }}}
Which then causes:
{{{
Starting new session... 2008-10-05 17:01:44 WARN HoneyClient::Manager::_handleFault - Error occurred during processing. soap:Server: Error, could not connect to IPTABLES interface: iptables who? (do you need to insmod?) at HoneyClient/Manager/FW.pm line 1379
HoneyClient::Manager->_handleFault(): Error occurred during processing. soap:Server: Error, could not connect to IPTABLES interface: iptables who? (do you need to insmod?) at HoneyClient/Manager/FW.pm line 1379
at /usr/lib/perl5/site_perl/5.8.8/SOAP/Lite.pm line 3665 2008-10-05 17:01:44 INFO HoneyClient::Manager::_cleanup - Cleaning up. 2008-10-05 17:01:44 ERROR HoneyClient::Util::SOAP::_handleFault - Error occurred during processing. soap:Server: Error, could not connect to IPTABLES interface: iptables who? (do you need to insmod?) at HoneyClient/Manager/FW.pm line 1379
HoneyClient::Util::SOAP->handleFault(): Error occurred during processing. soap:Server: Error, could not connect to IPTABLES interface: iptables who? (do you need to insmod?) at HoneyClient/Manager/FW.pm line 1379 }}}
Any work arounds?