Open dkindlund opened 14 years ago
Author: kindlund You're using the latest firewall VM (v3), correct?
Basically, the code isn't running because it can't find the 'HoneyClient/Util/Config.pm' package, which should be located inside '/usr/src/honeyclient../lib' directory.
Once you've located that directory, you can start the code manually using:
/usr/bin/perl -I/usr/src/honeyclient.../lib /hc/startFWListener.pl
The start-up script should be in /etc/rc.local, I believe.
Regards,
-- Darien
Author: aaron.blum@gmail.com Yes, I'm using Version 3.
When I point it at the lib directory as you indicate it now gives a warning "unable to locate specified value in variable 'log_config' using namespace HoneyClient::Util::Config' within the global configuration file (/etc/honeyclient.xml!)"
This is followed by an error stating that it cannot open the config file for log4perl/Config.pm
Later in the output it states that it can't load HoneyClient::Manager::FW.
Did I miss something or is the Firewall VM misbehaving out of the box?
Author: kindlund The Firewall VM really shouldn't be faulty out of the box.
I assume you downloaded v3 from: http://honeyclient.mitre.org/firewall-3.tar.gz
Can you confirm that your checksums match the following?
$ md5sum firewall-3.tar.gz 8e67f4361e145ff1839e8e89e9d02f40 firewall-3.tar.gz $ sha1sum firewall-3.tar.gz 67fb3f060dfa5aef926d23beb42fdbf16fa037d3 firewall-3.tar.gz
Regards,
-- Darien
Author: aaron.blum@gmail.com The checksums do indeed match. I'm using VMware Server 1.0.8 on Ubuntu 7.10 if that helps.
Author: aaron.blum@gmail.com Here is the full output from the suggested command:
{{{ [root@HcHWALL roo]# /usr/bin/perl -I/usr/src/honeyclient-trunk/lib /hc/startFWListener.pl 2009-02-12 05:58:34 WARN HoneyClient::Util::Config::getVar - Warning: Unable to locate specified value in variable 'log_config' using namespace 'HoneyClient::Util::Config' within the global configuration file (/etc/honeyclient.xml)! Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.5/Log/Log4perl/Config.pm line 536. Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.5/Log/Log4perl/Config.pm line 567. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.5/Log/Log4perl/Config.pm line 594. Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.5/Log/Log4perl/Config.pm line 594. not ok 1 - use HoneyClient::Util::Config;
ok 2 - use IPTables::IPv4; not ok 3 - use HoneyClient::Manager::FW;
Can't locate HoneyClient/Manager/FW.pm in @INC (@INC contains: /usr/src/honeyclient-trunk/lib /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.4 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.3 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.2 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.1 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.0 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/5.8.4 /usr/lib/perl5/site_perl/5.8.5/5.8.3 /usr/lib/perl5/site_perl/5.8.5/5.8.2 /usr/lib/perl5/site_perl/5.8.5/5.8.1 /usr/lib/perl5/site_perl/5.8.5/5.8.0 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at /hc/startFWListener.pl line 31. BEGIN failed--compilation aborted at /hc/startFWListener.pl line 31. 1..3
[root@HcHWALL roo]# }}}
Here are the checksums for the image: {{{ root@ubuntu:~# md5sum /opt/firewall-3.tar.gz 8e67f4361e145ff1839e8e89e9d02f40 /opt/firewall-3.tar.gz root@ubuntu:~# sha1sum /opt/firewall-3.tar.gz 67fb3f060dfa5aef926d23beb42fdbf16fa037d3 /opt/firewall-3.tar.gz root@ubuntu:~# }}}
Is there some configuration of the VM that I might have missed?
Author: kindlund The script should have loaded upon start up, automatically. As a quick solution, try this:
{{{ cd /usr/src/honeyclient-trunk/ /usr/bin/perl -Ilib /hc/startFWListener.pl }}}
If that doesn't work, and you get the same error message as before, verify that (/usr/src/honeyclient-trunk/etc/honeyclient.xml) file exists and is not empty.
Regards,
-- Darien
Author: aaron.blum@gmail.com Identical output as before when running the command. The file honeyclient.xml does exist and is not empty:
{{{ [root@HcHWALL honeyclient-trunk]# ls -l /usr/src/honeyclient-trunk/etc/honeyclient.xml -rw-r----- 1 root root 31185 Feb 12 05:47 /usr/src/honeyclient-trunk/etc/honeyclient.xml }}}
Author: kindlund Okay, I need a little more information; do the following:
{{{ cd /usr/src/honeyclient-trunk/ svn info svn status }}}
And paste the output of those commands. That will tell me if the codebase has changed from the default at all.
Regards,
-- Darien
Author: aaron.blum@gmail.com Output below (the svn status command had no output):
{{{ [root@HcHWALL honeyclient-trunk]# cd /usr/src/honeyclient-trunk/ [root@HcHWALL honeyclient-trunk]# svn info Path: . URL: svn://svn.honeyclient.org/honeyclient/trunk Repository UUID: 143ac459-0e48-db11-92d1-000d614347cd Revision: 2024 Node Kind: directory Schedule: normal Last Changed Author: kindlund Last Changed Rev: 2022 Last Changed Date: 2009-02-04 14:46:41 -0500 (Wed, 04 Feb 2009) Properties Last Updated: 2007-11-29 10:03:54 -0500 (Thu, 29 Nov 2007)
[root@HcHWALL honeyclient-trunk]# svn status [root@HcHWALL honeyclient-trunk]# }}}
Author: kindlund Okay, that's the problem. By default, if the firewall VM is connected to the internet, it would perform an 'svn update' of the codebase. I thought this capability was disabled, but I guess it was still present in v3.
Here's the fix:
-- Darien
Author: aaron.blum@gmail.com Thank you, that did it. :)
Author: kindlund Okay; glad that worked.
-- Darien
Author: ahall@westcoast.com
I've tried the aforementioned solution in starting startFWListener.pl but the issue appears to reoccur at every restart of the firewall. I've reverted to the firewall-3 tar - disconnecting my system from the internet and after the firewall FM starts I'm able to see the FWListener running and I have commented out the svn update entry in the /hc/startFWListener script. When I reconnect my system to the Internet and start the firewall it's as if I've made no changes as the firewall VM continues to perform the svn updates and my changes to the script no longer exist. What could possibly be causing this to happen?
Author: aaron.blum@gmail.com Sounds like your VM image is set to non-persistent. Make sure that the image is in persistent state when you make these changes otherwise vmware will simply discard them when you shut down the firewall.
Author: kindlund Aaron is correct; it sounds like your firewall VM is currently marked as non-persistent, which causes all changes to be discarded. If you're confident that this is not the problem, then please paste or attach the corresponding firewall .cfg or .vmx configuration file for further troubleshooting.
Replying to [comment:13 ahall@westcoast.com]:
I've tried the aforementioned solution in starting startFWListener.pl but the issue appears to reoccur at every restart of the firewall. I've reverted to the firewall-3 tar - disconnecting my system from the internet and after the firewall FM starts I'm able to see the FWListener running and I have commented out the svn update entry in the /hc/startFWListener script. When I reconnect my system to the Internet and start the firewall it's as if I've made no changes as the firewall VM continues to perform the svn updates and my changes to the script no longer exist. What could possibly be causing this to happen?
Hi,
I've been trying to get the HoneyClient setup to run based on the user guide: http://www.honeyclient.org/trac/wiki/UserGuide
Unfortunately the Firewall VM that I pulled and unzipped does not initialize the daemon for the HoneyClient as the guide says it should. Instead it fails giving this warning: {{{ not ok 1 -use HoneyClient::Util::Config;
Failed test 'use HoneyClient::Util::Config;'
in /hc/startFWListener.pl at line 19.
Tried to use 'HoneyClient::Util::Config'.
Error: Can't locate HoneyClient/Util/Config.pm in @INC (@INC contains: /usr... at /hc/startFWListener/pl line 19.
BEGIN failed--compilation aborted at /hc/startFWListener.pl line 19.
Can't load HoneyClient::Util::Config package. Check to make sure the package library is correctly listed within the path.
Can't locate HoneyClient/Util/Config.pm in @INC (@INC contains: /usr... at /hc/startFWListener/pl line 21.
BEGIN failed--compilation aborted at /hc/startFWListener.pl line 21.
1..1
Looks like you failed 1 test of 1.
Looks like your test died just after 1.
}}}
Please advise.