search

pwnlandia / mhn

Modern Honey Network
GNU Lesser General Public License v2.1
2.43k stars 630 forks source link

Deployment of Dionaea failed on Raspian Stretch Lite #530

Open jamiebuening opened 6 years ago

jamiebuening commented 6 years ago

I had a failure when using the deploy.sh script generated for Dionaea on Raspberry Pi. I am running Raspian Stretch Lite. The script output included a line noting a 404 not found error. The file libssl1.0.0_1.0.1t-1+deb8u6_armhf.deb is no longer available. I updated the deploy.sh script on the Raspberry Pi to specify libssl1.0.0_1.0.1t-1+deb8u7_armhf.deb instead. This allowed successful installation.

coonsmatthew commented 6 years ago

I don't know if it's related, but when I was trying to install Dionaea on Rasbian Stretch Light, I also got an error in the default

I had to update the deploy.sh script to add [trusted=yes] to the distro addition.

I changed it from:

echo "deb http://packages.s7t.de/raspbian wheezy main" >> /etc/apt/sources.list

To:

echo "deb [trusted=yes] http://packages.s7t.de/raspbian wheezy main" >> /etc/apt/sources.list

After I did that, I was able to install without issues.

coonsmatthew commented 6 years ago

@jamiebuening How did you update the deploy.sh script to call the libssl1.0.0_1.0.1t-1+deb8u7_armhf.deb package? I had to wget and install manually. Did you find a repo that you could download from?

jamiebuening commented 6 years ago

After making the first attempt at installation I manually updated the deploy.sh that was local on the Raspberry Pi. With the update in place within the local deploy.sh, I just ran the second portion of the Deploy Command generated by my MHN Server

sudo bash deploy.sh http://x.x.x.x <deploy-key>

I did not have to update my repos. I manually checked http://security.debian.org/debian-security/pool/updates/main/o/openssl/ by opening that URL in a web browser and saw that there was an 8u7 version of the file.

Below are the original two lines in the deploy.sh script that caused me trouble:

# Download and install old version of openssl
wget http://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.0.0_1.0.1t-1+deb8u6_armhf.deb
sudo dpkg -i libssl1.0.0_1.0.1t-1+deb8u6_armhf.deb

Does that make sense?

coonsmatthew commented 6 years ago

Yep, thank you! That's pretty much what I did as well. I'm thinking that I could just modify the deploy script until there is an official update.

Thanks for your help!

d1str0 commented 6 years ago

If @jamiebuening or @coonsmatthew have pull requests to fix this, I will gladly review and look to merge.

Is this resolved for now?

tgage commented 6 years ago

The deploy.sh script now needs to point to version u8 not u7.

wget http://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.0.0_1.0.1t-1+deb8u8_armhf.deb sudo dpkg -i libssl1.0.0_1.0.1t-1+deb8u8_armhf.deb

tgage commented 6 years ago

FYI: even after resolving the issue in the deploy.sh script with the older libssl, you are left with a dionaea binary that will not run on the Pi; an illegal instruction error is generated. This may be because the 2014 Dionaea package was complied against the u6 libssl library. I have decided that the ancient Dionaea package isn't worth working with. It would be better to compile from source and incorporate changes to make the new Dionaea talk with MHN.