Open Skyslycer opened 3 years ago
same here :\
Try with journalctl -u endlessh.service -b
, that will provide the logs of the endlessh service for the last boot and try to find the error there. If you find the error you can try to fix whatever it complains about or you can paste it here and someone may help.
It says: endlessh: fatal: Permission denied
do u know what are the correct permission settings for the service (or maybe the config file located /etc/endlessh/config, which I created manually)?
On Thu, 21 Jan 2021 at 16:14, Mikel Olasagasti Uranga < notifications@github.com> wrote:
Try with journalctl -u endlessh.service -b, that will provide the logs of the endlessh service for the last boot and try to find the error there. If you find the error you can try to fix whatever it complains about or you can paste it here and someone may help.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/skeeto/endlessh/issues/58#issuecomment-764712320, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD2JYDBVJ2TMQRRTLJJXYYDS3BAGJANCNFSM4WKN5QWA .
I followed this video https://www.youtube.com/watch?v=SKhKNUo6rJU
@tricsusz I have the same problem when I do everything like this video. I install on Debian apt install endlessh
and try:
endlessh -p 22
to change port but it only add that port I think. I see:
tcp6 0 0 :::2222 :::* LISTEN 17095/endlessh
tcp6 0 0 :::22 :::* LISTEN 17114/endlessh
and when I check in terminal I see endlessh working only with port 2222. I cannot find that config file to change it manually. Regards.
@PrzemekSkw I guess you should create the following file manually: /etc/endlessh/config The content of config file: Port 22
I wasn't able to sort it out.. finally I decided to use endlessh inside a docker container. If you're familiar with docker, I can help you set it up.
@tricsusz when I create that config file I have that failed service error.
@tricsusz Hi, I try docker few times but always have problems to start apps with it. I could try if You want to help me? Do I have to apt purge endlessh
from my Debian first?
Depending on the version of linux you're using, you may need to set_cap on the endlessh binary to allow it to access ports below 1024.
Here's a very quick and dirty writeup: https://www.justinmcafee.com/2021/01/by-chris-wellens-githubskeeto-los.html
@justinamcafee yeah there is definitely a problem with it running at a port below 1024. If I change it to a port above it works fine.
I tried
setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh
but it still crashes.
Edit: I got it working somehow. I rerouted port 22 with iptables to a port above 1024 where my endlessh was listening. for the lazy ones:
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 22 -j REDIRECT --to-ports PORT_OF_ENDLESSH
Yes, but did you motify the service file to remove the comment from Ambient and add the comment to privateusers? Those steps are in the procedure I linked.
On Sat, Jan 30, 2021, 05:53 Harvara notifications@github.com wrote:
@justinamcafee https://github.com/justinamcafee yeah there is definitely a problem with it running at a port below 1024. If I change it to a port above it works fine. I tried setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh
but it still crashes.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/skeeto/endlessh/issues/58#issuecomment-770200564, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGE76ETSALZKEMB52TFL4JDS4PXKNANCNFSM4WKN5QWA .
guys idk how but it works now fine
I had the same issue, you have to follow the instructions shown on the endlessh.service
file:
## If you want Endlessh to bind on ports < 1024
## 1) run:
## setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh
## 2) uncomment following line
#AmbientCapabilities=CAP_NET_BIND_SERVICE
## 3) comment following line
PrivateUsers=true
setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh
AmbientCapabilities=CAP_NET_BIND_SERVICE
PrivateUsers=true
systemctl daemon-reload
systemctl restart endlessh
for whatever reason, this does not work for me. I did all steps mentioned above, but to no avail. Furthermore, it also does not work with port 2222. Running it as root) on the shell works fine, but whatever I try with systemd, it does not.
cat /usr/lib/systemd/system/endlessh.service
[Unit]
Description=Endlessh SSH Tarpit
Documentation=man:endlessh(1)
Requires=network-online.target
[Service]
Type=simple
Restart=always
RestartSec=30
ExecStart=/usr/bin/endlessh
KillSignal=SIGTERM
# Stop trying to restart the service if it restarts too many times in a row
StartLimitInterval=5min
StartLimitBurst=4
StandardOutput=journal
StandardError=journal
StandardInput=null
PrivateTmp=true
PrivateDevices=true
ProtectSystem=full
ProtectHome=true
InaccessiblePaths=/run /var
## If you want Endlessh to bind on ports < 1024
## 1) run:
## setcap 'cap_net_bind_service=+ep' /usr/bin/endlessh
## 2) uncomment following line
AmbientCapabilities=CAP_NET_BIND_SERVICE
## 3) comment following line
NoNewPrivileges=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target
and
getcap /usr/bin/endlessh
/usr/bin/endlessh cap_net_bind_service=ep
but:
systemctl status endlessh
● endlessh.service - Endlessh SSH Tarpit
Loaded: loaded (/usr/lib/systemd/system/endlessh.service; disabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Fri 2021-07-16 09:14:57 CEST; 2s ago
Docs: man:endlessh(1)
Process: 45121 ExecStart=/usr/bin/endlessh (code=exited, status=226/NAMESPACE)
Main PID: 45121 (code=exited, status=226/NAMESPACE)
CPU: 64ms
This is in a KVM virtual machine running ArchLinux. Could the KVM setup be the reason?
Any ideas?
OK, as found in #66 I had to comment out the line InaccessiblePaths=/run /var
All the mentioned solutions did not work for me, as of in my Ubuntu server 20.04.
I had to create another hand-made service, "honeypot.service", with this content:
# /lib/systemd/system/honeypot.service
[Unit]
Description="Overcome permission denied acces when starting endlessh service."
[Service]
ExecStart=sudo endlessh
[Install]
WantedBy=multi-user.target
Then, I disabled endlessh service
sudo systemctl stop endlessh
sudo systemctl disable endlessh
Then change your SSH port for something else than 22
sudo vim /etc/ssh/sshd_config
Change the line that start with "Port 22".
Restart the ssh service
sudo systemctl restart ssh
Change your /etc/endlessh/config to put Port 22 instead of Port 2222 (so that bots will fall into the honeypot)
And start instead honeypot (that will listen to port 22)
sudo systemctl enable honeypot
sudo systemctl start honeypot
Check that it runs endlessh correctly:
sudo systemctl status honeypot
It should display something like this:
● honeypot.service - "Overcome permission denied acces when starting endlessh service."
Loaded: loaded (/lib/systemd/system/honeypot.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2022-02-05 14:10:46 UTC; 23min ago
Main PID: 7527 (sudo)
Tasks: 2 (limit: 542)
Memory: 1.0M
CGroup: /system.slice/honeypot.service
├─7527 /usr/bin/sudo endlessh
└─7528 endlessh
Feb 05 14:34:00 ip-172-31-46-108 sudo[7528]: 2022-02-05T14:34:00.917Z poll(1, 10000)
Feb 05 14:34:10 ip-172-31-46-108 sudo[7528]: 2022-02-05T14:34:10.927Z = 0
Feb 05 14:34:10 ip-172-31-46-108 sudo[7528]: 2022-02-05T14:34:10.927Z write(4) = 29
Hope it can help someone passing by
Special thanks to @aminairi for the huge help!
I took @khalyomede's approach and made it work on Fedora 35 using the following steps:
Disable endlessh and remove it if you've installed it by building from source:
sudo systemctl stop endlessh.servic
sudo systemctl disable endlessh.service
sudo rm -rf /etc/endlessh
sudo rm /usr/local/bin/endlessh
Install from dnf repos and keep it disabled:
sudo dnf install endlessh
sudo systemctl stop endlessh.servic
sudo systemctl disable endlessh.service
Redirect all traffic from port 22 to 2222 or your desired port for endlessh.
sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 22 -j REDIRECT --to-ports PORT_OF_ENDLESSH
Create a new systemd service from @khalyomede's comment but add these extra lines:
# /lib/systemd/system/honeypot.service
[Unit] Description="Overcome permission denied acces when starting endlessh service."
[Service] User=root Group=root ExecStart=/usr/bin/endlessh
[Install] WantedBy=multi-user.target
5. Enable the service and start it:
```bash
sudo systemctl enable honeypot.service
sudo systemctl start honeypot.service
sudo systemctl status honeypot.service
I am having same issue elastic_search is not working properly, I am going to install magento 2 using AWS and Ubuntu 20.04. I am facing this issue with elastic search so please share proper solution with me. I have tried other solutions provided but they didn't work for me. - https://prnt.sc/NkDAocyioHy0
It just doesnt work.