firepro20
commented
8 years ago Any help?
Closed firepro20 closed 8 years ago
firepro20
commented
8 years ago Any help?
schmalle
commented
8 years ago Hi, Hard to tell from remote. The ubuntu base is tried to feth from time to time new images, therefore after this timeframe everything should have self healed. Please restart the host, hopefully this helps. Best wishes Markus
firepro20
commented
8 years ago I did restart both VM and host machine but to no avail. Following best practices, I just loaded up a snapshot where everything was working fine. The error is quite strange as I did nothing that might have damaged the system. It was just running
firepro20
commented
8 years ago I am getting the same error when I load I have no idea why it seems to be related with dionaea only
firepro20
commented
8 years ago I tried to pull the latest image using sudo docker pull dionaea. This resulted in an error: image/library dionaea not found
t3chn0m4g3
commented
8 years ago I am assuming you are not running the VM 24/7? These steps are done automatically every night.
You should clean up first sudo dcres.sh
If you want to pull an image you need the correct name i.e. sudo docker pull dtagdevsec/dionaea:latest1603
If you are unsure why a container does not work properly you can i.e. sudo cat /var/log/upstart/dionaea.log or check its logs in /data/.
In order to help you properly please always provide information we can work with, i.e. the aforementioned log files, screenshots, etc.
firepro20
commented
8 years ago I did the cat command and this is what I got
firepro20
commented
8 years ago When I try to run dcres.sh the terminal outputs waiting for services or that I have to wait for 5 minutes of uptime before I can run the command
firepro20
commented
8 years ago I managed to run the dcres.sh script and it stopped running presumably when it had to restart dionaea again as you can see
firepro20
commented
8 years ago I left the VM alone maybe it was just taking some time but then decided to stop the dces.sh script and it was at that time that the Waiting for services ... was happening again.
firepro20
commented
8 years ago Yesterday I loaded a snapshot of the system when dionaea was working and now I loaded the changed state of the snapshot and dionaea is not working. Giving me the prompt as shown above
firepro20
commented
8 years ago regarding the dcres.sh, apart from getting stuck after cowrie starts running, before it says "docker rmi requires a minimum of 1 argument"
t3chn0m4g3
commented
8 years ago The error message regarding 1 argument is fine and means that there is no obsolete image to delete. dcres.sh will only run 5 minutes after reboot, the waiting for services is the result of the machine trying to revive the dionaea container. From the looks of your screenshot tcp/445 is already in use and thus docker cannot bring the dionaea container online.
Run the following commands and post the outputs as text:
sudo netstat -anp | grep 445
sudo docker images
sudo cat /etc/init/dionaea.conf
sudo cat /data/upstart/dionaea.conf
sudo cat /etc/crontab
sudo docker ps -a
sudo docker -v
sudo cat /var/log/upstart/dionaea.log
sudo cat /var/log/
sudo status.sh
sudo ls -al /data/dionaea/
sudo ls -al /data/
sudo iptables -L
sudo lshw
sudo lscpu
sudo cat /proc/meminfo
sudo free -m
sudo swapon -s
sudo lsb_release -a
sudo uname -a
sudo fdisk -l
sudo blkid
sudo lsblk
sudo df -HT
sudo netstat -tulpnDid you install any packages? Did you run any other containers? Did you make any changes to config / system files? Did you change file permissions in /data or subfolders or anywhere else?
If we want to get a hold on what is going on please do not make any changes to the vm we are investigating.
firepro20
commented
8 years ago sudo netstat -anp | grep 445
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 566/smbd tcp6 0 0 :::445 :::* LISTEN 566/smbd unix 2 [ ] STREAM CONNECTED 265445 802/docker /var/run/docker.sock unix 2 [ ] STREAM CONNECTED 444452 802/docker /var/run/docker.sock unix 2 [ ] STREAM CONNECTED 445131 802/docker /var/run/docker.sock unix 2 [ ] STREAM CONNECTED 214455 802/docker /var/run/docker.sock unix 2 [ ] STREAM CONNECTED 445370 802/docker /var/run/docker.sock unix 2 [ ] STREAM CONNECTED 127445 802/docker /var/run/docker.sock unix 2 [ ] STREAM CONNECTED 304445 802/docker /var/run/docker.sock
sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE dtagdevsec/elk latest1603 d66c44e14bbb 3 weeks ago 1.01 GB dtagdevsec/honeytrap latest1603 ed3c466639f1 4 weeks ago 433.8 MB dtagdevsec/elasticpot latest1603 6dfaf59045f6 4 weeks ago 281.2 MB dtagdevsec/dionaea latest1603 84ef65ca61e8 4 weeks ago 347.6 MB dtagdevsec/suricata latest1603 949075023558 4 weeks ago 374.8 MB dtagdevsec/glastopf latest1603 9a567b4c0fba 4 weeks ago 617.8 MB dtagdevsec/cowrie latest1603 6e72c1d874fe 4 weeks ago 462.9 MB
sudo cat etc/init/dionaea.conf
########################################################
########################################################
description "Dionaea" author "mo" start on started docker and filesystem stop on runlevel [!2345] respawn pre-start script
myCID=$(docker ps -a | grep dionaea | awk '{ print $1 }') if [ "$myCID" != "" ]; then docker rm -v $myCID; fi
if ! [ -f /data/persistence.on ]; then rm -rf /data/dionaea/* || true rm /data/ews/dionaea/ews.json || true mkdir -p /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/wwwroot chmod 760 /data/dionaea -R chown tpot:tpot /data/dionaea -R fi end script script /usr/bin/docker run --name dionaea --cap-add=NET_BIND_SERVICE --rm=true -p 21:21 -p 42:42 -p 8081:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 3306:3306 -p 5060:5060 -p 5061:5061 -p 69:69/udp -p 5060:5060/udp -v /data/dionaea:/data/dionaea -v /data/ews:/data/ews dtagdevsec/dionaea:latest1603 end script post-start script
sleep 2 end script
sudo cat /data/upstart/dionaea.conf
########################################################
########################################################
description "Dionaea" author "mo" start on started docker and filesystem stop on runlevel [!2345] respawn pre-start script
myCID=$(docker ps -a | grep dionaea | awk '{ print $1 }') if [ "$myCID" != "" ]; then docker rm -v $myCID; fi
if ! [ -f /data/persistence.on ]; then rm -rf /data/dionaea/* || true rm /data/ews/dionaea/ews.json || true mkdir -p /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/wwwroot chmod 760 /data/dionaea -R chown tpot:tpot /data/dionaea -R fi end script script /usr/bin/docker run --name dionaea --cap-add=NET_BIND_SERVICE --rm=true -p 21:21 -p 42:42 -p 8081:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 3306:3306 -p 5060:5060 -p 5061:5061 -p 69:69/udp -p 5060:5060/udp -v /data/dionaea:/data/dionaea -v /data/ews:/data/ews dtagdevsec/dionaea:latest1603 end script post-start script
sleep 2 end script
sudo cat /etc/crontab
SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
17 * * * * root cd / && run-parts --report /etc/cron.hourly 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) #
/2 * * * \ root status.sh > /dev/tty2
/5 * * * \ root check.sh
27 1 * * * root for i in $(cat /data/images.conf); do docker pull dtagdevsec/$i:latest1603; done
27 3 * * * root dcres.sh
27 4 * * * root docker exec elk bash -c '/usr/local/bin/curator --host 127.0.0.1 delete indices --older-than 90 --time-unit days --timestring '%Y.%m.%d''
27 15 * * * root /etc/rc.local
27 16 * * 0 root apt-get autoclean -y; apt-get autoremove -y; apt-get update -y; apt-get upgrade -y; sleep 5; reboot
sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES bc60a01d67e1 dtagdevsec/cowrie:latest1603 "/usr/bin/supervisord" About an hour ago Up About an hour 0.0.0.0:22->2222/tcp cowrie 62b980792537 dtagdevsec/honeytrap:latest1603 "/usr/bin/supervisord" About an hour ago Up About an hour honeytrap d45528d0e5ce dtagdevsec/glastopf:latest1603 "/usr/bin/supervisord" About an hour ago Up About an hour 0.0.0.0:80->80/tcp glastopf 27066acece87 dtagdevsec/elasticpot:latest1603 "/usr/bin/supervisord" About an hour ago Up About an hour 0.0.0.0:9200->9200/tcp elasticpot 1aaa8baf2a56 dtagdevsec/suricata:latest1603 "/usr/bin/supervisord" About an hour ago Up About an hour suricata 64a50b3e61d8 dtagdevsec/elk:latest1603 "/usr/bin/supervisord" About an hour ago Up About an hour 127.0.0.1:64296->8080/tcp elk
sudo docker -v
Docker version 1.10.3, build 20f81dd
sudo cat /var/log/upstart/dionaea.log
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory 2016-03-15 13:57:22,139 CRIT Supervisor running as root (no user in config file) 2016-03-15 13:57:22,139 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2016-03-15 13:57:22,154 INFO RPC interface 'supervisor' initialized 2016-03-15 13:57:22,154 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2016-03-15 13:57:22,154 INFO supervisord started with pid 1 2016-03-15 13:57:23,156 INFO spawned: 'ewsposter' with pid 9 2016-03-15 13:57:23,157 INFO spawned: 'dionaea' with pid 10 2016-03-15 13:57:24,377 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-15 13:57:24,377 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 030dbae6f83e rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory 2016-03-15 22:12:27,987 CRIT Supervisor running as root (no user in config file) 2016-03-15 22:12:27,988 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2016-03-15 22:12:28,007 INFO RPC interface 'supervisor' initialized 2016-03-15 22:12:28,007 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2016-03-15 22:12:28,008 INFO supervisord started with pid 1 2016-03-15 22:12:29,009 INFO spawned: 'ewsposter' with pid 9 2016-03-15 22:12:29,010 INFO spawned: 'dionaea' with pid 10 2016-03-15 22:12:30,219 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-15 22:12:30,220 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-15 22:21:42,273 WARN received SIGTERM indicating exit request 69d5a644ee6d rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory 2016-03-16 10:25:21,968 CRIT Supervisor running as root (no user in config file) 2016-03-16 10:25:21,968 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2016-03-16 10:25:21,997 INFO RPC interface 'supervisor' initialized 2016-03-16 10:25:21,999 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2016-03-16 10:25:21,999 INFO supervisord started with pid 1 2016-03-16 10:25:23,004 INFO spawned: 'ewsposter' with pid 10 2016-03-16 10:25:23,005 INFO spawned: 'dionaea' with pid 11 2016-03-16 10:25:24,136 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-16 10:25:24,136 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) c31ff769dc2f 2016-03-16 17:39:58,256 CRIT Supervisor running as root (no user in config file) 2016-03-16 17:39:58,256 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2016-03-16 17:39:58,273 INFO RPC interface 'supervisor' initialized 2016-03-16 17:39:58,273 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2016-03-16 17:39:58,273 INFO supervisord started with pid 1 2016-03-16 17:39:59,275 INFO spawned: 'ewsposter' with pid 9 2016-03-16 17:39:59,276 INFO spawned: 'dionaea' with pid 10 2016-03-16 17:40:00,461 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-16 17:40:00,461 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 6382e3d38680 2016-03-16 19:12:14,321 CRIT Supervisor running as root (no user in config file) 2016-03-16 19:12:14,322 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2016-03-16 19:12:14,339 INFO RPC interface 'supervisor' initialized 2016-03-16 19:12:14,339 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2016-03-16 19:12:14,340 INFO supervisord started with pid 1 2016-03-16 19:12:15,341 INFO spawned: 'ewsposter' with pid 9 2016-03-16 19:12:15,342 INFO spawned: 'dionaea' with pid 10 2016-03-16 19:12:16,444 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-16 19:12:16,444 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-16 20:17:57,119 WARN received SIGTERM indicating exit request 4e10dde0a789 2016-03-17 17:40:52,627 CRIT Supervisor running as root (no user in config file) 2016-03-17 17:40:52,627 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2016-03-17 17:40:52,655 INFO RPC interface 'supervisor' initialized 2016-03-17 17:40:52,655 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2016-03-17 17:40:52,655 INFO supervisord started with pid 1 2016-03-17 17:40:53,658 INFO spawned: 'ewsposter' with pid 9 2016-03-17 17:40:53,658 INFO spawned: 'dionaea' with pid 10 2016-03-17 17:40:54,799 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-17 17:40:54,799 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-18 00:36:35,824 WARN received SIGTERM indicating exit request 2016-03-18 00:36:35,852 INFO waiting for ewsposter, dionaea to die 2016-03-18 08:19:25,467 CRIT Supervisor running as root (no user in config file) 2016-03-18 08:19:25,467 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2016-03-18 08:19:25,489 INFO RPC interface 'supervisor' initialized 2016-03-18 08:19:25,489 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2016-03-18 08:19:25,489 INFO supervisord started with pid 1 2016-03-18 08:19:26,491 INFO spawned: 'ewsposter' with pid 10 2016-03-18 08:19:26,491 INFO spawned: 'dionaea' with pid 11 2016-03-18 08:19:27,695 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-18 08:19:27,695 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-18 09:51:44,819 WARN received SIGTERM indicating exit request a151bc9ba6da 2016-03-18 18:53:03,695 CRIT Supervisor running as root (no user in config file) 2016-03-18 18:53:03,695 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2016-03-18 18:53:03,720 INFO RPC interface 'supervisor' initialized 2016-03-18 18:53:03,720 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2016-03-18 18:53:03,720 INFO supervisord started with pid 1 2016-03-18 18:53:04,722 INFO spawned: 'ewsposter' with pid 9 2016-03-18 18:53:04,723 INFO spawned: 'dionaea' with pid 10 2016-03-18 18:53:05,833 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-18 18:53:05,833 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-18 21:57:29,037 WARN received SIGTERM indicating exit request 2016-03-18 21:57:29,037 INFO waiting for ewsposter, dionaea to die 2016-03-18 21:57:29,070 WARN received SIGTERM indicating exit request 2016-03-19 10:19:10,955 CRIT Supervisor running as root (no user in config file) 2016-03-19 10:19:10,955 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2016-03-19 10:19:10,972 INFO RPC interface 'supervisor' initialized 2016-03-19 10:19:10,972 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2016-03-19 10:19:10,972 INFO supervisord started with pid 1 2016-03-19 10:19:11,974 INFO spawned: 'ewsposter' with pid 9 2016-03-19 10:19:11,976 INFO spawned: 'dionaea' with pid 10 2016-03-19 10:19:13,203 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-19 10:19:13,203 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-19 15:09:21,686 WARN received SIGTERM indicating exit request 2016-03-19 15:09:21,710 INFO waiting for ewsposter, dionaea to die 2016-03-20 11:06:49,991 CRIT Supervisor running as root (no user in config file) 2016-03-20 11:06:49,991 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2016-03-20 11:06:50,019 INFO RPC interface 'supervisor' initialized 2016-03-20 11:06:50,019 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2016-03-20 11:06:50,020 INFO supervisord started with pid 1 2016-03-20 11:06:51,021 INFO spawned: 'ewsposter' with pid 12 2016-03-20 11:06:51,022 INFO spawned: 'dionaea' with pid 13 2016-03-20 11:06:52,105 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-20 11:06:52,105 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-20 15:27:15,451 WARN received SIGTERM indicating exit request 2016-03-20 15:27:15,468 INFO waiting for ewsposter, dionaea to die 2016-03-20 15:27:15,548 INFO stopped: dionaea (exit status 0) 2016-03-20 15:27:15,548 CRIT reaped unknown pid 14) 2016-03-20 15:27:15,550 INFO stopped: ewsposter (terminated by SIGTERM) Error deleting container: An error occurred trying to connect: EOF Cannot connect to the Docker daemon. Is the docker daemon running on this host? docker: Cannot connect to the Docker daemon. Is the docker daemon running on this host?. See '/usr/bin/docker run --help'. rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory 2016-03-20 15:27:22,672 CRIT Supervisor running as root (no user in config file) 2016-03-20 15:27:22,672 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2016-03-20 15:27:22,683 INFO RPC interface 'supervisor' initialized 2016-03-20 15:27:22,683 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2016-03-20 15:27:22,683 INFO supervisord started with pid 1 2016-03-20 15:27:23,685 INFO spawned: 'ewsposter' with pid 9 2016-03-20 15:27:23,686 INFO spawned: 'dionaea' with pid 10 2016-03-20 15:27:24,706 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-20 15:27:24,711 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-20 15:27:26,661 WARN received SIGTERM indicating exit request 2016-03-20 15:27:26,661 INFO waiting for ewsposter, dionaea to die rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory 2016-03-20 15:27:41,603 CRIT Supervisor running as root (no user in config file) 2016-03-20 15:27:41,603 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2016-03-20 15:27:41,627 INFO RPC interface 'supervisor' initialized 2016-03-20 15:27:41,628 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2016-03-20 15:27:41,628 INFO supervisord started with pid 1 2016-03-20 15:27:42,630 INFO spawned: 'ewsposter' with pid 9 2016-03-20 15:27:42,630 INFO spawned: 'dionaea' with pid 10 2016-03-20 15:27:43,747 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-20 15:27:43,747 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-20 15:41:15,337 WARN received SIGTERM indicating exit request 2016-03-20 15:41:15,337 INFO waiting for ewsposter, dionaea to die 2016-03-20 15:41:15,341 WARN received SIGTERM indicating exit request rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory 2016-03-20 21:00:36,897 CRIT Supervisor running as root (no user in config file) 2016-03-20 21:00:36,897 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2016-03-20 21:00:36,923 INFO RPC interface 'supervisor' initialized 2016-03-20 21:00:36,923 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2016-03-20 21:00:36,923 INFO supervisord started with pid 1 2016-03-20 21:00:37,925 INFO spawned: 'ewsposter' with pid 9 2016-03-20 21:00:37,926 INFO spawned: 'dionaea' with pid 10 2016-03-20 21:00:39,039 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-20 21:00:39,039 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-20 21:30:02,420 CRIT Supervisor running as root (no user in config file) 2016-03-20 21:30:02,420 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2016-03-20 21:30:02,450 INFO RPC interface 'supervisor' initialized 2016-03-20 21:30:02,450 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2016-03-20 21:30:02,450 INFO supervisord started with pid 1 2016-03-20 21:30:03,453 INFO spawned: 'ewsposter' with pid 9 2016-03-20 21:30:03,455 INFO spawned: 'dionaea' with pid 10 2016-03-20 21:30:04,656 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-20 21:30:04,656 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-20 21:36:43,484 WARN received SIGTERM indicating exit request 2016-03-20 21:36:43,484 INFO waiting for ewsposter, dionaea to die rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory 2016-03-21 09:44:19,607 CRIT Supervisor running as root (no user in config file) 2016-03-21 09:44:19,607 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2016-03-21 09:44:19,635 INFO RPC interface 'supervisor' initialized 2016-03-21 09:44:19,635 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2016-03-21 09:44:19,636 INFO supervisord started with pid 1 2016-03-21 09:44:20,638 INFO spawned: 'ewsposter' with pid 10 2016-03-21 09:44:20,640 INFO spawned: 'dionaea' with pid 11 2016-03-21 09:44:21,843 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-21 09:44:21,843 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-21 22:17:36,404 WARN received SIGTERM indicating exit request 2016-03-22 09:57:19,319 CRIT Supervisor running as root (no user in config file) 2016-03-22 09:57:19,319 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2016-03-22 09:57:19,390 INFO RPC interface 'supervisor' initialized 2016-03-22 09:57:19,390 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2016-03-22 09:57:19,391 INFO supervisord started with pid 1 2016-03-22 09:57:20,392 INFO spawned: 'ewsposter' with pid 12 2016-03-22 09:57:20,394 INFO spawned: 'dionaea' with pid 13 2016-03-22 09:57:21,549 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-22 09:57:21,549 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-22 17:12:21,401 WARN received SIGTERM indicating exit request 2016-03-22 17:12:21,402 INFO waiting for ewsposter, dionaea to die b8654bbe3838 2016-03-23 09:47:42,513 CRIT Supervisor running as root (no user in config file) 2016-03-23 09:47:42,513 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing 2016-03-23 09:47:42,550 INFO RPC interface 'supervisor' initialized 2016-03-23 09:47:42,550 CRIT Server 'unix_http_server' running without any HTTP authentication checking 2016-03-23 09:47:42,550 INFO supervisord started with pid 1 2016-03-23 09:47:43,552 INFO spawned: 'ewsposter' with pid 10 2016-03-23 09:47:43,553 INFO spawned: 'dionaea' with pid 11 2016-03-23 09:47:44,775 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-03-23 09:47:44,776 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2016-04-06 21:20:17,481 WARN received SIGTERM indicating exit request 2016-04-06 21:20:17,481 INFO waiting for ewsposter, dionaea to die 2016-04-06 21:20:17,487 WARN received SIGTERM indicating exit request docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use. rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use. rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use. rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use. rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use. rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use. rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use. rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use. rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use. rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use. rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use. rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use. rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use. rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
sudo cat /var/log
cat: /var/log: Is a directory
sudo status.sh
======| System |====== Date: Thu Apr 7 13:01:42 CEST 2016 Uptime: 13:01:42 up 0 min, 1 user, load average: 2.24, 0.70, 0.24 No sensors found! Make sure you loaded all the kernel drivers you need. Try sensors-detect to find out which these are. CPU temp:
======| Container: cowrie |====== cowrie RUNNING pid 9, uptime 0:00:38 ewsposter RUNNING pid 11, uptime 0:00:38 mysqld RUNNING pid 10, uptime 0:00:38
======| Container: dionaea |====== Error response from daemon: No such container: dionaea
======| Container: elasticpot |====== elasticpotpy RUNNING pid 11, uptime 0:00:38
======| Container: elk |====== elasticsearch RUNNING pid 11, uptime 0:00:38 kibana RUNNING pid 21, uptime 0:00:38 logstash RUNNING pid 15, uptime 0:00:38
======| Container: glastopf |====== ewsposter RUNNING pid 10, uptime 0:00:38 glastopf RUNNING pid 9, uptime 0:00:38
======| Container: honeytrap |====== ewsposter RUNNING pid 9, uptime 0:00:38 honeytrap RUNNING pid 10, uptime 0:00:38
======| Container: suricata |====== p0f RUNNING pid 10, uptime 0:00:38 suricata RUNNING pid 9, uptime 0:00:38
sudo ls -al /data/dionaea/
total 28 drwxrw---- 7 tpot tpot 4096 Apr 7 13:02 . drwxrw---- 14 tpot tpot 4096 Mar 15 14:57 .. drwxrw---- 2 tpot tpot 4096 Apr 7 13:02 binaries drwxrw---- 2 tpot tpot 4096 Apr 7 13:02 bistreams drwxrw---- 2 tpot tpot 4096 Apr 7 13:02 log drwxrw---- 2 tpot tpot 4096 Apr 7 13:02 rtp drwxrw---- 2 tpot tpot 4096 Apr 7 13:02 wwwroot
sudo ls -al /data/
total 124 drwxrw---- 14 tpot tpot 4096 Mar 15 14:57 . drwxr-xr-x 23 root root 4096 Mar 15 14:57 .. drwxrw---- 3 tpot tpot 4096 Mar 15 14:57 conpot drwxrw---- 6 tpot tpot 4096 Apr 7 13:01 cowrie drwxrw---- 7 tpot tpot 4096 Apr 7 13:03 dionaea drwxrw---- 3 tpot tpot 4096 Apr 7 13:01 elasticpot drwxrw---- 4 tpot tpot 4096 Feb 9 12:24 elk -rwxrw---- 1 tpot tpot 63727 Mar 15 14:57 elkbase.tgz drwxrw---- 3 tpot tpot 4096 Mar 15 14:57 emobility drwxrw---- 6 tpot tpot 4096 Mar 15 14:57 ews drwxrw---- 5 tpot tpot 4096 Apr 7 13:01 glastopf drwxrw---- 5 tpot tpot 4096 Apr 7 13:01 honeytrap -rwxrw---- 1 tpot tpot 58 Mar 15 14:57 images.conf drwxrw---- 2 tpot tpot 4096 Mar 15 14:57 imgcfg -rwxrw---- 1 tpot tpot 0 Mar 15 14:57 persistence.off drwxrw---- 3 tpot tpot 4096 Apr 7 13:01 suricata drwxrw---- 2 tpot tpot 4096 Apr 7 11:52 upstart
sudo iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination NFQUEUE tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN state NEW NFQUEUE num 0
Chain FORWARD (policy ACCEPT) target prot opt source destination DOCKER-ISOLATION all -- anywhere anywhere DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Chain DOCKER (1 references) target prot opt source destination ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:http ACCEPT tcp -- anywhere 172.17.0.6 tcp dpt:9200 ACCEPT tcp -- anywhere 172.17.0.4 tcp dpt:http-alt ACCEPT tcp -- anywhere 172.17.0.5 tcp dpt:2222
Chain DOCKER-ISOLATION (1 references) target prot opt source destination RETURN all -- anywhere anywhere
sudo lshw
ce145804980927713 description: Computer product: VirtualBox () vendor: innotek GmbH version: 1.2 serial: 0 width: 64 bits capabilities: smbios-2.5 dmi-2.5 vsyscall32 configuration: family=Virtual Machine uuid=FFF67472-1480-4468-9DB1-2E1EBDB7BC56 -core description: Motherboard product: VirtualBox vendor: Oracle Corporation physical id: 0 version: 1.2 serial: 0 -firmware description: BIOS vendor: innotek GmbH physical id: 0 version: VirtualBox date: 12/01/2006 size: 128KiB capabilities: isa pci cdboot bootselect int9keyboard int10video acpi -memory description: System memory physical id: 1 size: 6001MiB -cpu product: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz vendor: Intel Corp. physical id: 2 bus info: cpu@0 width: 64 bits capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp x86-64 constant_tsc rep_good nopl xtopology nonstop_tsc pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx rdrand hypervisor lahf_lm abm -pci description: Host bridge product: 440FX - 82441FX PMC [Natoma] vendor: Intel Corporation physical id: 100 bus info: pci@0000:00:00.0 version: 02 width: 32 bits clock: 33MHz -isa description: ISA bridge product: 82371SB PIIX3 ISA [Natoma/Triton II] vendor: Intel Corporation physical id: 1 bus info: pci@0000:00:01.0 version: 00 width: 32 bits clock: 33MHz capabilities: isa bus_master configuration: latency=0 -ide description: IDE interface product: 82371AB/EB/MB PIIX4 IDE vendor: Intel Corporation physical id: 1.1 bus info: pci@0000:00:01.1 version: 01 width: 32 bits clock: 33MHz capabilities: ide bus_master configuration: driver=ata_piix latency=64 resources: irq:0 ioport:1f0(size=8) ioport:3f6 ioport:170(size=8) ioport:376 ioport:d000(size=16) -display UNCLAIMED description: VGA compatible controller product: VirtualBox Graphics Adapter vendor: InnoTek Systemberatung GmbH physical id: 2 bus info: pci@0000:00:02.0 version: 00 width: 32 bits clock: 33MHz capabilities: vga_controller bus_master configuration: latency=0 resources: memory:e0000000-e0ffffff -network description: Ethernet interface product: 82540EM Gigabit Ethernet Controller vendor: Intel Corporation physical id: 3 bus info: pci@0000:00:03.0 logical name: eth0 version: 02 serial: 08:00:27:f8:f4:b6 size: 1Gbit/s capacity: 1Gbit/s width: 32 bits clock: 66MHz capabilities: pm pcix bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation configuration: autonegotiation=on broadcast=yes driver=e1000 driverversion=7.3.21-k8-NAPI duplex=full ip=192.168.0.17 latency=64 link=yes mingnt=255 multicast=yes port=twisted pair promiscuous=yes speed=1Gbit/s resources: irq:19 memory:f0000000-f001ffff ioport:d010(size=8) -generic description: System peripheral product: VirtualBox Guest Service vendor: InnoTek Systemberatung GmbH physical id: 4 bus info: pci@0000:00:04.0 version: 00 width: 32 bits clock: 33MHz capabilities: bus_master configuration: driver=vboxguest latency=0 resources: irq:20 ioport:d020(size=32) memory:f0400000-f07fffff memory:f0800000-f0803fff -multimedia description: Multimedia audio controller product: 82801AA AC'97 Audio Controller vendor: Intel Corporation physical id: 5 bus info: pci@0000:00:05.0 version: 01 width: 32 bits clock: 33MHz capabilities: bus_master configuration: driver=snd_intel8x0 latency=64 resources: irq:21 ioport:d100(size=256) ioport:d200(size=64) -usb:0 description: USB controller product: KeyLargo/Intrepid USB vendor: Apple Inc. physical id: 6 bus info: pci@0000:00:06.0 version: 00 width: 32 bits clock: 33MHz capabilities: ohci bus_master cap_list configuration: driver=ohci-pci latency=64 resources: irq:22 memory:f0804000-f0804fff -bridge UNCLAIMED description: Bridge product: 82371AB/EB/MB PIIX4 ACPI vendor: Intel Corporation physical id: 7 bus info: pci@0000:00:07.0 version: 08 width: 32 bits clock: 33MHz capabilities: bridge bus_master configuration: latency=0 -usb:1 description: USB controller product: 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB2 EHCI Controller vendor: Intel Corporation physical id: b bus info: pci@0000:00:0b.0 version: 00 width: 32 bits clock: 33MHz capabilities: ehci bus_master cap_list configuration: driver=ehci-pci latency=64 resources: irq:19 memory:f0805000-f0805fff -storage description: SATA controller product: 82801HM/HEM (ICH8M/ICH8M-E) SATA Controller [AHCI mode] vendor: Intel Corporation physical id: d bus info: pci@0000:00:0d.0 version: 02 width: 32 bits clock: 33MHz capabilities: storage pm ahci_1.0 bus_master cap_list configuration: driver=ahci latency=64 resources: irq:21 ioport:d240(size=8) ioport:d250(size=8) ioport:d260(size=16) memory:f0806000-f0807fff -scsi:0 physical id: 3 logical name: scsi1 capabilities: emulated -cdrom description: DVD reader physical id: 0.0.0 bus info: scsi@1:0.0.0 logical name: /dev/cdrom logical name: /dev/sr0 capabilities: audio dvd configuration: status=nodisc -scsi:1 physical id: 4 logical name: scsi2 capabilities: emulated -disk description: ATA Disk product: VBOX HARDDISK physical id: 0.0.0 bus info: scsi@2:0.0.0 logical name: /dev/sda version: 1.0 serial: VB1b411a40-aced15de size: 64GiB (68GB) capabilities: partitioned partitioned:dos configuration: ansiversion=5 sectorsize=512 signature=00087123 -volume:0 description: Linux swap volume physical id: 1 bus info: scsi@2:0.0.0,1 logical name: /dev/sda1 version: 1 serial: be1cf745-622b-4fa0-99f9-4595a674dec5 size: 7812MiB capacity: 7812MiB capabilities: primary bootable nofs swap initialized configuration: filesystem=swap pagesize=4096 -volume:1 description: Extended partition physical id: 2 bus info: scsi@2:0.0.0,2 logical name: /dev/sda2 size: 56GiB capacity: 56GiB capabilities: primary extended partitioned partitioned:extended -logicalvolume description: Linux filesystem partition physical id: 5 logical name: /dev/sda5 logical name: / logical name: /var/lib/docker/aufs capacity: 56GiB configuration: mount.fstype=ext4 mount.options=rw,relatime,errors=remount-ro,data=ordered state=mounted -network:0 description: Ethernet interface physical id: 1 logical name: vethcf0a873 serial: 2e:63:93:a1:81:b7 capabilities: ethernet physical configuration: autonegotiation=off broadcast=yes driver=veth driverversion=1.0 duplex=full link=yes multicast=yes port=twisted pair -network:1 description: Ethernet interface physical id: 2 logical name: veth27fef91 serial: 66:db:b9:0a:6d:89 capabilities: ethernet physical configuration: autonegotiation=off broadcast=yes driver=veth driverversion=1.0 duplex=full link=yes multicast=yes port=twisted pair -network:2 description: Ethernet interface physical id: 3 logical name: vethf7fcba0 serial: 8e:4d:3e:b9:94:e6 capabilities: ethernet physical configuration: autonegotiation=off broadcast=yes driver=veth driverversion=1.0 duplex=full link=yes multicast=yes port=twisted pair -network:3 description: Ethernet interface physical id: 4 logical name: veth0bb4873 serial: b6:1e:d2:2b:cb:2a capabilities: ethernet physical configuration: autonegotiation=off broadcast=yes driver=veth driverversion=1.0 duplex=full link=yes multicast=yes port=twisted pair
sudo lscpu
Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 2 On-line CPU(s) list: 0,1 Thread(s) per core: 1 Core(s) per socket: 2 Socket(s): 1 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family: 6 Model: 60 Stepping: 3 CPU MHz: 3997.680 BogoMIPS: 7995.36 Hypervisor vendor: KVM Virtualization type: full L1d cache: 32K L1i cache: 32K L2 cache: 256K L3 cache: 8192K NUMA node0 CPU(s): 0,1
sudo cat /proc/meminfo
MemTotal: 6145444 kB MemFree: 4004512 kB MemAvailable: 4473316 kB Buffers: 64172 kB Cached: 349028 kB SwapCached: 0 kB Active: 1701760 kB Inactive: 235500 kB Active(anon): 1525160 kB Inactive(anon): 588 kB Active(file): 176600 kB Inactive(file): 234912 kB Unevictable: 0 kB Mlocked: 0 kB SwapTotal: 7999484 kB SwapFree: 7999484 kB Dirty: 200 kB Writeback: 0 kB AnonPages: 1524040 kB Mapped: 137072 kB Shmem: 1692 kB Slab: 144172 kB SReclaimable: 94132 kB SUnreclaim: 50040 kB KernelStack: 5600 kB PageTables: 13544 kB NFS_Unstable: 0 kB Bounce: 0 kB WritebackTmp: 0 kB CommitLimit: 11072204 kB Committed_AS: 3059112 kB VmallocTotal: 34359738367 kB VmallocUsed: 66416 kB VmallocChunk: 34359642888 kB HardwareCorrupted: 0 kB AnonHugePages: 790528 kB CmaTotal: 0 kB CmaFree: 0 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 HugePages_Surp: 0 Hugepagesize: 2048 kB DirectMap4k: 86976 kB DirectMap2M: 6240256 kB
sudo free -m
total used free shared buffers cachedMem: 6001 2112 3889 1 64 342 -/+ buffers/cache: 1705 4296 Swap: 7811 0 7811
sudo swapon -s
Filename Type Size Used Priority /dev/sda1 partition 7999484 0 -1
sudo lsb_release -a
No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 14.04.4 LTS Release: 14.04 Codename: trusty
sudo uname -a
Linux ce145804980927713 4.2.0-27-generic #32~14.04.1-Ubuntu SMP Fri Jan 22 15:32:26 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
sudo fdisk -l
Disk /dev/sda: 68.7 GB, 68719476736 bytes 255 heads, 63 sectors/track, 8354 cylinders, total 134217728 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00087123
Device Boot Start End Blocks Id System /dev/sda1 * 2048 16001023 7999488 82 Linux swap / Solaris /dev/sda2 16003070 134215679 59106305 5 Extended /dev/sda5 16003072 134215679 59106304 83 Linux
sudo blkid
/dev/sda1: UUID="be1cf745-622b-4fa0-99f9-4595a674dec5" TYPE="swap" /dev/sda5: UUID="3c242943-a806-44a6-8dcb-6724cbc5c1cf" TYPE="ext4"
sudo df -HT
Filesystem Type Size Used Avail Use% Mounted on udev devtmpfs 3.2G 8.2k 3.2G 1% /dev tmpfs tmpfs 630M 709k 629M 1% /run /dev/sda5 ext4 60G 4.2G 53G 8% / none tmpfs 4.1k 0 4.1k 0% /sys/fs/cgroup none tmpfs 5.3M 0 5.3M 0% /run/lock none tmpfs 3.2G 1.1M 3.2G 1% /run/shm none tmpfs 105M 0 105M 0% /run/user none aufs 60G 4.2G 53G 8% /var/lib/docker/aufs/mnt/1368f8b1e47b2bc1120f8b5fe4586bbb0b2ed0e034ae933eeb8125149c79adff shm tmpfs 68M 0 68M 0% /var/lib/docker/containers/65f96f900569ad65240de91f7311977ea1d89bf43a67ec1cf9c085f51f7c5a1a/shm none aufs 60G 4.2G 53G 8% /var/lib/docker/aufs/mnt/62f3f819645ca11e21abb19124f260e531fd6b26ab58afba14dc01eece328dd5 none aufs 60G 4.2G 53G 8% /var/lib/docker/aufs/mnt/c64f8eae6671511c32f1ea63e8482cf1d0b6db91990a29857928960a7577a0b4 none aufs 60G 4.2G 53G 8% /var/lib/docker/aufs/mnt/78ba21094666af04affc60859a1c9d5dacde01b1c3ad1c82a8671c71952afc24 none aufs 60G 4.2G 53G 8% /var/lib/docker/aufs/mnt/043d2cf306c6d7aaa05d61c9ec7d0de251b34eed6d26d2107d23296812389cde shm tmpfs 68M 0 68M 0% /var/lib/docker/containers/e773f7a24502f947d4e53bf9e637b30aca98b01fefd31d467761381a02e7b368/shm shm tmpfs 68M 0 68M 0% /var/lib/docker/containers/78900d0592c82c30b79518eaa044f32d0011f25bff6def568607a9f7c6024023/shm none aufs 60G 4.2G 53G 8% /var/lib/docker/aufs/mnt/b50cd0b8f606f6d41ad3551d4b824166ff3fc15b12807e344712efa9067776d1 shm tmpfs 68M 0 68M 0% /var/lib/docker/containers/c573263c1a10761289c218e838cb9d171b50717e08827a416d9cf4d4f1b5cd23/shm shm tmpfs 68M 0 68M 0% /var/lib/docker/containers/bb6b92b663a7b63561d2afa9eddd353bc4ef779f2ede9953eef499dda9ff7825/shm shm tmpfs 68M 0 68M 0% /var/lib/docker/containers/c00d4373222d71288c89b277262b416f057bba0cfa03a7153e61b2a11faec950/shm none aufs 60G 4.2G 53G 8% /var/lib/docker/aufs/mnt/d2abb71e993ce59d147ecac2c527fed2fac6352ae6f07a7ff37bef5c48b871fa
sudo netstat -tulpn
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 566/smbd tcp 0 0 0.0.0.0:64295 0.0.0.0:* LISTEN 949/sshd tcp 0 0 127.0.0.1:64296 0.0.0.0:* LISTEN 1547/docker-proxy tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 566/smbd tcp6 0 0 :::9200 :::* LISTEN 1529/docker-proxy tcp6 0 0 :::80 :::* LISTEN 1332/docker-proxy tcp6 0 0 :::22 :::* LISTEN 1571/docker-proxy tcp6 0 0 :::445 :::* LISTEN 566/smbd tcp6 0 0 :::64295 :::* LISTEN 949/sshd tcp6 0 0 :::139 :::* LISTEN 566/smbd udp 0 0 0.0.0.0:68 0.0.0.0:* 684/dhclient udp 0 0 172.17.0.1:123 0.0.0.0:* 3840/ntpd udp 0 0 192.168.0.17:123 0.0.0.0:* 3840/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 3840/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 3840/ntpd udp 0 0 172.17.255.255:137 0.0.0.0:* 788/nmbd udp 0 0 172.17.0.1:137 0.0.0.0:* 788/nmbd udp 0 0 192.168.0.255:137 0.0.0.0:* 788/nmbd udp 0 0 192.168.0.17:137 0.0.0.0:* 788/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 788/nmbd udp 0 0 172.17.255.255:138 0.0.0.0:* 788/nmbd udp 0 0 172.17.0.1:138 0.0.0.0:* 788/nmbd udp 0 0 192.168.0.255:138 0.0.0.0:* 788/nmbd udp 0 0 192.168.0.17:138 0.0.0.0:* 788/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 788/nmbd udp 0 0 0.0.0.0:28876 0.0.0.0:* 684/dhclient udp6 0 0 :::48785 :::* 684/dhclient udp6 0 0 fe80::b41e:d2ff:fe2:123 :::* 3840/ntpd udp6 0 0 fe80::42:2dff:fe06::123 :::* 3840/ntpd udp6 0 0 fe80::64db:b9ff:fe0:123 :::* 3840/ntpd udp6 0 0 fe80::2c63:93ff:fea:123 :::* 3840/ntpd udp6 0 0 fe80::8c4d:3eff:feb:123 :::* 3840/ntpd udp6 0 0 fe80::a00:27ff:fef8:123 :::* 3840/ntpd udp6 0 0 ::1:123 :::* 3840/ntpd udp6 0 0 :::123 :::* 3840/ntpd
firepro20
commented
8 years ago What I did install was samba. The only permissions that I know of is when I create a script and chmod 700 it. I tried to force start dionaea once. I did not change and system/config files.
What I cannot understand is how when loading a snapshot dionaea starts working fine, when I shutdown and use the changed state of the loaded snapshot the day after, it gives No such container.
t3chn0m4g3
commented
8 years ago There you have it: tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 566/smbd tcp6 0 0 :::445 :::* LISTEN 566/smbd Samba uses the same ports as dionaea, therefore dionaea cannot start. Uninstall samba and everything should work fine again.
If you make changes like that it is helpful mentioning first when opening the issue :wink:
firepro20
commented
8 years ago That was it!! Life saver. Thankyou very much much :)
After 6hrs of the system running non-stop without any issues, when doing status.sh, I get Error response from daemon: No such container: dionaea. This happened just now.
Before restarting the VM, container cowrie also stopped running. What is the problem? Should I restart the host machine?