search

telekom-security / tpotce

🍯 T-Pot - The All In One Multi Honeypot Platform 🐝
GNU General Public License v3.0
6.84k stars 1.08k forks source link

ewsposter fatal error #38

Closed eluvatl closed 8 years ago

eluvatl commented 8 years ago

Hello. When I run sudo status.sh, a few of the containers show "ewsposter fatal: exited too quickly (process log may have details)." Should I be concerned? The pots affected are Dionaea, Glastopf and Honeytrap.

A couple of reboots did not resolve problem.

firepro20 commented 8 years ago

Did you try changing permissions or setting ownership?

eluvatl commented 8 years ago

Can you clarify?

On Apr 24, 2016, at 2:53 AM, firepro20 notifications@github.com wrote:

Did you try changing permissions or setting ownership?

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub

firepro20 commented 8 years ago

Did you use chmod recently and maybe authorised the wrong user? It happened to me a while back and some containers started to fail. Best p ractise is to take timely snapshots if you're using a VM

eluvatl commented 8 years ago

No. I have not made any modifications to permissions or users.

On Apr 24, 2016, at 12:28 PM, firepro20 notifications@github.com wrote:

Did you use chmod recently and maybe authorised the wrong user? It happened to me a while back and some containers started to fail. Best p ractise is to take timely snapshots if you're using a VM — You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub

t3chn0m4g3 commented 8 years ago

As @firepro20 pointed out this usually only happens if the config files in /data folder have beed modified by chown or chmod or have been edited.

You can run sudo dcres.sh, if that does not fix it I recommend a reinstallation.

eluvatl commented 8 years ago

I will try that, but looking back at the instructions on github, I did make a modification that was recommended:

This will start the SSH daemon on port 64295. It is configured to prevent password login and use pubkey-authentication instead, so make sure you get your key on the system. Just copy it to /home/tsec/.ssh/authorized_keys and set the appropriate permissions (chmod 600 authorized_keys) as well as the right ownership (chown tsec:tsec authorized_keys).

t3chn0m4g3 commented 8 years ago

That is fine, since it is outside the /data folder.

Good luck 😃