nextgen setup containers down, bind permission denied

[gstorme]

• What version of the OS are you currently using lsb_release -a and uname -a? Debian 10 Linux 4.19.0-13-amd64

• What T-Pot version are you currently using? 20.06.1

• What edition (Standard, Nextgen, etc.) of T-Pot are you running? NextGen

• What architecture are you running on (i.e. hardware, cloud, VM, etc.)? VM

• How long has your installation been running? 2 days

• Did you install upgrades, packages or use the update script? I ran the update script, but as a try to fix this. It's not the cause

• Please provide a screenshot of glances and htop.

• What is the current container status (dps.sh)?

• What is the status of the T-Pot service (systemctl status tpot)? active/running but with errors on some containers

Docker logs for containers that are DOWN:

citrixhoneypot

{"asctime": "2020-12-15 10:51:09,820", "levelname": "INFO", "message": "Citrix CVE-2019-19781 Honeypot by MalwareTech"}
Traceback (most recent call last):
  File "CitrixHoneypot.py", line 153, in <module>
    httpd = server.HTTPServer(('0.0.0.0', 443), CitrixHandler)
  File "/usr/lib/python3.8/socketserver.py", line 452, in __init__
    self.server_bind()
  File "/usr/lib/python3.8/http/server.py", line 138, in server_bind
    socketserver.TCPServer.server_bind(self)
  File "/usr/lib/python3.8/socketserver.py", line 466, in server_bind
    self.socket.bind(self.server_address)
PermissionError: [Errno 13] Permission denied

conpot_ipmi

ERROR:root:Stopping because <Greenlet at 0x7f44e2e88590: <bound method IpmiServer.start of <conpot.protocols.ipmi.ipmi_server.IpmiServer object at 0x7f44e2e95fd0>>('0.0.0.0', 623)> died: [Errno 13] Permission denied
NoneType: None
2020-12-15 10:52:56,332 Stopping because <Greenlet at 0x7f44e2e88590: <bound method IpmiServer.start of <conpot.protocols.ipmi.ipmi_server.IpmiServer object at 0x7f44e2e95fd0>>('0.0.0.0', 623)> died: [Errno 13] Permission denied
NoneType: None

glutton docker logs glutton shows nothing

heralding

2020-12-15 10:54:00,558 (heralding.honeypot) Could not start Pop3 server on port 110. Error: [Errno 13] error while attempting to bind on address ('0.0.0.0', 110): permission denied
2020-12-15 10:54:00,558 (root) [Errno 13] error while attempting to bind on address ('0.0.0.0', 110): permission denied

honeypy

Couldn't listen on any:7: [Errno 13] Permission denied.

ipphoney

[2020-12-15 10:56:25.551920Z] Traceback (most recent call last):
[2020-12-15 10:56:25.551992Z]   File "ipphoney.py", line 105, in <module>
[2020-12-15 10:56:25.552166Z]     main()
[2020-12-15 10:56:25.552233Z]   File "ipphoney.py", line 98, in main
[2020-12-15 10:56:25.552402Z]     reactor.listenTCP(cfg_options['port'], site)  # pylint: disable=no-member
[2020-12-15 10:56:25.552462Z]   File "/usr/lib/python3.8/site-packages/twisted/internet/posixbase.py", line 495, in listenTCP
[2020-12-15 10:56:25.552701Z]     p.startListening()
[2020-12-15 10:56:25.552761Z]   File "/usr/lib/python3.8/site-packages/twisted/internet/tcp.py", line 1363, in startListening
[2020-12-15 10:56:25.553361Z]     raise CannotListenError(self.interface, self.port, le)
[2020-12-15 10:56:25.553479Z] twisted.internet.error.CannotListenError: Couldn't listen on any:631: [Errno 13] Permission denied.

mailoney

Traceback (most recent call last):
  File "mailoney.py", line 78, in <module>
    modules.schizo_open_relay.module()
  File "/opt/mailoney/modules/schizo_open_relay.py", line 349, in module
    run()
  File "/opt/mailoney/modules/schizo_open_relay.py", line 342, in run
    honeypot = SchizoOpenRelay((mailoney.bind_ip, mailoney.bind_port), None)
  File "/opt/mailoney/modules/schizo_open_relay.py", line 270, in __init__
    self.bind(localaddr)
  File "/usr/lib/python2.7/asyncore.py", line 342, in bind
    return self.socket.bind(addr)
  File "/usr/lib/python2.7/socket.py", line 228, in meth
    return getattr(self._sock,name)(*args)
socket.error: [Errno 13] Permission denied

p0f

[-] PROGRAM ABORT : pcap_open_live: ens192: You don't have permission to capture on that device (socket: Operation not permitted)
         Location : prepare_pcap(), p0f.c:559

[t3chn0m4g3]

Thanks for opening the issue. Did you install from the ISO or did you install using the installer on top of an existing installation? Can you please check the docker version docker -v? I deleted the screenshots as they contained your public IP.

[gstorme]

Thanks, didn't notice the public IP was displayed. Want me to repost them with the IP masked?

I installed from the ISO, with the nextgen edition choice. Docker version 18.09.1, build 4c52b90

[t3chn0m4g3]

No, I deleted them.

Sounds all good. Issued a fresh install on the build server, as the existing installations run without any issues.

[t3chn0m4g3]

Works as advertised or at least I cannot reproduce...

[gstorme]

Ok, it's related to a change I did after the installation. I moved & mounted the /var partition to a new logical volume on a separate virtual hard drive. Looks like moving the /var using rsync -av was not good enough, needed rsync -avX for docker.