Sunday, April 1, 2012

dionaea

demo.sguil.net is now equipped with dionaea. I wanted something interesting to look at when someone checks sguil out and didn't want to rerun the same pcap through snort.

Their instructions for building dionaea were for Ubuntu (http://dionaea.carnivore.it/#compiling), here's my notes on Fedora:

sudo yum install udns-devel libtool glib2-devel openssl-devel readline-devel sqlite-devel python-devel subversion git flex bison pkgconfig

Follow the rest of the instructions until you get to libnl. It's moved, and you can find the latest version at:

git://git.infradead.org/users/tgr/libnl.git
For libev, you can find the latest release at: http://dist.schmorp.de/libev/ - at the time of this post, it's at version 4.11 so I did 'wget http://dist.schmorp.de/libev/libev-4.11.tar.gz'.
If you're not running 64-bit, leave off "-L/usr/lib/x86_64-linux-gnu/" when configuring Python.
Cython is located at http://cython.org/#download. 0.15.1 is out, so I did 'wget http://cython.org/release/Cython-0.15.1.tar.gz'.
I skipped configuring OpenSSL. It caused problems and the IRC channel wouldn't tell me what you gain by compiling your own version.
Last, when I would run 'make' for dionaea, it would give me this error:
/usr/bin/ld: dionaea-connection.o: undefined reference to symbol 'X509_gmtime_adj'
/usr/bin/ld: note: 'X509_gmtime_adj' is defined in DSO /lib/libcrypto.so.10 so try adding it to the linker command line
/lib/libcrypto.so.10: could not read symbols: Invalid operation

So I included /lib/libcrypto.so to be linked:

cd /home/jbc/dionaea/src && /bin/sh ../libtool --tag=CC   --mode=link  gcc -I/opt/dionaea/include -DEV_COMPAT3=0 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -pthread -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -pthread -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/opt/dionaea/include/ -I/opt/dionaea/include/ -I../include -I .. -fno-strict-aliasing -std=c99 -D_GNU_SOURCE -D_GNU_SOURCE -I/opt/dionaea/include -DEV_COMPAT3=0 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -pthread -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -pthread -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/opt/dionaea/include/ -Wall -Werror -Wstrict-prototypes -g -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -pthread -Wl,--export-dynamic -pthread -o dionaea dionaea-dionaea.o dionaea-dns.o dionaea-refcount.o dionaea-node_info.o dionaea-util.o dionaea-connection.o dionaea-modules.o dionaea-pchild.o dionaea-log.o dionaea-signals.o dionaea-incident.o dionaea-threads.o dionaea-bistream.o dionaea-processor.o  -L/opt/dionaea/lib /opt/dionaea/lib/libev.so -lm -lgthread-2.0 -lgmodule-2.0 -lrt -lglib-2.0 -L/opt/dionaea/lib/ /opt/dionaea/lib/liblcfg.so -L/usr/local/lib -lssl -ludns -pthread -Wl,-rpath -Wl,/opt/dionaea/lib -Wl,-rpath -Wl,/opt/dionaea/lib libva
 1015  /bin/sh ../libtool --tag=CC   --mode=link  gcc -I/opt/dionaea/include -DEV_COMPAT3=0 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -pthread -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -pthread -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/opt/dionaea/include/ -I/opt/dionaea/include/ -I../include -I .. -fno-strict-aliasing -std=c99 -D_GNU_SOURCE -D_GNU_SOURCE -I/opt/dionaea/include -DEV_COMPAT3=0 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -pthread -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -pthread -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/opt/dionaea/include/ -Wall -Werror -Wstrict-prototypes -g -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -pthread -Wl,--export-dynamic -pthread -o dionaea dionaea-dionaea.o dionaea-dns.o dionaea-refcount.o dionaea-node_info.o dionaea-util.o dionaea-connection.o dionaea-modules.o dionaea-pchild.o dionaea-log.o dionaea-signals.o dionaea-incident.o dionaea-threads.o dionaea-bistream.o dionaea-processor.o  -L/opt/dionaea/lib /opt/dionaea/lib/libev.so -lm -lgthread-2.0 -lgmodule-2.0 -lrt -lglib-2.0 -L/opt/dionaea/lib/ /opt/dionaea/lib/liblcfg.so -L/usr/local/lib -lssl -ludns -pthread -Wl,-rpath -Wl,/opt/dionaea/lib -Wl,-rpath -Wl,/opt/dionaea/lib /lib/libcrypto.so.10

Remember to replace 'cd /home/jbc/dionaea/src' with wherever you pulled dionaea via git from.