[Honeywall] Questions about update and process tree

Murielle Savary murielle.savary at heig-vd.ch
Tue Dec 11 06:13:31 EST 2007


Hello,

I'm a Swiss student and I'm currently running the honeywall Roo 1.2  
for my diploma. I have a few questions about this solution :

1) Which interface is used by the honeywall to update himself or to  
download the snort rules update? It seems like it uses eth2 but the  
default firewall rules block all traffic. I have found nothing in the  
documentation, and all my tries has been unsuccessful. Is there a way  
to make it uses the Internet connection from eth0 ?

2) I have been trying to use sebek to gather a process tree, but it  
doesn't display anything. I know for sure that my honeypot has been  
cracked (it does some weird things), so I would like to know if this  
problem come from my configuration or it's just because there is no  
process tree to see... What I don't understand is that there is some  
data in the table named "process tree" in mysql, but nothing shows up  
in the web interface.

Thanks for your help,

Murielle



More information about the Honeywall mailing list