[Honeywall] Questions about update and process tree

Murielle Savary murielle.savary at heig-vd.ch
Tue Dec 11 12:25:49 EST 2007


Thanks a lot for your answers, the update fixes the problem. I can  
now see tre process tree! Thanks for your work!

Murielle


Le 11 déc. 07 à 14:39, Robert Mcmillen a écrit :

> Murielle,
>
> On Dec 11, 2007, at 5:13 AM, Murielle Savary wrote:
>
>> Hello,
>>
>> I'm a Swiss student and I'm currently running the honeywall Roo  
>> 1.2 for my diploma. I have a few questions about this solution :
>>
>> 1) Which interface is used by the honeywall to update himself or  
>> to download the snort rules update? It seems like it uses eth2 but  
>> the default firewall rules block all traffic. I have found nothing  
>> in the documentation, and all my tries has been unsuccessful. Is  
>> there a way to make it uses the Internet connection from eth0 ?
>
> It does use eth2 as its  way to the internet as long as a valid  
> default gateway and dns servers were specified during configuration  
> of the management interface.  If you use either the dialog menu or  
> the web interface to reconfigure the management interface, you can  
> make sure these variables are set properly for your network to  
> ensure internet connectivity.  You will also need to verify that  
> either you remove the restriction of outbound internet  
> connectivity, or you add the outbound ports you feel necessary for  
> your honeywall.
>
> dialog:
>
> 1.  as root, type menu to enter the menu dialog.
> 2.  select Honeywall Configuration
> 3.  select Remote Management
> 4.  select Managment IP and verify.
> 5.  select Management Netmask and verify.
> 6.  select Management Gateway and verify.
> 7.  select DNS Servers and verify.
> 8.  select Restrict Honeywall Outbound Traffic (this is probably  
> what is preventing you from going to the internet if all the  
> previous management settings are set properly)
>       a.  If you select yes.
>             i.  select Honeywall Allowed Outbound TCP and fill in  
> the ports you want to be able to reach.
>             ii.  select Honeywall Allowed Outbound UDP and fill in  
> the ports you want to be able to reach.
>       b.  If you select no, the honeywall will have unlimited  
> access to the internet.
>
> web interface:
>
> 1.  System Admin tab
> 2.  Honeywall Configuration
> 3.  Remote Management.  The items here should be self explanatory  
> and should resemble what the dialog describes above.
>
>
>> 2) I have been trying to use sebek to gather a process tree, but  
>> it doesn't display anything. I know for sure that my honeypot has  
>> been cracked (it does some weird things), so I would like to know  
>> if this problem come from my configuration or it's just because  
>> there is no process tree to see... What I don't understand is that  
>> there is some data in the table named "process tree" in mysql, but  
>> nothing shows up in the web interface.
>
> We recently uploaded some fixes to the honeynet repository for  
> hflow and walleye.  Once you allow your honeywall to access the  
> internet, you need to do a yum update to get these fixes.
>
>> Thanks for your help,
>>
>> Murielle
>
> Please let us know if you come across any issues.  We are trying to  
> improve the honeywall and will shortly be telling the list where we  
> are heading with it in the foreseeable future.
>
> Hope this helps,
>
> Rob
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall



More information about the Honeywall mailing list