[Honeywall] honeywall 1.4 system update, hflow, snort, problems
konrad at track666.com
Fri Jan 28 06:18:17 CST 2011
I am doing a project about Virtual Honeynets. One of the main aims of it
is to design and implement laptop based detection system based on
virtual honeynet (Honeywall roo CDROM). Its main role is to analyze LAN
traffic and alert.
One of the problems I have come across are out-of-date snort rules.
roo-1.4 is based on snort 2.6 but rules for are not available for this
version. 188.8.131.52 is the lowest version available (Jan 2011).
What I have done so far:
- Hwall was successfully updated using CentOS 5.5 repos,
- compiled and installed snort 2.8.6
- installed new set of rules 184.108.40.206 using oinkmaster
After the last step when I issue command
/snort -T -c /etc/snort/snort.conf
However when snort is started, it works and logs packets with no errors./
After updating Honeywall and restarting, I get hflow error/s
/starting hflow: premature failure
In /var/log/hflow/hflow.d I get:
/cannot read file header from snort .. aborting/
also it complains about not reading
Tried to restart/start/stop hflow several times and error appears every
command:/ service hflow start/stop/restart/
Can anyone enlighten me what might be the problem here, please?
host: Toshiba laptop 3gb ram, backtrack 4 rc2 nemesis kernel 2.6.34
vmware: workstation 7.1
VM1: roo-1.4, honeywall, 1gb ram, default config
yum repositories taken from standard CentOS 5.5 installation
snort 2.8.6: compiled from source
snort-rules updated via oinkmaster
More information about the Honeywall