Package: tinyhoneypot
Version: 0.4.6-6
Severity: minor
Tags: patch
- tinyhoneypot run as "nobody", but "capture" file don't report source
IP&port due GRSEC block "netstat -tnp" to user with UID!=0
- right on /var/log/thp is 700(thpod:root) and thpod perl script isn't
allowed to write inside, the righe should grant to "nobody" (default
user) to wirte inside logdir
to solve point1:
change in /usr/sbin/thpod:
[cut]
@nsdata = split(" ",`sudo netstat -tnp 2>/dev/null | grep $procid/perl`);
[cut]
add in sudoers (postinst script?) /etc/sudoers:
[cut]
nobody ALL=NOPASSWD: /bin/netstat
[cut]
To solve point2:
change right to /var/log/thpot
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.31-GRSEC
Locale: LANG=it_IT, LC_CTYPE=it_IT (charmap=ISO-8859-1)
Versions of packages tinyhoneypot depends on:
ii perl 5.8.4-8 Larry Wall's Practical Extraction
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
