ports/103257: Missing directory prevents Nepenthes from running out-of-the-box

Richard Bejtlich taosecurity at gmail.com
Thu Sep 14 09:50:22 UTC 2006


>Number:         103257
>Category:       ports
>Synopsis:       Missing directory prevents Nepenthes from running out-of-the-box
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 14 09:50:19 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Richard Bejtlich
>Release:        6.1 SECURITY
>Organization:
TaoSecurity
>Environment:
FreeBSD vectra.taosecurity.com 6.1-SECURITY FreeBSD 6.1-SECURITY #0: Mon Aug 28 05:21:08 UTC 2006     root at builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
The Nepenthes port almost works out-of-the-box.  All that's missing is the /usr/local/var/nepenthes/binaries directory.  Without it, Nepenthes dies.

I also noticed /usr/local/etc/nepenthes/nepenthes.conf makes this reference:

        hexdump_path                "var/nepenthes/hexdumps/";

/usr/local/var/nepenthes/hexdumps doesn't exist.
>How-To-Repeat:
vectra:/root# nepenthes
..edited...
Nepenthes Version 0.1.7
Compiled on FreeBSD/x86 at Sep 13 2006 21:15:02 with g++ 3.4.4 [FreeBSD] 20050518
Started on vectra.taosecurity.com running FreeBSD/i386 release 6.1-SECURITY

[ info mgr ] Loaded Nepenthes Configuration from "/usr/local/etc/nepenthes/nepenthes.conf".
[ info sc module ] Loading signatures from file var/cache/nepenthes/signatures/shellcode-signatures.sc
[ crit mgr submit ] Could not open var/nepenthes/binaries/
No such file or directory
vectra:/root#

vectra:/root# ls /usr/local/var
binaries        cache           hexdumps        log             spool
>Fix:

vectra:/root# mkdir -p /usr/local/var/nepenthes/binaries

vectra:/root# nepenthes
..edited...
Nepenthes Version 0.1.7 
Compiled on FreeBSD/x86 at Sep 13 2006 21:15:02 with g++ 3.4.4 [FreeBSD] 20050518 
Started on vectra.taosecurity.com running FreeBSD/i386 release 6.1-SECURITY

[ info mgr ] Loaded Nepenthes Configuration from "/usr/local/etc/nepenthes/nepenthes.conf".
[ info sc module ] Loading signatures from file var/cache/nepenthes/signatures/shellcode-signatures.sc
[ info mgr ] logfile var/log/nepenthes/nepenthes.log does not exist yet
[ crit mgr ] Compiled without support for capabilities, no way to run capabilities

Alternatively, edit /usr/local/etc/nepenthes/nepenthes.conf

        filesdir                    "var/nepenthes/binaries/";

change to

        filesdir                    "var/binaries/";

The same is true for the hexdumps directory:

        hexdump_path                "var/nepenthes/hexdumps/";

change to

        hexdump_path                "var/hexdumps/";

Another solution is to leave the nepenthes.conf file alone and change the directories that are created.

Thank you!

>Release-Note:
>Audit-Trail:
>Unformatted:



More information about the freebsd-ports-bugs mailing list