Once the module is loaded, it should be running. What I found during
my recent attempt to upgrade sebek to run on the latest and greatest
kernels is that the method used to locate the syscall table was no
longer actually finding the proper address. I have committed changes
to the trunk of the 2.6 kernel to use the idt technique for locating
the syscall table and it seems to find it. However, it does not
unload properly, but I figured the priority goes to it loading and
running properly. If you feel brave, check out the trunk of the sebek
client for 2.6 This will help greatly to improve its use. You can
find the svn trunk at: https://projects.honeynet.org/svn/sebek/linux-2.6/trunk
I've only messed with getting these to run on the latest ubuntu kernel
and the latest centos 5 kernel. So we may have to adjust some things
to get yours to compile.
Are you familiar with svn?
Rob
On Mar 1, 2008, at 7:09 PM, Nandhini Thiagarajan wrote:
Rob,
I'm guessing may be sebek is installed but not running.
Can u please tell me if there another step to start sebek and cofirm
if it is running.
When i do a lsmod i can see "sbk" listed.
It will be useful for my debug if u can provide me the above info.
Thanks much.
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
