Hi Fahim, Quick question that are you running the sebek in rename to hplaser7l.ko ( as you define in the configure). I tried to rename but failed. It still running in sbk when I lsmod as follow :
[EMAIL PROTECTED] ~]# lsmod Module Size Used by sbk 28364 0 rgds. ..peter On Wed, Sep 17, 2008 at 7:25 PM, Fahim Abbasi <[EMAIL PROTECTED]> wrote: > Ah, Mr. Ubuntu didnt like all the modules being injected into it, > so I took a reboot of the honeypot, gave it a fresh injection of the sebek > module successfully and viola sebek process trees started appearing above > the magnifying glass in walleye flows :) sweeeeeet !!! > Testing with SSH, all keystrokes are being logged correctly followed by > modules & files read and written to in the process. However, I donot see the > user/password typed in. the SSH flows are encrypted and all is readeable > plaintext till the nodes decide to exchange diffie-hellman+sha ciphers to > encrypt the stream after that its all jibberish. Is there any way to dig the > u/p of the session out with sebek, & which is less painful than recompiling > openssh to log all u/p combinations to some hidden file? > > Thanks, fahim > > _______________________________________________ > Honeywall mailing list > [email protected] > https://public.honeynet.org/mailman/listinfo/honeywall > >
_______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall
