Friday, March 25, 2011

Nepenthes on FreeBSD

I just installed FreeBSD 8.2 on my old laptop, since I can't find a buyer yet (it's cheap by the way, only RM500!, COD anywhere if you wanna buy from me). Basically I know that FreeBSD sockets work differently unlike Linux, so some of the works done on Dionaea honeypot can't be ported directly to FreeBSD. 

So now I use Nepenthes port on FreeBSD, the installation wasn't difficult if you're using prepackage pkg, just 
pkg_add -rv nepenthes

or go to /usr/ports and make search name=nepenthes for you to later run make install clean

In FreeBSD however, the Nepenthes will not work directly, since it cannot find /var directory within the /usr/local

So basically, you can simply

mkdir -p /usr/local/var/binaries
mkdir -p /usr/local/var/hexdumps

since in the etc/nepenthes.conf the configuration was stated as such.

For me, since I want to send my malware collection info to mwcollect Alliance, what I have to is to add the following line:


  "submitmwserv.so",               "submit-mwserv.conf",       ""

And your nepenthes should work. 
However this tutorial isn't complete by itself, unlucky for you since I am lazy.

No comments: