Ticket #200 (reopened bug)

Opened 1 year ago

Last modified 11 months ago

Firewall VM HoneClient::FW Does not start

Reported by: aaron.blum@gmail.com Assigned to: kindlund
Priority: low Milestone: 1.1
Component: HoneyClient::Manager::FW Version: 1.02
Severity: none Keywords: firewall, vm, start, svn
Cc:

Description

Hi,

I've been trying to get the HoneyClient setup to run based on the user guide: http://www.honeyclient.org/trac/wiki/UserGuide

Unfortunately the Firewall VM that I pulled and unzipped does not initialize the daemon for the HoneyClient as the guide says it should. Instead it fails giving this warning: 

not ok 1 -use HoneyClient::Util::Config;
#   Failed test 'use HoneyClient::Util::Config;'
#   in /hc/startFWListener.pl at line 19.
#     Tried to use 'HoneyClient::Util::Config'.
#     Error: Can't locate HoneyClient/Util/Config.pm in @INC (@INC contains: /usr... <snip> at /hc/startFWListener/pl line 19.
# BEGIN failed--compilation aborted at /hc/startFWListener.pl line 19.
# Can't load HoneyClient::Util::Config package. Check to make sure the package library is correctly listed within the path.
Can't locate HoneyClient/Util/Config.pm in @INC (@INC contains: /usr... <snip> at /hc/startFWListener/pl line 21.
BEGIN failed--compilation aborted at /hc/startFWListener.pl line 21.
1..1
# Looks like you failed 1 test of 1.
# Looks like your test died just after 1.

Please advise.

Attachments

Change History

02/11/09 17:28:14 changed by kindlund

You're using the latest firewall VM (v3), correct?

Basically, the code isn't running because it can't find the 'HoneyClient/Util/Config.pm' package, which should be located inside '/usr/src/honeyclient../lib' directory.

Once you've located that directory, you can start the code manually using:

/usr/bin/perl -I/usr/src/honeyclient…/lib /hc/startFWListener.pl

The start-up script should be in /etc/rc.local, I believe.

Regards,

— Darien

02/11/09 17:50:23 changed by aaron.blum@gmail.com

Yes, I'm using Version 3.

When I point it at the lib directory as you indicate it now gives a warning "unable to locate specified value in variable 'log_config' using namespace HoneyClient::Util::Config' within the global configuration file (/etc/honeyclient.xml!)"

This is followed by an error stating that it cannot open the config file for log4perl/Config.pm

Later in the output it states that it can't load HoneyClient::Manager::FW.

Did I miss something or is the Firewall VM misbehaving out of the box?

02/11/09 18:03:06 changed by kindlund

The Firewall VM really shouldn't be faulty out of the box.

I assume you downloaded v3 from: http://honeyclient.mitre.org/firewall-3.tar.gz

Can you confirm that your checksums match the following?

$ md5sum firewall-3.tar.gz 8e67f4361e145ff1839e8e89e9d02f40 firewall-3.tar.gz $ sha1sum firewall-3.tar.gz 67fb3f060dfa5aef926d23beb42fdbf16fa037d3 firewall-3.tar.gz

Regards,

— Darien

02/11/09 18:26:00 changed by aaron.blum@gmail.com

The checksums do indeed match. I'm using VMware Server 1.0.8 on Ubuntu 7.10 if that helps.

02/12/09 11:03:13 changed by aaron.blum@gmail.com

Here is the full output from the suggested command: 

[root@HcHWALL roo]# /usr/bin/perl -I/usr/src/honeyclient-trunk/lib /hc/startFWListener.pl
2009-02-12 05:58:34  WARN [HoneyClient::Util::Config::getVar] (/usr/src/honeyclient-trunk/lib/HoneyClient/Util/Config.pm:573) - Warning: Unable to locate specified value in variable 'log_config' using namespace 'HoneyClient::Util::Config' within the global configuration file (/etc/honeyclient.xml)!
Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.5/Log/Log4perl/Config.pm line 536.
Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.5/Log/Log4perl/Config.pm line 567.
Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.5/Log/Log4perl/Config.pm line 594.
Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.5/Log/Log4perl/Config.pm line 594.
not ok 1 - use HoneyClient::Util::Config;
#   Failed test 'use HoneyClient::Util::Config;'
#   in /hc/startFWListener.pl at line 19.
#     Tried to use 'HoneyClient::Util::Config'.
#     Error:  Cannot open config file '' at /usr/lib/perl5/site_perl/5.8.5/Log/Log4perl/Config.pm line 594.
# Compilation failed in require at (eval 3) line 2.
# BEGIN failed--compilation aborted at /hc/startFWListener.pl line 19.
# Can't load HoneyClient::Util::Config package. Check to make sure the package library is correctly listed within the path.
ok 2 - use IPTables::IPv4;
not ok 3 - use HoneyClient::Manager::FW;
#   Failed test 'use HoneyClient::Manager::FW;'
#   in /hc/startFWListener.pl at line 29.
#     Tried to use 'HoneyClient::Manager::FW'.
#     Error:  Can't locate HoneyClient/Manager/FW.pm in @INC (@INC contains: /usr/src/honeyclient-trunk/lib /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.4 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.3 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.2 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.1 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.0 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/5.8.4 /usr/lib/perl5/site_perl/5.8.5/5.8.3 /usr/lib/perl5/site_perl/5.8.5/5.8.2 /usr/lib/perl5/site_perl/5.8.5/5.8.1 /usr/lib/perl5/site_perl/5.8.5/5.8.0 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at (eval 28) line 2.
# BEGIN failed--compilation aborted at /hc/startFWListener.pl line 29.
# Can't load HoneyClient::Manager::FW package. Check to make sure the package library is correctly listed within the path.
Can't locate HoneyClient/Manager/FW.pm in @INC (@INC contains: /usr/src/honeyclient-trunk/lib /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.4 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.3 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.2 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.1 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/5.8.0 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/5.8.4 /usr/lib/perl5/site_perl/5.8.5/5.8.3 /usr/lib/perl5/site_perl/5.8.5/5.8.2 /usr/lib/perl5/site_perl/5.8.5/5.8.1 /usr/lib/perl5/site_perl/5.8.5/5.8.0 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at /hc/startFWListener.pl line 31.
BEGIN failed--compilation aborted at /hc/startFWListener.pl line 31.
1..3
# Looks like you failed 2 tests of 3.
# Looks like your test died just after 3.
[root@HcHWALL roo]#

Here are the checksums for the image: 

root@ubuntu:~# md5sum /opt/firewall-3.tar.gz
8e67f4361e145ff1839e8e89e9d02f40  /opt/firewall-3.tar.gz
root@ubuntu:~# sha1sum /opt/firewall-3.tar.gz
67fb3f060dfa5aef926d23beb42fdbf16fa037d3  /opt/firewall-3.tar.gz
root@ubuntu:~#

Is there some configuration of the VM that I might have missed?

02/12/09 11:23:30 changed by kindlund

The script should have loaded upon start up, automatically. As a quick solution, try this: 

cd /usr/src/honeyclient-trunk/
/usr/bin/perl -Ilib /hc/startFWListener.pl

If that doesn't work, and you get the same error message as before, verify that (/usr/src/honeyclient-trunk/etc/honeyclient.xml) file exists and is not empty.

Regards,

— Darien

02/12/09 11:38:20 changed by aaron.blum@gmail.com

Identical output as before when running the command. The file honeyclient.xml does exist and is not empty: 

[root@HcHWALL honeyclient-trunk]# ls -l /usr/src/honeyclient-trunk/etc/honeyclient.xml
-rw-r-----  1 root root 31185 Feb 12 05:47 /usr/src/honeyclient-trunk/etc/honeyclient.xml

02/12/09 11:45:15 changed by kindlund

Okay, I need a little more information; do the following: 

cd /usr/src/honeyclient-trunk/
svn info
svn status

And paste the output of those commands. That will tell me if the codebase has changed from the default at all.

Regards,

— Darien

02/12/09 11:49:40 changed by aaron.blum@gmail.com

Output below (the svn status command had no output): 

[root@HcHWALL honeyclient-trunk]# cd /usr/src/honeyclient-trunk/
[root@HcHWALL honeyclient-trunk]# svn info
Path: .
URL: svn://svn.honeyclient.org/honeyclient/trunk
Repository UUID: 143ac459-0e48-db11-92d1-000d614347cd
Revision: 2024
Node Kind: directory
Schedule: normal
Last Changed Author: kindlund
Last Changed Rev: 2022
Last Changed Date: 2009-02-04 14:46:41 -0500 (Wed, 04 Feb 2009)
Properties Last Updated: 2007-11-29 10:03:54 -0500 (Thu, 29 Nov 2007)

[root@HcHWALL honeyclient-trunk]# svn status
[root@HcHWALL honeyclient-trunk]#

02/12/09 11:55:08 changed by kindlund

Okay, that's the problem. By default, if the firewall VM is connected to the internet, it would perform an 'svn update' of the codebase. I thought this capability was disabled, but I guess it was still present in v3.

Here's the fix:

  1. Revert back to your original firewall-3.tar.gz VM
  2. Disconnect the firewall VM from the network
  3. Start up the VM
  4. When the VM starts, it will try to do an SVN update and timeout
  5. Then you can edit the /hc/startFWListener.sh script and comment out the 'svn update' call so that future reboots do not affect it

— Darien

02/12/09 12:15:47 changed by aaron.blum@gmail.com

Thank you, that did it. :)

02/12/09 13:12:04 changed by kindlund

  • status changed from new to closed.
  • component changed from Installation to HoneyClient::Manager::FW.
  • priority changed from normal to low.
  • version changed from none to 1.02.
  • milestone set to 1.1.
  • keywords set to firewall, vm, start, svn.
  • resolution set to fixed.

Okay; glad that worked.

— Darien

(follow-up: ↓ 15 ) 09/15/09 17:54:36 changed by ahall@westcoast.com

  • status changed from closed to reopened.
  • resolution deleted.

I've tried the aforementioned solution in starting startFWListener.pl but the issue appears to reoccur at every restart of the firewall. I've reverted to the firewall-3 tar - disconnecting my system from the internet and after the firewall FM starts I'm able to see the FWListener running and I have commented out the svn update entry in the /hc/startFWListener script. When I reconnect my system to the Internet and start the firewall it's as if I've made no changes as the firewall VM continues to perform the svn updates and my changes to the script no longer exist. What could possibly be causing this to happen?

09/15/09 18:10:29 changed by aaron.blum@gmail.com

Sounds like your VM image is set to non-persistent. Make sure that the image is in persistent state when you make these changes otherwise vmware will simply discard them when you shut down the firewall.

(in reply to: ↑ 13 ) 09/15/09 20:54:59 changed by kindlund

Aaron is correct; it sounds like your firewall VM is currently marked as non-persistent, which causes all changes to be discarded. If you're confident that this is not the problem, then please paste or attach the corresponding firewall .cfg or .vmx configuration file for further troubleshooting.

Replying to ahall@westcoast.com:

I've tried the aforementioned solution in starting startFWListener.pl but the issue appears to reoccur at every restart of the firewall. I've reverted to the firewall-3 tar - disconnecting my system from the internet and after the firewall FM starts I'm able to see the FWListener running and I have commented out the svn update entry in the /hc/startFWListener script. When I reconnect my system to the Internet and start the firewall it's as if I've made no changes as the firewall VM continues to perform the svn updates and my changes to the script no longer exist. What could possibly be causing this to happen?

Add/Change #200 (Firewall VM HoneClient::FW Does not start)




Change Properties
Action