Version 6 (modified by rmcmillen, 10 years ago)


The purpose of this document is to capture the steps required to build and install the Sebek client in an updated Ubuntu 7.10 Server. To accomplish this task, we will use VMware and the latest Sebek client from the Honeynet Project's svn repository.

Configuring VMware

1. Let's start by creating a new virtual machine.

Create new virtual machine

2. Select Linux as the Operating System and Other Linux 2.6.x kernel as the version.

Choose Operating System

3. Change the Name and its location as required.

VM Name and Location

4. Allocate enough space for the services you want to deploy. For the purposes of this document, 8 GB will be more than enough.

Virtual Hard Disk Size

5. Select the installation media.

VM Configuration Finish

6. Next, the VMware OS installation process should start.

Installing Ubuntu

1. Select Install to the hard disk.

Ubuntu Splash Screen

2. Choose language. We will choose English.

3. Choose country. We will choose United States.

4. Since I know my keyboard layout, I will not detect it.

  1. Select origin of the keyboard. We will choose U.S. English.
  2. Select keyboard layout (If origin has more than one option). We will choose U.S. English - Macintosh.

5. Configure hostname.

6. Partition disks. We will choose Guided - use entire disk.

7. Select disk to partition.

8. Write partitions to disk.

9. Select time zone. We will choose Eastern.

10. Set system clock to UTC.

11. Add user information.

  1. Full name for the new user.
  2. Username.
  3. Choose a password and verify it.

12. The base system should start installing. This may take a while depending on the speed/load of your VMware Host.

13. Software selection. We will choose LAMP server and OpenSSH server.

Updating Ubuntu

1. Log onto the system. 2. At the command prompt,

sudo apt-get update
sudo apt-get upgrade
sudo reboot

Install required packages

sudo apt-get install subversion
sudo apt-get install make gcc automake autoconf libc6-dev patch linux-headers-server

Getting the latest Sebek code

NOTE: This section requires a username and password. You can get these credentials by registering on the Sebek site:

svn co --username <sebek site username> sebek

Building Sebek

NOTE: The trunk does not currently support raw socket replacement.

cd sebek
./configure --disable-raw-socket-replacement

The results should be a compressed archive containing the Sebek binary and configuration files (sebek-lin26-3.2.0b-bin.tar.gz). Under ideal circumstances, you would build this on a development system and move this resulting compressed archive to the honeypot for installation. For the purposes of this document, we will simply move the resulting compressed archive to our users home directory.

Build results