[Bro] (no subject)
bec_agarcia at correo.seguridad.unam.mx
bec_agarcia at correo.seguridad.unam.mx
Fri Mar 14 12:34:13 PDT 2008
Hi
i try to start up bro on ubuntu but when i execute
/usr/local/bro/etc/bro.rc --start, i recive the next output with a lot
of errors, but i dont know where and how i can resolve them, anybody
help me please
thanks
root at client-honeypot:/usr/local/src/Bro-ids/bro-1.2.1#
/usr/local/bro/etc/bro.rc --start
bro.rc: Running as non-root user ddjimenez
bro.rc: Starting ..........bro.rc: Failed to start Bro
/usr/local/bro/policy/scan.bro, line 92: warning: no such host:
j5004.inktomisearch.com
/usr/local/bro/policy/scan.bro, line 92: warning: no such host:
j5005.inktomisearch.com
/usr/local/bro/policy/scan.bro, line 93: warning: no such host:
j5006.inktomisearch.com
/usr/local/bro/policy/scan.bro, line 93: warning: no such host:
j100.inktomi.com
/usr/local/bro/policy/scan.bro, line 93: warning: no such host:
j101.inktomi.com
/usr/local/bro/policy/scan.bro, line 94: warning: no such host:
j3002.inktomi.com
/usr/local/bro/policy/scan.bro, line 94: warning: no such host:
si3000.inktomi.com
/usr/local/bro/policy/scan.bro, line 94: warning: no such host:
si3001.inktomi.com
/usr/local/bro/policy/scan.bro, line 95: warning: no such host:
si3002.inktomi.com
/usr/local/bro/policy/scan.bro, line 95: warning: no such host:
si3003.inktomi.com
/usr/local/bro/policy/scan.bro, line 95: warning: no such host:
si4000.inktomi.com
/usr/local/bro/policy/scan.bro, line 96: warning: no such host:
si4001.inktomi.com
/usr/local/bro/policy/scan.bro, line 96: warning: no such host:
si4002.inktomi.com
/usr/local/bro/policy/scan.bro, line 96: warning: no such host:
wm3018.inktomi.com
/usr/local/bro/policy/http-request.bro, line 34: run-time error: error
compiling pattern
/((((((((((((((((((((^?.*(etc\/(passwd|shadow|netconfig)))|(^?.*(IFS[
\t]*=)))|(^?.*(nph-test-cgi\?)))|(^?.*((%0a|\.\.)\/(bin|etc|usr|tmp))))|(^?.*(\/Admin_files\/order\.log)))|(^?.*(\/carbo\.dll)))|(^?.*(\/cgi-bin\/(phf|php\.cgi|test-cgi))))|(^?.*(\/cgi-dos\/args\.bat)))|(^?.*(\/cgi-win\/uploader\.exe)))|(^?.*(\/search97\.vts)))|(^?.*(tk\.tgz)))|(^?.*(ownz)))|(^?.*(viewtopic\.php.*%.*\(.*\()))|(^?.*(sshd\.(tar|tgz).*)))|(^?.*([aA][dD][oO][rR][eE][bB][sS][dD].*)))|(^?.*(shv4\.(tar|tgz).*)))|(^?.*(lrk\.(tar|tgz).*)))|(^?.*(lyceum\.(tar|tgz).*)))|(^?.*(maxty\.(tar|tgz).*)))|(^?.*(rootII\.(tar|tgz).*)))|(^?.*(invader\.(tar|tgz).*))/
/usr/local/bro/policy/http-request.bro, line 42: run-time error: error
compiling pattern
/((^?.*(.*\/c\+dir))|(^?.*(.*cool.dll.*)))|(^?.*(.*Admin.dll.*Admin.dll.*))/
/usr/local/bro/policy/http-request.bro, line 48: run-time error: error
compiling pattern /^?.*(\/cgi-bin\/(phf|php\.cgi|test-cgi))/
/usr/local/bro/policy/http-request.bro, line 50: run-time error: error
compiling pattern /^?.*(wwwroot|WWWROOT)/
/usr/local/bro/policy/http-reply.bro, line 111: run-time error: error
compiling pattern /^?.*(^ )/
/usr/local/bro/policy/hot-ids.bro, line 15: run-time error: error
compiling pattern /^?.*((y[o0]u)(r|ar[e3])([o0]wn.*))/
/usr/local/bro/policy/ftp.bro, line 43: run-time error: error
compiling pattern
/((((((((((((((((((((((^?.*(.*(etc\/|master\.)?(passwd|shadow|s?pwd\.db)))|(^?.*(.*snoop\.(tar|tgz).*)))|(^?.*(.*bnc\.(tar|tgz).*)))|(^?.*(.*datapipe.*)))|(^?.*(.*ADMw0rm.*)))|(^?.*(.*newnick.*)))|(^?.*(.*sniffit.*)))|(^?.*(.*neet\.(tar|tgz).*)))|(^?.*(.*\.\.\..*)))|(^?.*(.*ftpscan.txt.*)))|(^?.*(.*jcc.pdf.*)))|(^?.*(.*\.[Ff]rom.*)))|(^?.*(.*sshd\.(tar|tgz).*)))|(^?.*(.*\/rk7.*)))|(^?.*(.*rk7\..*)))|(^?.*(.*[aA][dD][oO][rR][eE][bB][sS][dD].*)))|(^?.*(.*[tT][aA][gG][gG][eE][dD].*)))|(^?.*(.*shv4\.(tar|tgz).*)))|(^?.*(.*lrk\.(tar|tgz).*)))|(^?.*(.*lyceum\.(tar|tgz).*)))|(^?.*(.*maxty\.(tar|tgz).*)))|(^?.*(.*rootII\.(tar|tgz).*)))|(^?.*(.*invader\.(tar|tgz).*))/
/usr/local/bro/policy/ftp.bro, line 48: run-time error: error
compiling pattern /(^?.*(.*\.rhosts))|(^?.*(.*\.forward))/
/usr/local/bro/policy/ftp.bro, line 51: run-time error: error
compiling pattern /^?.*([Ee][Xx][Ee][Cc].*)/
/usr/local/bro/policy/ftp.bro, line 63: run-time error: error
compiling pattern /^?.*(,0,0)/
/usr/local/bro/policy/ftp.bro, line 154: run-time error: error
compiling pattern /^?.*((\/|[A-Za-z]:[\\\/]).*)/
/usr/local/bro/policy/ftp.bro, line 349: run-time error: error
compiling pattern /^?.*([\x00-\x7f])/
/usr/local/bro/policy/ftp.bro, line 462: run-time error: error
compiling pattern /^?.*([Ee][Xx][Ee][Cc])/
/usr/local/bro/policy/ftp.bro, line 527: run-time error: error
compiling pattern /^?.*(\"([^\"]|\"\")*(\/|\\)([^\"]|\"\")*\")/
/usr/local/bro/policy/ftp.bro, line 545: run-time error: error
compiling pattern /^?.*(((\/)+([^\/]|\\\/)+)?((\/)+\.\.(\/)+))/
/usr/local/bro/policy/ftp.bro, line 555: run-time error: error
compiling pattern /^?.*((\/){2,})/
/usr/local/bro/policy/ftp.bro, line 700: run-time error: error
compiling pattern /^?.*([\x80-\xff]{3})/
/usr/local/bro/policy/ftp.bro, line 735: run-time error: error
compiling pattern /^?.*(USER|PASS|ACCT)/
/usr/local/bro/policy/portmapper.bro, line 310: run-time error: error
compiling pattern /^?.*(^\[)/
/usr/local/bro/policy/portmapper.bro, line 311: run-time error: error
compiling pattern /^?.*(\]$)/
/usr/local/bro/policy/login.bro, line 66: run-time error: error
compiling pattern
/((((((((((((((((((((((((((((((((^?.*(rewt))|(^?.*(eggdrop)))|(^?.*(\/bin\/eject)))|(^?.*(oir##t)))|(^?.*(ereeto)))|(^?.*((shell|xploit)_?code)))|(^?.*(execshell)))|(^?.*(ff\.core)))|(^?.*(unset[ \t]+(histfile|history|HISTFILE|HISTORY))))|(^?.*(neet\.tar)))|(^?.*(r0kk0)))|(^?.*(su[ \t]+(daemon|news|adm))))|(^?.*(\.\/clean)))|(^?.*(rm[ \t]+-rf[ \t]+secure)))|(^?.*(cd[ \t]+\/dev\/[a-zA-Z]{3})))|(^?.*(solsparc_lpset)))|(^?.*(\.\/[a-z]+[ \t]+passwd)))|(^?.*(\.\/bnc)))|(^?.*(bnc\.conf)))|(^?.*(\"\/bin\/ksh\")))|(^?.*(LAST STAGE OF DELIRIUM)))|(^?.*(SNMPXDMID_PROG)))|(^?.*(snmpXdmid for solaris)))|(^?.*(\"\/bin\/uname)))|(^?.*(gcc[ \t]+1\.c)))|(^?.*(>\/etc\/passwd)))|(^?.*(lynx[ \t]+-source[ \t]+.*(packetstorm|shellcode|linux|sparc))))|(^?.*(gcc.*\/bin\/login)))|(^?.*(#define NOP.*0x)))|(^?.*(printf\(\"overflowing)))|(^?.*(exec[a-z]*\(\"\/usr\/openwin)))|(^?.*(perl[
\t]+.*x.*[0-9][0-9][0-9][0-9])))|(^?.*(ping.*-s.*%d))/
/usr/local/bro/policy/login.bro, line 72: run-time error: error
compiling pattern /^?.*([ \t]*(cd|pushd|more|less|cat|vi|emacs|pine)[
\t]+((['"]?\.\.\.)|(["'](\.*)[ \t])))/
/usr/local/bro/policy/login.bro, line 75: run-time error: error
compiling pattern /^?.*(No such file or directory)/
/usr/local/bro/policy/login.bro, line 84: run-time error: error
compiling pattern /^?.*(.*loadmodule.*)/
/usr/local/bro/policy/login.bro, line 138: run-time error: error
compiling pattern
/(((((((((((((((((((((((((((((((((((((((((((((((((^?.*(^-r.s.*root.*\/bin\/(sh|csh|tcsh)))|(^?.*(Jumping to address)))|(^?.*(Jumping Address)))|(^?.*(smashdu\.c)))|(^?.*(PATH_UTMP)))|(^?.*(Log started at =)))|(^?.*(www\.anticode\.com)))|(^?.*(www\.uberhax0r\.net)))|(^?.*(smurf\.c by TFreak)))|(^?.*(Super Linux Xploit)))|(^?.*(^# \[root@)))|(^?.*(^-r.s.*root.*\/bin\/(time|sh|csh|tcsh|bash|ksh))))|(^?.*(invisibleX)))|(^?.*(PATH_(UTMP|WTMP|LASTLOG))))|(^?.*([0-9]{5,} bytes from)))|(^?.*((PATH|STAT):\ .*=>)))|(^?.*(----- \[(FIN|RST|DATA LIMIT|Timed Out)\])))|(^?.*(IDLE TIMEOUT)))|(^?.*(DATA LIMIT)))|(^?.*(-- TCP\/IP LOG --)))|(^?.*(STAT: (FIN|TIMED_OUT) )))|(^?.*((shell|xploit)_code)))|(^?.*(execshell)))|(^?.*(x86_bsd_compaexec)))|(^?.*(\\xbf\\xee\\xee\\xee\\x08\\xb8)))|(^?.*(Coded by James Seter)))|(^?.*(Irc Proxy v)))|(^?.*(Daemon port\.\.\.\.)))|(^?.*(BOT_VERSION)))|(^?.*(NICKCRYPT)))|(^?.*(\/etc\/\.core)))|(^?.*(exec.*\/bin\/newgrp)))|(^?.*(deadcafe)))|(^?.*([ \/]snap\.sh)))|(^?.*(Secure atime,ctime,mtime)))|(^?.*(Can\'t fix checksum)))|(^?.*(Promisc Dectection)))|(^?.*(ADMsn0ofID)))|(^?.*((cd \/; uname -a; pwd; id))))|(^?.*(drw0rm)))|(^?.*([Rr][Ee3][Ww][Tt][Ee3][Dd])))|(^?.*(rpc\.sadmin)))|(^?.*(AbraxaS)))|(^?.*(\[target\])))|(^?.*(ID_SENDSYN)))|(^?.*(ID_DISTROIT)))|(^?.*(by Mixter)))|(^?.*(rap(e?)ing.*using
weapons)))|(^?.*(spsiod)))|(^?.*([aA][dD][oO][rR][eE][bB][sS][dD]))/
/usr/local/bro/policy/login.bro, line 141: run-time error: error
compiling pattern /^?.*(.*Trojaning in progress.*)/
/usr/local/bro/policy/login.bro, line 147: run-time error: error
compiling pattern /((^?.*(^[!-~]*( ?)[#%$] ))|(^?.*(.*no job
control)))|(^?.*(WinGate>))/
/usr/local/bro/policy/login.bro, line 149: run-time error: error
compiling pattern /^?.*(^ *#.*#)/
/usr/local/bro/policy/login.bro, line 151: run-time error: error
compiling pattern /^?.*(VT666|007)/
/usr/local/bro/policy/irc.bro, line 60: run-time error: error
compiling pattern
/(((^?.*(.*etc\/shadow.*))|(^?.*(.*etc\/ldap.secret.*)))|(^?.*(.*phatbot.*)))|(^?.*(.*botnet.*))/
/usr/local/bro/policy/irc.bro, line 171: run-time error: error
compiling pattern /^?.*(.*:$)/
/usr/local/bro/policy/stepping.bro, line 75: run-time error: error
compiling pattern /(^?.*(^([Ll]ast +(successful)?
*login)))|(^?.*(^Last interactive login))/
/usr/local/bro/policy/stepping.bro, line 78: run-time error: error
compiling pattern /^?.*(\001)/
/usr/local/bro/policy/smtp.bro, line 19: run-time error: error
compiling pattern /^?.*(.*@.*lbl.gov)/
/usr/local/bro/policy/smtp.bro, line 22: run-time error: error
compiling pattern /^?.*(@)/
/usr/local/bro/policy/smtp.bro, line 84: run-time error: error
compiling pattern /^?.*(.*<.*@.*:.*>.*)/
/usr/local/bro/policy/smtp.bro, line 85: run-time error: error
compiling pattern /^?.*(.*<.*@.*:.*>.*)/
/usr/local/bro/policy/smtp.bro, line 86: run-time error: error
compiling pattern /^?.*(.*)/
/usr/local/bro/policy/smtp.bro, line 87: run-time error: error
compiling pattern /^?.*(.*)/
/usr/local/bro/policy/smtp.bro, line 88: run-time error: error
compiling pattern /^?.*(.*)/
/usr/local/bro/policy/smtp.bro, line 267: run-time error: error
compiling pattern /^?.*((<|:|>)*)/
/usr/local/bro/policy/smtp.bro, line 281: run-time error: error
compiling pattern /^?.*(<( |\t)*)/
/usr/local/bro/policy/smtp.bro, line 292: run-time error: error
compiling pattern /^?.*(( |\t)*>)/
/usr/local/bro/policy/smtp.bro, line 303: run-time error: error
compiling pattern /^?.*(:)/
/usr/local/bro/policy/notice-policy.bro, line 58: run-time error:
error compiling pattern /^?.*(Solaris listen service)/
/usr/local/bro/policy/notice-policy.bro, line 67: run-time error:
error compiling pattern /^?.*(.*\.(gif|GIF|png|PNG|jpg|JPG))/
/usr/local/bro/policy/brolite.bro, line 138: run-time error: error
compiling pattern /^?.*(.*exe)/
/usr/local/bro/policy/brolite.bro, line 138: run-time error: error
compiling pattern
/(^?.*(^?(.*exe)$?))|(^?.*((((^?(.*etc\/shadow.*)$?)|(^?(.*etc\/ldap.secret.*)$?))|(^?(.*phatbot.*)$?))|(^?(.*botnet.*)$?)))/
/usr/local/bro/bin/bro: problem with interface eth0 - pcap_open_live:
socket: Operation not permitted
... FAILED
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the Bro
mailing list