DShield Sensor Update

Published: 2023-05-14. Last Updated: 2023-05-14 16:51:43 UTC
by Guy Bruneau (Version: 1)
4 comment(s)

This week I was reminded the web logs stored in DShield sensor were no longer using the correct location and configuration. If like me you installed your DShield sensor several months ago, it is important to regularly check our DShield-ISC Github [2] site to check for any update. Last month, some of the scripts were updated. You can update the sensor by following these steps.

Inside your "dshield" directory (the directory created above when you run git clone), run

  • cd install/dshield
  • sudo git pull
  • sudo bin/install.sh --update

An important change in the lastest update is the weblog location and new naming convention:

Old Weblog Location - /srv/www/DB/webserver.sqlite
New Weblog Location - /srv/db/isc-agent.sqlite

DShield sensor Status and Configuration

Honeypot status: sudo /srv/dshield/status.sh
Honeypot configuration: sudo cat /etc/dshield.ini

[1] https://isc.sans.edu/tools/honeypot/
[2] https://github.com/DShield-ISC/dshield
[3] https://isc.sans.edu/diary/22680/

-----------
Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

Keywords: DShield Sensor Honeypot Logs
4 comment(s)
VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue

Comments

Login here to join the discussion.


Diary Archives