Threat Level: green Handler on Duty: John Bambenek

SANS ISC: Beta Testers Wanted: Use a Raspberry Pi as a DShield Sensor - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Beta Testers Wanted: Use a Raspberry Pi as a DShield Sensor
damn ancient SD cards, im good, works perfectly.
TuggDougins

37 Posts
Had an issue with SDCARD so miss full details, however were struggling with iptables not being updated (/if-pre-up.d/dshield). Worked with rc.local AND changed to iptables-restore –c (was iptables-restore <)
Not an issue after new SDCARD, so didn’t want to open an issue on github.

What a great effort, thanks.

/Martin
martinboller

3 Posts
Just got it setup with an old RPIv1 I had laying around. I tested just to make sure I get some logs in /var/log/dshield.log and sure enough there are some iptables entries from my manual probes. Followed immdediately by some actual probes from unknown actors :) However, then I go to https://www.dshield.org/myreports.html to see if any of my data has been submitted, I don't see anything. How is the actual dshield data submitted and the job scheduled as I don't see any crontabs? Thanks!
Anonymous
Sometimes it's related to the SD card or the power-supply! Be sure to use a good one (class 10 or above).
Xme

419 Posts
ISC Handler
Have a look at /etc/cron.hourly/dshield

Had an interesting installation first with SDCARD issues where some things were there while others were not. So, as someone else have noted, worth trying with another card.

/Martin
martinboller

3 Posts
Does the RaspPi Sensor do IPv6? I can ping mine on its IPv6 address, but I don't see anything logged.
Jules

2 Posts
Quoting Anonymous:I have "+sans" in my email address for filtering purposes. The registration step in the shell script installer keeps balking at my ID and AuthKey, I'm guessing this is the reason. Anyone else have issues?


I'm also having the same issue, I think. I keep getting an invalid key error.
sully

2 Posts
Quoting Anonymous:I have "+sans" in my email address for filtering purposes. The registration step in the shell script installer keeps balking at my ID and AuthKey, I'm guessing this is the reason. Anyone else have issues?


I'm having the same issue. I keep getting a invalid key. I've tried changing my email address within my account but keep getting a enter current password, which I did several times. Buggy.
sully

2 Posts
I've installed Raspian twice from scratch now, updated, downloaded the image and ran the install script. Both times I've run into the following:

Added user cowrie
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
dshield/bin/install.sh: 297: [: -eq: unexpected operator

It wont' accept a new password and it won't take my pi password. Thoughts? Not really feeling all that motivated for a third try.
rck

1 Posts
just as a reminder: the best way to file bug reports is via github, which make it easier for me to respond to indivisual issues. github.com/DShield-ISC/dshield/…
Johannes

3368 Posts
ISC Handler
rck: this looks like an issue with the mysql setup. I will try to reproduce it.
Johannes

3368 Posts
ISC Handler
Is the APIKEY that is requested the same thing as the 'authkey' in myaccount' ?
When attempting a 'paste' into the 'dshield account information' 'api key' field, it exists out of the install.sh script.
bdmeyer

10 Posts
Did anyone ever figure this one out?

EDIT: authkey and apikey are the same.
I had a letter O that was a 0, couldn't tell till I changed fonts on a text editor and got the slash zero.
bdmeyer

10 Posts
Just press enter. root account doesn't have a password in debian, that's why we never have to enter a password after we use 'sudo'
(Or at least that's my story and I'm sticking to it)
bdmeyer

10 Posts
I saw data on the first day. Days 2 and three are not being submitted. I tested inbound and outbound and traffic is still occuring, just no more reports being submitted. Rebooted, same thing.
bdmeyer

10 Posts
I did not have this issue. are your using the correct ID/ API key from your account page? Mine worked like a charm.
Nicholas

1 Posts

Sign Up for Free or Log In to start participating in the conversation!