NOTE: This part is only needed when you are planning to use multiple honeypots along with IPVS in your setup. If you are only running honeypots on a single server, you can skip this part.
To solve the Martian “problem” that comes when using IP: Virtual Server to integrate Argos in the IDS system the kernel needs to be patched.
To solve the source based routing limit the kernel needs to be upgraded to 2.6.19 or higher.
apt-get install kernel-package libncurses5-dev fakeroot wget bzip2
Download the newest kernel sources at http://www.kernel.org
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.21.tar.bz2 tar xjf linux-2.6.21.tar.bz2 cd linux-2.6.21
Now to configure the kernel options:
Load the current kernel configuration. Choose 'Load an Alternate Configuration File' in the menu and fill in as location '/boot/config-2.6.xxx' in.
Now to integrate the IP: Virtual Server in the kernel. In the kernel 2.6.21 the options are located in: Networking > Networking support > Networking options > IP: Virtual Server Configuration
Mark all but debugging as 'built in', see the following image.
If there's nothing else that has to be changed choose “Exit' and save the configuration.
Note: If you are using iptables think about marking 'conntrack' in the netfilter configuration.
Download the corresponding patch file at: http://www.ssi.bg/~ja/#lvsgw
Download the version that's suitable for the kernel version that will be installed. In this case it will be 'forward_shared-2.6.21-2.diff' file.
Rename the file extension to .diff.
cd /usr/src/linux-2.6.21 wget http://www.ssi.bg/~ja/forward_shared-2.6.21-2.diff
Install the patch:
cat forward_shared-2.6.21-2.diff | patch -p1
make-kpkg clean fakeroot make-kpkg --initrd --revision=lvs.dr.patch.1.0 kernel_image
Now the dpkg package is ready install with:
cd /usr/src dpkg -i linux-image-2.6.21_lvs.dr.patch.1.0_i386.deb
Reboot the tunnel server and check if the patch is applied succesfully:
uname -a Linux director 2.6.21 #1 [...] i686 GNU/Linux cat /proc/sys/net/ipv4/conf/all/forward_shared 0
If the last command gives the error: 'No such file or directory' the patch isn't applied succesfully.
The kernel is now upgraded and succesfully patched