Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
kismet 2009
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
queen
Veteran
Veteran


Joined: 19 Jul 2005
Posts: 1626

PostPosted: Sat Oct 10, 2009 4:26 pm    Post subject: kismet 2009 Reply with quote

I am trying to use the new kismet 2009-06-R1.
There are a couple of problems with this ebuild.

when opening the tar.gz and reading the readme they write
Quote:
* Install Kismet with either "make install" or "make suidinstall".
YOU MUST READ THE "SUID INSTALLATION & SECURITY" SECTION OF THE
README OR YOUR SYSTEM MAY BE INSECURE.
* If you have installed Kismet as suid-root, add your user to the "kismet" group


Quote:

4. Suidroot & Security

In order to configure the wireless card for monitor mode and start
capturing packets, Kismet needs root access. There are two ways to
accomplish this: Start Kismet as root, or install it so that the
control components are set to start as root.

Starting Kismet as root means that Kismet will continue running as root.
In theory this presents no additional risk, however if there are any
flaws in the Kismet packet dissection code then it may be possible for a
malicious packet to cause code execution as root. Additionally,
third-party plugins will run as root, and may not be secure.

Installing Kismet as suid-root creates a limited-functionality binary
(kismet_capture) which is only launchable by members of the "kismet"
group. Kismet uses this to configure cards and control the channels,
while packet decoding happens only in the user component, significantly
limiting the attack surface.

Distributions are strongly encouraged to use this method as it allows
standard group controls for what users can use Kismet to change card
states.

Embedded systems typically have much less storage space and RAM, and
often do not enforce user/root separation as strictly due to these
limitations. On embedded systems, Kismet may be installed without the
kismet_capture binary and run in root mode only, however the above
risks still apply.

Under no situation should the kismet_server binary itself be set
suidroot as this will bypass any security checks.


If I try to use
Code:
ebuild kismet-2009.06.1.ebuild compile

it tries to use make and make install and not make suidinstall, which is advised in the README.

the 2nd problem is that it complains about old mac80211 and nls. However I use the almost latest kernel 2.6.30-r1.

Here is some of the output that I get when I try the ebuild compile method:
Code:


checking for libnl20... no
checking for libnl1... yes
checking For mac80211 support in netlink library... libnl detected but no support for mac80211 your kernel is probably too old for mac80211 or nl80211 upgrade your kernel then reinstall the latest netlink to get mac80211 support.
configure: creating ./config.status
config.status: creating Makefile
config.status: WARNING:  'Makefile.in' seems to ignore the --datarootdir setting
config.status: creating scripts/kismet
config.status: creating extra/buzzme/Makefile
config.status: WARNING:  'extra/buzzme/Makefile.in' seems to ignore the --datarootdir setting
config.status: creating extra/Makefile
config.status: WARNING:  'extra/Makefile.in' seems to ignore the --datarootdir setting
config.status: creating conf/kismet.conf
config.status: creating config.h

Configuration complete:
         Compiling for: linux-gnu (i686)
           C++ Library: stdc++
   Installing as group: root
    Man pages owned by: man
       Installing into: /usr
          Setuid group: kismet
      Terminal Control: ncurses
   Linux WEXT capture : yes
   OSX/Darwin capture : n/a (only OSX/Darwin)
   PCRE Regex Filters : yes
          pcap capture: yes
       airpcap control: n/a (only Cygwin/Win32)
        PPI log format: yes
   Capability Dropping: yes
         Linux Netlink: no (will not be able to make mac80211 vaps)

Configuration complete.  Run 'make dep' to generate dependencies
and 'make' followed by 'make install' to compile and install.


Will there be an ebuild that will solve these issues in the near future?
how the problems of mac80211 and nls can be solved?
The security issue of make --suidinstall can be solved only by opening the tar.gz and use make, make --suidinstall and not via the ebuild mechanism?
Back to top
View user's profile Send private message
cwr
Veteran
Veteran


Joined: 17 Dec 2005
Posts: 1968

PostPosted: Sun Oct 11, 2009 2:36 pm    Post subject: Reply with quote

I built the new Kismet as soon as it came out, in order to get it running with
a mac80211 source, before the ebuild was available. I haven't tried the ebuild
but Kismet built ok from scratch, and reads a mac80211 source without problems,
on a 2.6.30 kernel.

What's it complaining about, as far as mac is concerned?

Will
Back to top
View user's profile Send private message
pilla
Administrator
Administrator


Joined: 07 Aug 2002
Posts: 7693
Location: Pelotas, BR

PostPosted: Sun Oct 11, 2009 3:04 pm    Post subject: Reply with quote

Not in the tree, moved from Networking & Security to Unsupported Software.
_________________
"I'm just very selective about the reality I choose to accept." -- Calvin
Back to top
View user's profile Send private message
queen
Veteran
Veteran


Joined: 19 Jul 2005
Posts: 1626

PostPosted: Mon Oct 12, 2009 11:20 am    Post subject: Reply with quote

cwr wrote:
I built the new Kismet as soon as it came out, in order to get it running with
a mac80211 source, before the ebuild was available. I haven't tried the ebuild
but Kismet built ok from scratch, and reads a mac80211 source without problems,
on a 2.6.30 kernel.

What's it complaining about, as far as mac is concerned?

Will


about mac80211 it says
Code:
checking For mac80211 support in netlink library... libnl detected but no support for mac80211 your kernel is probably too old for mac80211 or nl80211 upgrade your kernel then reinstall the latest netlink to get mac80211 support.


but that is if I try as ebuild taken from bugzilla site.
I will try to open the tar.gz and build it as they say in the README. It's more logical to do it this way.
you put it in /usr/local/bin or in other place?
Back to top
View user's profile Send private message
cwr
Veteran
Veteran


Joined: 17 Dec 2005
Posts: 1968

PostPosted: Mon Oct 12, 2009 7:11 pm    Post subject: Reply with quote

Well, there were problems with the Bugzilla ebuild - I think I put a note there
mentioning them. As I said, I built kismet from scratch and installed it by
hand, so that everything was where it should be when the ebuild was finally
put in the tree. I can't recall much about it, except that it was straightforward,
but I see from my notes that I had to re-emerge libnl at about that time, to
match the current kernel configuration. That might be something to try if
things don't go well.

Good luck - Will
Back to top
View user's profile Send private message
queen
Veteran
Veteran


Joined: 19 Jul 2005
Posts: 1626

PostPosted: Mon Oct 12, 2009 8:32 pm    Post subject: Reply with quote

cwr wrote:
Well, there were problems with the Bugzilla ebuild - I think I put a note there
mentioning them. As I said, I built kismet from scratch and installed it by
hand, so that everything was where it should be when the ebuild was finally
put in the tree. I can't recall much about it, except that it was straightforward,
but I see from my notes that I had to re-emerge libnl at about that time, to
match the current kernel configuration. That might be something to try if
things don't go well.

Good luck - Will


I installed kismet 2009.
I have the following errors:
1. during install it still complained about mac80211 and libnl. See the exact error in the first post.
2. I ran make, make suidinstall.
3. I extracted kismet in home directory. from there I compiled it, added myself to kismet group.
4. When I tried to run kismet as user (as they claim in the readme, not to run it as root) I get error.
Code:

 kismet
Launching kismet_server: /usr/bin/kismet_server
Will drop privs to queen (1001) gid 1001
FATAL:  Unable to set up pidfile /var/run//kismet_server.pid, unlink() failed: Permission denied
Done.

5. changing to root, it and staying in the kismet-2009 directory and running kismet, it actually launches kismet 2008. How can I solve this problem. Can you please tell me where I am supposed to put kismet 2009 so that it will use kismet 2009.
Back to top
View user's profile Send private message
cwr
Veteran
Veteran


Joined: 17 Dec 2005
Posts: 1968

PostPosted: Tue Oct 13, 2009 12:13 pm    Post subject: Reply with quote

Which binary gets launched depends on your path; try 'which kismet' at a
prompt to see which kismet is being found, and relabel that one to kismet.one
or kismet.2008 or whatever. You may have to rename it's associated binaries
as well, and note that the /etc/kismet.conf for kismet.2009 is very different
from the conf file for 2008.

The complaint about the pid file just means that the /var/run directory permissions
don't allow a user to open a file; try setting them to 777, which is probably too loose,
but which will work.

At a guess the mac80211 complaints are a problem with the kernel configuration,
but I don't know what.

Will
Back to top
View user's profile Send private message
brain salad surgery
Apprentice
Apprentice


Joined: 21 Apr 2004
Posts: 216

PostPosted: Wed Oct 14, 2009 10:23 pm    Post subject: Reply with quote

could you send the link to the latest kismet ebuild (new core) ?

also, if stable, would it be possible to add the kismet-lorcon plugin to
support packet injection using the same monitoring card ?

http://802.11ninja.net/lorcon/

I can't wait for a working ebuild...
anyone is aware if kernel 2.6.28.9 would be ok or if I'd need to upgrade ?

thanks anyways !
Back to top
View user's profile Send private message
queen
Veteran
Veteran


Joined: 19 Jul 2005
Posts: 1626

PostPosted: Sun Oct 18, 2009 9:01 pm    Post subject: Reply with quote

brain salad surgery wrote:
could you send the link to the latest kismet ebuild (new core) ?

also, if stable, would it be possible to add the kismet-lorcon plugin to
support packet injection using the same monitoring card ?

http://802.11ninja.net/lorcon/

I can't wait for a working ebuild...
anyone is aware if kernel 2.6.28.9 would be ok or if I'd need to upgrade ?

thanks anyways !


I read the web site. Looks very good. The ebuild appears in bugzilla. Strange place. It didn't work for me. So I downloaded the tar.gz from the web site. Even the tar.gz doesn't work for me yet. (this one I believe it's my mistake).
I will be glad to see lorcon plugin in kismet and also see support for 802.11n which the tar.g doesn't support yet.

https://bugs.gentoo.org/show_bug.cgi?id=273825 this is the link from where I took it first time.
http://www.kismetwireless.net/download.shtml the regular one
Back to top
View user's profile Send private message
queen
Veteran
Veteran


Joined: 19 Jul 2005
Posts: 1626

PostPosted: Sun Oct 18, 2009 9:09 pm    Post subject: Reply with quote

cwr wrote:
Which binary gets launched depends on your path; try 'which kismet' at a
prompt to see which kismet is being found, and relabel that one to kismet.one
or kismet.2008 or whatever. You may have to rename it's associated binaries
as well, and note that the /etc/kismet.conf for kismet.2009 is very different
from the conf file for 2008.

The complaint about the pid file just means that the /var/run directory permissions
don't allow a user to open a file; try setting them to 777, which is probably too loose,
but which will work.

At a guess the mac80211 complaints are a problem with the kernel configuration,
but I don't know what.

Will


I unmerged kismet from portage and remained with the one that I downloaded from kismetwireless web site.
So, which kismet gives nothing.
Code:
whereis kismet
kismet: /etc/kismet.conf /usr/local/bin/kismet /usr/local/etc/kismet.conf


checking the files above, I see version 2005. very old. I wonder how it remained there.
I have kernel 2.6.30-r1. which kernel you have? and how the mac80211 is set in your kernel? It is very weird.

Could it be that opening the tar.gz in home dir didn't create the bin file and the right /etc/kismet.conf?
In which directory you installed kismet?
Back to top
View user's profile Send private message
cwr
Veteran
Veteran


Joined: 17 Dec 2005
Posts: 1968

PostPosted: Mon Oct 19, 2009 9:09 am    Post subject: Reply with quote

The package I downloaded from the kismet site was a _source_ package,
so if you've got the same one you need to unpack it somewhere, change
to that directory, and run "./configure && make". If the package builds
correctly, then switch to root and run "make install". That should get you
a kismet binary (you could test it from the build directory before installing
it if you wanted to), but it does nothing for your kernel setup. I'm not sure
how to help you there; I just set the MAC80211 configs that seemed relevant.

Will
Back to top
View user's profile Send private message
queen
Veteran
Veteran


Joined: 19 Jul 2005
Posts: 1626

PostPosted: Mon Oct 19, 2009 5:40 pm    Post subject: Reply with quote

cwr wrote:
The package I downloaded from the kismet site was a _source_ package,
so if you've got the same one you need to unpack it somewhere, change
to that directory, and run "./configure && make". If the package builds
correctly, then switch to root and run "make install". That should get you
a kismet binary (you could test it from the build directory before installing
it if you wanted to), but it does nothing for your kernel setup. I'm not sure
how to help you there; I just set the MAC80211 configs that seemed relevant.

Will


this is exactly what I did. It created for you a new /etc/kismet.conf that belongs to version 2009?
I will check again.
Back to top
View user's profile Send private message
queen
Veteran
Veteran


Joined: 19 Jul 2005
Posts: 1626

PostPosted: Tue Nov 03, 2009 5:00 pm    Post subject: Reply with quote

Sorry for the late reply. I checked again today and couldn't find /etc/kismet.conf for verison 2009.

Kismet was installed in /usr/local/bin/kismet.
There is a kismet.conf file there. Should it have been in /etc/kismet.conf?

I manage to launch kismet now, but I have to specify the whole path /usr/local/bin/kismet/kismet.
Will add it to the path.
Back to top
View user's profile Send private message
cwr
Veteran
Veteran


Joined: 17 Dec 2005
Posts: 1968

PostPosted: Wed Nov 04, 2009 4:49 pm    Post subject: Reply with quote

The ebuild will install kismet.conf for you; I don't know if the standard install
will, tho' I'd expect it to. You may have to dig through the package and copy
the new kismet.conf across to /etc (/local/etc?) yourself.

Will
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum