(code=exited, status=1/FAILURE) about endlessh HOT 19 OPEN

I had the same issue, you have to follow the instructions shown on the endlessh.service file:

## If you want Endlessh to bind on ports < 1024
## 1) run:
##     setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh
## 2) uncomment following line
#AmbientCapabilities=CAP_NET_BIND_SERVICE
## 3) comment following line
PrivateUsers=true

1. Run the command setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh
2. Uncomment AmbientCapabilities=CAP_NET_BIND_SERVICE
3. Comment PrivateUsers=true
4. Run systemctl daemon-reload
5. And finally systemctl restart endlessh

from endlessh.

OK, as found in #66 I had to comment out the line InaccessiblePaths=/run /var

from endlessh.

same here :\

from endlessh.

@justinamcafee yeah there is definitely a problem with it running at a port below 1024. If I change it to a port above it works fine.
I tried
setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh

but it still crashes.

Edit:
I got it working somehow. I rerouted port 22 with iptables to a port above 1024 where my endlessh was listening.
for the lazy ones:

iptables -t nat -A PREROUTING -p tcp -m tcp --dport 22 -j REDIRECT --to-ports PORT_OF_ENDLESSH

from endlessh.

I took @khalyomede's approach and made it work on Fedora 35 using the following steps:

1. Disable endlessh and remove it if you've installed it by building from source:

sudo systemctl stop endlessh.servic
sudo systemctl disable endlessh.service
sudo rm -rf /etc/endlessh
sudo rm /usr/local/bin/endlessh

2. Install from dnf repos and keep it disabled:

sudo dnf install endlessh
sudo systemctl stop endlessh.servic
sudo systemctl disable endlessh.service

3. Redirect all traffic from port 22 to 2222 or your desired port for endlessh.

sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 22 -j REDIRECT --to-ports PORT_OF_ENDLESSH

4. Create a new systemd service from @khalyomede's comment but add these extra lines:

# /lib/systemd/system/honeypot.service

[Unit]
Description="Overcome permission denied acces when starting endlessh service."

[Service]
User=root
Group=root
ExecStart=/usr/bin/endlessh

[Install]
WantedBy=multi-user.target

5. Enable the service and start it:

sudo systemctl enable honeypot.service
sudo systemctl start honeypot.service

6. Check status:

sudo systemctl status honeypot.service

from endlessh.

I am having same issue elastic_search is not working properly, I am going to install magento 2 using AWS and Ubuntu 20.04.
I am facing this issue with elastic search so please share proper solution with me.
I have tried other solutions provided but they didn't work for me. - https://prnt.sc/NkDAocyioHy0

from endlessh.

from endlessh.

Try with journalctl -u endlessh.service -b, that will provide the logs of the endlessh service for the last boot and try to find the error there. If you find the error you can try to fix whatever it complains about or you can paste it here and someone may help.

from endlessh.

from endlessh.

I followed this video
https://www.youtube.com/watch?v=SKhKNUo6rJU

from endlessh.

@tricsusz I have the same problem when I do everything like this video. I install on Debian apt install endlessh and try:
endlessh -p 22 to change port but it only add that port I think. I see:

tcp6       0      0 :::2222                 :::*                    LISTEN      17095/endlessh      
tcp6       0      0 :::22                   :::*                    LISTEN      17114/endlessh

and when I check in terminal I see endlessh working only with port 2222.
I cannot find that config file to change it manually.
Regards.

from endlessh.

@PrzemekSkw I guess you should create the following file manually: /etc/endlessh/config
The content of config file:
Port 22

I wasn't able to sort it out.. finally I decided to use endlessh inside a docker container. If you're familiar with docker, I can help you set it up.

from endlessh.

@tricsusz when I create that config file I have that failed service error.

from endlessh.

@tricsusz Hi, I try docker few times but always have problems to start apps with it. I could try if You want to help me? Do I have to apt purge endlessh from my Debian first?

from endlessh.

Depending on the version of linux you're using, you may need to set_cap on the endlessh binary to allow it to access ports below 1024.

Here's a very quick and dirty writeup: https://www.justinmcafee.com/2021/01/by-chris-wellens-githubskeeto-los.html

from endlessh.

from endlessh.

guys idk how but it works now fine

from endlessh.

for whatever reason, this does not work for me. I did all steps mentioned above, but to no avail.
Furthermore, it also does not work with port 2222.
Running it as root) on the shell works fine, but whatever I try with systemd, it does not.

cat /usr/lib/systemd/system/endlessh.service
[Unit]
Description=Endlessh SSH Tarpit
Documentation=man:endlessh(1)
Requires=network-online.target

[Service]
Type=simple
Restart=always
RestartSec=30
ExecStart=/usr/bin/endlessh
KillSignal=SIGTERM

# Stop trying to restart the service if it restarts too many times in a row
StartLimitInterval=5min
StartLimitBurst=4

StandardOutput=journal
StandardError=journal
StandardInput=null

PrivateTmp=true
PrivateDevices=true
ProtectSystem=full
ProtectHome=true
InaccessiblePaths=/run /var

## If you want Endlessh to bind on ports < 1024
## 1) run:
##     setcap 'cap_net_bind_service=+ep' /usr/bin/endlessh
## 2) uncomment following line
AmbientCapabilities=CAP_NET_BIND_SERVICE
## 3) comment following line

NoNewPrivileges=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target

and

getcap /usr/bin/endlessh
/usr/bin/endlessh cap_net_bind_service=ep

but:

systemctl status endlessh
● endlessh.service - Endlessh SSH Tarpit
     Loaded: loaded (/usr/lib/systemd/system/endlessh.service; disabled; vendor preset: disabled)
     Active: activating (auto-restart) (Result: exit-code) since Fri 2021-07-16 09:14:57 CEST; 2s ago
       Docs: man:endlessh(1)
    Process: 45121 ExecStart=/usr/bin/endlessh (code=exited, status=226/NAMESPACE)
   Main PID: 45121 (code=exited, status=226/NAMESPACE)
        CPU: 64ms

This is in a KVM virtual machine running ArchLinux. Could the KVM setup be the reason?

Any ideas?

from endlessh.

All the mentioned solutions did not work for me, as of in my Ubuntu server 20.04.

I had to create another hand-made service, "honeypot.service", with this content:

# /lib/systemd/system/honeypot.service

[Unit]
Description="Overcome permission denied acces when starting endlessh service."

[Service]
ExecStart=sudo endlessh

[Install]
WantedBy=multi-user.target

Then, I disabled endlessh service

sudo systemctl stop endlessh
sudo systemctl disable endlessh

Then change your SSH port for something else than 22

sudo vim /etc/ssh/sshd_config

Change the line that start with "Port 22".

Restart the ssh service

sudo systemctl restart ssh

Change your /etc/endlessh/config to put Port 22 instead of Port 2222 (so that bots will fall into the honeypot)

And start instead honeypot (that will listen to port 22)

sudo systemctl enable honeypot
sudo systemctl start honeypot

Check that it runs endlessh correctly:

sudo systemctl status honeypot

It should display something like this:

● honeypot.service - "Overcome permission denied acces when starting endlessh service."
     Loaded: loaded (/lib/systemd/system/honeypot.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2022-02-05 14:10:46 UTC; 23min ago
   Main PID: 7527 (sudo)
      Tasks: 2 (limit: 542)
     Memory: 1.0M
     CGroup: /system.slice/honeypot.service
             ├─7527 /usr/bin/sudo endlessh
             └─7528 endlessh

Feb 05 14:34:00 ip-172-31-46-108 sudo[7528]: 2022-02-05T14:34:00.917Z poll(1, 10000)
Feb 05 14:34:10 ip-172-31-46-108 sudo[7528]: 2022-02-05T14:34:10.927Z = 0
Feb 05 14:34:10 ip-172-31-46-108 sudo[7528]: 2022-02-05T14:34:10.927Z write(4) = 29

Hope it can help someone passing by

Special thanks to @aminairi for the huge help!

from endlessh.