Any help?

from tpotce.

Hi, Hard to tell from remote. The ubuntu base is tried to feth from time to time new images, therefore after this timeframe everything
should have self healed. Please restart the host, hopefully this helps. Best wishes Markus

from tpotce.

I did restart both VM and host machine but to no avail. Following best practices, I just loaded up a snapshot where everything was working fine. The error is quite strange as I did nothing that might have damaged the system. It was just running

from tpotce.

I am getting the same error when I load I have no idea why it seems to be related with dionaea only

from tpotce.

I tried to pull the latest image using sudo docker pull dionaea. This resulted in an error: image/library dionaea not found

from tpotce.

I am assuming you are not running the VM 24/7? These steps are done automatically every night.
You should clean up first sudo dcres.sh
If you want to pull an image you need the correct name i.e. sudo docker pull dtagdevsec/dionaea:latest1603
If you are unsure why a container does not work properly you can i.e. sudo cat /var/log/upstart/dionaea.log or check its logs in /data/.
In order to help you properly please always provide information we can work with, i.e. the aforementioned log files, screenshots, etc.

from tpotce.

I did the cat command and this is what I got

from tpotce.

When I try to run dcres.sh the terminal outputs waiting for services or that I have to wait for 5 minutes of uptime before I can run the command

from tpotce.

I managed to run the dcres.sh script and it stopped running presumably when it had to restart dionaea again as you can see

from tpotce.

I left the VM alone maybe it was just taking some time but then decided to stop the dces.sh script and it was at that time that the Waiting for services ... was happening again.

from tpotce.

Yesterday I loaded a snapshot of the system when dionaea was working and now I loaded the changed state of the snapshot and dionaea is not working. Giving me the prompt as shown above

from tpotce.

regarding the dcres.sh, apart from getting stuck after cowrie starts running, before it says "docker rmi requires a minimum of 1 argument"

from tpotce.

The error message regarding 1 argument is fine and means that there is no obsolete image to delete.
dcres.sh will only run 5 minutes after reboot, the waiting for services is the result of the machine trying to revive the dionaea container.
From the looks of your screenshot tcp/445 is already in use and thus docker cannot bring the dionaea container online.

Run the following commands and post the outputs as text:

sudo netstat -anp | grep 445
sudo docker images
sudo cat /etc/init/dionaea.conf
sudo cat /data/upstart/dionaea.conf
sudo cat /etc/crontab
sudo docker ps -a
sudo docker -v
sudo cat /var/log/upstart/dionaea.log
sudo cat /var/log/
sudo status.sh
sudo ls -al /data/dionaea/
sudo ls -al /data/
sudo iptables -L
sudo lshw
sudo lscpu
sudo cat /proc/meminfo
sudo free -m
sudo swapon -s
sudo lsb_release -a
sudo uname -a
sudo fdisk -l
sudo blkid
sudo lsblk
sudo df -HT
sudo netstat -tulpn

Did you install any packages?
Did you run any other containers?
Did you make any changes to config / system files?
Did you change file permissions in /data or subfolders or anywhere else?

If we want to get a hold on what is going on please do not make any changes to the vm we are investigating.

from tpotce.

sudo netstat -anp | grep 445

tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 566/smbd
tcp6 0 0 :::445 :::* LISTEN 566/smbd
unix 2 [ ] STREAM CONNECTED 265445 802/docker /var/run/docker.sock
unix 2 [ ] STREAM CONNECTED 444452 802/docker /var/run/docker.sock
unix 2 [ ] STREAM CONNECTED 445131 802/docker /var/run/docker.sock
unix 2 [ ] STREAM CONNECTED 214455 802/docker /var/run/docker.sock
unix 2 [ ] STREAM CONNECTED 445370 802/docker /var/run/docker.sock
unix 2 [ ] STREAM CONNECTED 127445 802/docker /var/run/docker.sock
unix 2 [ ] STREAM CONNECTED 304445 802/docker /var/run/docker.sock

sudo docker images

REPOSITORY TAG IMAGE ID CREATED SIZE
dtagdevsec/elk latest1603 d66c44e14bbb 3 weeks ago 1.01 GB
dtagdevsec/honeytrap latest1603 ed3c466639f1 4 weeks ago 433.8 MB
dtagdevsec/elasticpot latest1603 6dfaf59045f6 4 weeks ago 281.2 MB
dtagdevsec/dionaea latest1603 84ef65ca61e8 4 weeks ago 347.6 MB
dtagdevsec/suricata latest1603 949075023558 4 weeks ago 374.8 MB
dtagdevsec/glastopf latest1603 9a567b4c0fba 4 weeks ago 617.8 MB
dtagdevsec/cowrie latest1603 6e72c1d874fe 4 weeks ago 462.9 MB

sudo cat etc/init/dionaea.conf

########################################################

T-Pot

Dionaea upstart script

v16.03.6 by mo, DTAG, 2016-03-03

########################################################

description "Dionaea"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script

Remove any existing dionaea containers

myCID=$(docker ps -a | grep dionaea | awk '{ print $1 }')
if [ "$myCID" != "" ];
then docker rm -v $myCID;
fi

Remove any data from previous container if persistence is not enabled

if ! [ -f /data/persistence.on ];
then
rm -rf /data/dionaea/* || true
rm /data/ews/dionaea/ews.json || true
mkdir -p /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/wwwroot
chmod 760 /data/dionaea -R
chown tpot:tpot /data/dionaea -R
fi
end script
script
/usr/bin/docker run --name dionaea --cap-add=NET_BIND_SERVICE --rm=true -p 21:21 -p 42:42 -p 8081:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 3306:3306 -p 5060:5060 -p 5061:5061 -p 69:69/udp -p 5060:5060/udp -v /data/dionaea:/data/dionaea -v /data/ews:/data/ews dtagdevsec/dionaea:latest1603
end script
post-start script

Delay next start to avoid rapid respawning

sleep 2
end script

sudo cat /data/upstart/dionaea.conf

########################################################

T-Pot

Dionaea upstart script

v16.03.6 by mo, DTAG, 2016-03-03

########################################################

description "Dionaea"
author "mo"
start on started docker and filesystem
stop on runlevel [!2345]
respawn
pre-start script

Remove any existing dionaea containers

myCID=$(docker ps -a | grep dionaea | awk '{ print $1 }')
if [ "$myCID" != "" ];
then docker rm -v $myCID;
fi

Remove any data from previous container if persistence is not enabled

if ! [ -f /data/persistence.on ];
then
rm -rf /data/dionaea/* || true
rm /data/ews/dionaea/ews.json || true
mkdir -p /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/wwwroot
chmod 760 /data/dionaea -R
chown tpot:tpot /data/dionaea -R
fi
end script
script
/usr/bin/docker run --name dionaea --cap-add=NET_BIND_SERVICE --rm=true -p 21:21 -p 42:42 -p 8081:80 -p 135:135 -p 443:443 -p 445:445 -p 1433:1433 -p 3306:3306 -p 5060:5060 -p 5061:5061 -p 69:69/udp -p 5060:5060/udp -v /data/dionaea:/data/dionaea -v /data/ews:/data/ews dtagdevsec/dionaea:latest1603
end script
post-start script

Delay next start to avoid rapid respawning

sleep 2
end script

sudo cat /etc/crontab

/etc/crontab: system-wide crontab

Unlike any other crontab you don't have to run the `crontab'

command to install the new version when you edit this file

and files in /etc/cron.d. These files also have username fields,

that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

m h dom mon dow user command

17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )

Show running containers every 60s via /dev/tty2

*/2 * * * * root status.sh > /dev/tty2

Check if containers and services are up

*/5 * * * * root check.sh

Check if updated images are available and download them

27 1 * * * root for i in $(cat /data/images.conf); do docker pull dtagdevsec/$i:latest1603; done

Restart docker service and containers

27 3 * * * root dcres.sh

Delete elastic indices older than 90 days (kibana index is omitted by default)

27 4 * * * root docker exec elk bash -c '/usr/local/bin/curator --host 127.0.0.1 delete indices --older-than 90 --time-unit days --timestring '%Y.%m.%d''

Update IP and erase check.lock if it exists

27 15 * * * root /etc/rc.local

Check for updated packages every sunday, upgrade and reboot

27 16 * * 0 root apt-get autoclean -y; apt-get autoremove -y; apt-get update -y; apt-get upgrade -y; sleep 5; reboot

sudo docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bc60a01d67e1 dtagdevsec/cowrie:latest1603 "/usr/bin/supervisord" About an hour ago Up About an hour 0.0.0.0:22->2222/tcp cowrie
62b980792537 dtagdevsec/honeytrap:latest1603 "/usr/bin/supervisord" About an hour ago Up About an hour honeytrap
d45528d0e5ce dtagdevsec/glastopf:latest1603 "/usr/bin/supervisord" About an hour ago Up About an hour 0.0.0.0:80->80/tcp glastopf
27066acece87 dtagdevsec/elasticpot:latest1603 "/usr/bin/supervisord" About an hour ago Up About an hour 0.0.0.0:9200->9200/tcp elasticpot
1aaa8baf2a56 dtagdevsec/suricata:latest1603 "/usr/bin/supervisord" About an hour ago Up About an hour suricata
64a50b3e61d8 dtagdevsec/elk:latest1603 "/usr/bin/supervisord" About an hour ago Up About an hour 127.0.0.1:64296->8080/tcp elk

sudo docker -v

Docker version 1.10.3, build 20f81dd

sudo cat /var/log/upstart/dionaea.log

rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
2016-03-15 13:57:22,139 CRIT Supervisor running as root (no user in config file)
2016-03-15 13:57:22,139 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2016-03-15 13:57:22,154 INFO RPC interface 'supervisor' initialized
2016-03-15 13:57:22,154 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-15 13:57:22,154 INFO supervisord started with pid 1
2016-03-15 13:57:23,156 INFO spawned: 'ewsposter' with pid 9
2016-03-15 13:57:23,157 INFO spawned: 'dionaea' with pid 10
2016-03-15 13:57:24,377 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-15 13:57:24,377 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
030dbae6f83e
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
2016-03-15 22:12:27,987 CRIT Supervisor running as root (no user in config file)
2016-03-15 22:12:27,988 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2016-03-15 22:12:28,007 INFO RPC interface 'supervisor' initialized
2016-03-15 22:12:28,007 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-15 22:12:28,008 INFO supervisord started with pid 1
2016-03-15 22:12:29,009 INFO spawned: 'ewsposter' with pid 9
2016-03-15 22:12:29,010 INFO spawned: 'dionaea' with pid 10
2016-03-15 22:12:30,219 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-15 22:12:30,220 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-15 22:21:42,273 WARN received SIGTERM indicating exit request
69d5a644ee6d
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
2016-03-16 10:25:21,968 CRIT Supervisor running as root (no user in config file)
2016-03-16 10:25:21,968 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2016-03-16 10:25:21,997 INFO RPC interface 'supervisor' initialized
2016-03-16 10:25:21,999 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-16 10:25:21,999 INFO supervisord started with pid 1
2016-03-16 10:25:23,004 INFO spawned: 'ewsposter' with pid 10
2016-03-16 10:25:23,005 INFO spawned: 'dionaea' with pid 11
2016-03-16 10:25:24,136 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-16 10:25:24,136 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
c31ff769dc2f
2016-03-16 17:39:58,256 CRIT Supervisor running as root (no user in config file)
2016-03-16 17:39:58,256 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2016-03-16 17:39:58,273 INFO RPC interface 'supervisor' initialized
2016-03-16 17:39:58,273 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-16 17:39:58,273 INFO supervisord started with pid 1
2016-03-16 17:39:59,275 INFO spawned: 'ewsposter' with pid 9
2016-03-16 17:39:59,276 INFO spawned: 'dionaea' with pid 10
2016-03-16 17:40:00,461 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-16 17:40:00,461 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
6382e3d38680
2016-03-16 19:12:14,321 CRIT Supervisor running as root (no user in config file)
2016-03-16 19:12:14,322 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2016-03-16 19:12:14,339 INFO RPC interface 'supervisor' initialized
2016-03-16 19:12:14,339 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-16 19:12:14,340 INFO supervisord started with pid 1
2016-03-16 19:12:15,341 INFO spawned: 'ewsposter' with pid 9
2016-03-16 19:12:15,342 INFO spawned: 'dionaea' with pid 10
2016-03-16 19:12:16,444 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-16 19:12:16,444 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-16 20:17:57,119 WARN received SIGTERM indicating exit request
4e10dde0a789
2016-03-17 17:40:52,627 CRIT Supervisor running as root (no user in config file)
2016-03-17 17:40:52,627 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2016-03-17 17:40:52,655 INFO RPC interface 'supervisor' initialized
2016-03-17 17:40:52,655 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-17 17:40:52,655 INFO supervisord started with pid 1
2016-03-17 17:40:53,658 INFO spawned: 'ewsposter' with pid 9
2016-03-17 17:40:53,658 INFO spawned: 'dionaea' with pid 10
2016-03-17 17:40:54,799 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-17 17:40:54,799 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-18 00:36:35,824 WARN received SIGTERM indicating exit request
2016-03-18 00:36:35,852 INFO waiting for ewsposter, dionaea to die
2016-03-18 08:19:25,467 CRIT Supervisor running as root (no user in config file)
2016-03-18 08:19:25,467 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2016-03-18 08:19:25,489 INFO RPC interface 'supervisor' initialized
2016-03-18 08:19:25,489 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-18 08:19:25,489 INFO supervisord started with pid 1
2016-03-18 08:19:26,491 INFO spawned: 'ewsposter' with pid 10
2016-03-18 08:19:26,491 INFO spawned: 'dionaea' with pid 11
2016-03-18 08:19:27,695 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-18 08:19:27,695 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-18 09:51:44,819 WARN received SIGTERM indicating exit request
a151bc9ba6da
2016-03-18 18:53:03,695 CRIT Supervisor running as root (no user in config file)
2016-03-18 18:53:03,695 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2016-03-18 18:53:03,720 INFO RPC interface 'supervisor' initialized
2016-03-18 18:53:03,720 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-18 18:53:03,720 INFO supervisord started with pid 1
2016-03-18 18:53:04,722 INFO spawned: 'ewsposter' with pid 9
2016-03-18 18:53:04,723 INFO spawned: 'dionaea' with pid 10
2016-03-18 18:53:05,833 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-18 18:53:05,833 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-18 21:57:29,037 WARN received SIGTERM indicating exit request
2016-03-18 21:57:29,037 INFO waiting for ewsposter, dionaea to die
2016-03-18 21:57:29,070 WARN received SIGTERM indicating exit request
2016-03-19 10:19:10,955 CRIT Supervisor running as root (no user in config file)
2016-03-19 10:19:10,955 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2016-03-19 10:19:10,972 INFO RPC interface 'supervisor' initialized
2016-03-19 10:19:10,972 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-19 10:19:10,972 INFO supervisord started with pid 1
2016-03-19 10:19:11,974 INFO spawned: 'ewsposter' with pid 9
2016-03-19 10:19:11,976 INFO spawned: 'dionaea' with pid 10
2016-03-19 10:19:13,203 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-19 10:19:13,203 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-19 15:09:21,686 WARN received SIGTERM indicating exit request
2016-03-19 15:09:21,710 INFO waiting for ewsposter, dionaea to die
2016-03-20 11:06:49,991 CRIT Supervisor running as root (no user in config file)
2016-03-20 11:06:49,991 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2016-03-20 11:06:50,019 INFO RPC interface 'supervisor' initialized
2016-03-20 11:06:50,019 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-20 11:06:50,020 INFO supervisord started with pid 1
2016-03-20 11:06:51,021 INFO spawned: 'ewsposter' with pid 12
2016-03-20 11:06:51,022 INFO spawned: 'dionaea' with pid 13
2016-03-20 11:06:52,105 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-20 11:06:52,105 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-20 15:27:15,451 WARN received SIGTERM indicating exit request
2016-03-20 15:27:15,468 INFO waiting for ewsposter, dionaea to die
2016-03-20 15:27:15,548 INFO stopped: dionaea (exit status 0)
2016-03-20 15:27:15,548 CRIT reaped unknown pid 14)
2016-03-20 15:27:15,550 INFO stopped: ewsposter (terminated by SIGTERM)
Error deleting container: An error occurred trying to connect: EOF
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
docker: Cannot connect to the Docker daemon. Is the docker daemon running on this host?.
See '/usr/bin/docker run --help'.
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
2016-03-20 15:27:22,672 CRIT Supervisor running as root (no user in config file)
2016-03-20 15:27:22,672 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2016-03-20 15:27:22,683 INFO RPC interface 'supervisor' initialized
2016-03-20 15:27:22,683 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-20 15:27:22,683 INFO supervisord started with pid 1
2016-03-20 15:27:23,685 INFO spawned: 'ewsposter' with pid 9
2016-03-20 15:27:23,686 INFO spawned: 'dionaea' with pid 10
2016-03-20 15:27:24,706 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-20 15:27:24,711 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-20 15:27:26,661 WARN received SIGTERM indicating exit request
2016-03-20 15:27:26,661 INFO waiting for ewsposter, dionaea to die
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
2016-03-20 15:27:41,603 CRIT Supervisor running as root (no user in config file)
2016-03-20 15:27:41,603 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2016-03-20 15:27:41,627 INFO RPC interface 'supervisor' initialized
2016-03-20 15:27:41,628 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-20 15:27:41,628 INFO supervisord started with pid 1
2016-03-20 15:27:42,630 INFO spawned: 'ewsposter' with pid 9
2016-03-20 15:27:42,630 INFO spawned: 'dionaea' with pid 10
2016-03-20 15:27:43,747 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-20 15:27:43,747 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-20 15:41:15,337 WARN received SIGTERM indicating exit request
2016-03-20 15:41:15,337 INFO waiting for ewsposter, dionaea to die
2016-03-20 15:41:15,341 WARN received SIGTERM indicating exit request
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
2016-03-20 21:00:36,897 CRIT Supervisor running as root (no user in config file)
2016-03-20 21:00:36,897 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2016-03-20 21:00:36,923 INFO RPC interface 'supervisor' initialized
2016-03-20 21:00:36,923 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-20 21:00:36,923 INFO supervisord started with pid 1
2016-03-20 21:00:37,925 INFO spawned: 'ewsposter' with pid 9
2016-03-20 21:00:37,926 INFO spawned: 'dionaea' with pid 10
2016-03-20 21:00:39,039 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-20 21:00:39,039 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-20 21:30:02,420 CRIT Supervisor running as root (no user in config file)
2016-03-20 21:30:02,420 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2016-03-20 21:30:02,450 INFO RPC interface 'supervisor' initialized
2016-03-20 21:30:02,450 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-20 21:30:02,450 INFO supervisord started with pid 1
2016-03-20 21:30:03,453 INFO spawned: 'ewsposter' with pid 9
2016-03-20 21:30:03,455 INFO spawned: 'dionaea' with pid 10
2016-03-20 21:30:04,656 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-20 21:30:04,656 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-20 21:36:43,484 WARN received SIGTERM indicating exit request
2016-03-20 21:36:43,484 INFO waiting for ewsposter, dionaea to die
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
2016-03-21 09:44:19,607 CRIT Supervisor running as root (no user in config file)
2016-03-21 09:44:19,607 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2016-03-21 09:44:19,635 INFO RPC interface 'supervisor' initialized
2016-03-21 09:44:19,635 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-21 09:44:19,636 INFO supervisord started with pid 1
2016-03-21 09:44:20,638 INFO spawned: 'ewsposter' with pid 10
2016-03-21 09:44:20,640 INFO spawned: 'dionaea' with pid 11
2016-03-21 09:44:21,843 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-21 09:44:21,843 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-21 22:17:36,404 WARN received SIGTERM indicating exit request
2016-03-22 09:57:19,319 CRIT Supervisor running as root (no user in config file)
2016-03-22 09:57:19,319 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2016-03-22 09:57:19,390 INFO RPC interface 'supervisor' initialized
2016-03-22 09:57:19,390 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-22 09:57:19,391 INFO supervisord started with pid 1
2016-03-22 09:57:20,392 INFO spawned: 'ewsposter' with pid 12
2016-03-22 09:57:20,394 INFO spawned: 'dionaea' with pid 13
2016-03-22 09:57:21,549 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-22 09:57:21,549 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-22 17:12:21,401 WARN received SIGTERM indicating exit request
2016-03-22 17:12:21,402 INFO waiting for ewsposter, dionaea to die
b8654bbe3838
2016-03-23 09:47:42,513 CRIT Supervisor running as root (no user in config file)
2016-03-23 09:47:42,513 WARN Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2016-03-23 09:47:42,550 INFO RPC interface 'supervisor' initialized
2016-03-23 09:47:42,550 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2016-03-23 09:47:42,550 INFO supervisord started with pid 1
2016-03-23 09:47:43,552 INFO spawned: 'ewsposter' with pid 10
2016-03-23 09:47:43,553 INFO spawned: 'dionaea' with pid 11
2016-03-23 09:47:44,775 INFO success: ewsposter entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-23 09:47:44,776 INFO success: dionaea entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-04-06 21:20:17,481 WARN received SIGTERM indicating exit request
2016-04-06 21:20:17,481 INFO waiting for ewsposter, dionaea to die
2016-04-06 21:20:17,487 WARN received SIGTERM indicating exit request
docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use.
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use.
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use.
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use.
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use.
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use.
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use.
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use.
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use.
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use.
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use.
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use.
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory
docker: Error response from daemon: failed to create endpoint dionaea on network bridge: Error starting userland proxy: listen tcp 0.0.0.0:445: listen: address already in use.
rm: cannot remove '/data/ews/dionaea/ews.json': No such file or directory

sudo cat /var/log

cat: /var/log: Is a directory

sudo status.sh

======| System |======
Date: Thu Apr 7 13:01:42 CEST 2016
Uptime: 13:01:42 up 0 min, 1 user, load average: 2.24, 0.70, 0.24
No sensors found!
Make sure you loaded all the kernel drivers you need.
Try sensors-detect to find out which these are.
CPU temp:

======| Container: cowrie |======
cowrie RUNNING pid 9, uptime 0:00:38
ewsposter RUNNING pid 11, uptime 0:00:38
mysqld RUNNING pid 10, uptime 0:00:38

======| Container: dionaea |======
Error response from daemon: No such container: dionaea

======| Container: elasticpot |======
elasticpotpy RUNNING pid 11, uptime 0:00:38

======| Container: elk |======
elasticsearch RUNNING pid 11, uptime 0:00:38
kibana RUNNING pid 21, uptime 0:00:38
logstash RUNNING pid 15, uptime 0:00:38

======| Container: glastopf |======
ewsposter RUNNING pid 10, uptime 0:00:38
glastopf RUNNING pid 9, uptime 0:00:38

======| Container: honeytrap |======
ewsposter RUNNING pid 9, uptime 0:00:38
honeytrap RUNNING pid 10, uptime 0:00:38

======| Container: suricata |======
p0f RUNNING pid 10, uptime 0:00:38
suricata RUNNING pid 9, uptime 0:00:38

sudo ls -al /data/dionaea/

total 28
drwxrw---- 7 tpot tpot 4096 Apr 7 13:02 .
drwxrw---- 14 tpot tpot 4096 Mar 15 14:57 ..
drwxrw---- 2 tpot tpot 4096 Apr 7 13:02 binaries
drwxrw---- 2 tpot tpot 4096 Apr 7 13:02 bistreams
drwxrw---- 2 tpot tpot 4096 Apr 7 13:02 log
drwxrw---- 2 tpot tpot 4096 Apr 7 13:02 rtp
drwxrw---- 2 tpot tpot 4096 Apr 7 13:02 wwwroot

sudo ls -al /data/

total 124
drwxrw---- 14 tpot tpot 4096 Mar 15 14:57 .
drwxr-xr-x 23 root root 4096 Mar 15 14:57 ..
drwxrw---- 3 tpot tpot 4096 Mar 15 14:57 conpot
drwxrw---- 6 tpot tpot 4096 Apr 7 13:01 cowrie
drwxrw---- 7 tpot tpot 4096 Apr 7 13:03 dionaea
drwxrw---- 3 tpot tpot 4096 Apr 7 13:01 elasticpot
drwxrw---- 4 tpot tpot 4096 Feb 9 12:24 elk
-rwxrw---- 1 tpot tpot 63727 Mar 15 14:57 elkbase.tgz
drwxrw---- 3 tpot tpot 4096 Mar 15 14:57 emobility
drwxrw---- 6 tpot tpot 4096 Mar 15 14:57 ews
drwxrw---- 5 tpot tpot 4096 Apr 7 13:01 glastopf
drwxrw---- 5 tpot tpot 4096 Apr 7 13:01 honeytrap
-rwxrw---- 1 tpot tpot 58 Mar 15 14:57 images.conf
drwxrw---- 2 tpot tpot 4096 Mar 15 14:57 imgcfg
-rwxrw---- 1 tpot tpot 0 Mar 15 14:57 persistence.off
drwxrw---- 3 tpot tpot 4096 Apr 7 13:01 suricata
drwxrw---- 2 tpot tpot 4096 Apr 7 11:52 upstart

sudo iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination
NFQUEUE tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN state NEW NFQUEUE num 0

Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-ISOLATION all -- anywhere anywhere
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:http
ACCEPT tcp -- anywhere 172.17.0.6 tcp dpt:9200
ACCEPT tcp -- anywhere 172.17.0.4 tcp dpt:http-alt
ACCEPT tcp -- anywhere 172.17.0.5 tcp dpt:2222

Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

sudo lshw

ce145804980927713
description: Computer
product: VirtualBox ()
vendor: innotek GmbH
version: 1.2
serial: 0
width: 64 bits
capabilities: smbios-2.5 dmi-2.5 vsyscall32
configuration: family=Virtual Machine uuid=FFF67472-1480-4468-9DB1-2E1EBDB7BC56
*-core
description: Motherboard
product: VirtualBox
vendor: Oracle Corporation
physical id: 0
version: 1.2
serial: 0
*-firmware
description: BIOS
vendor: innotek GmbH
physical id: 0
version: VirtualBox
date: 12/01/2006
size: 128KiB
capabilities: isa pci cdboot bootselect int9keyboard int10video acpi
*-memory
description: System memory
physical id: 1
size: 6001MiB
*-cpu
product: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
vendor: Intel Corp.
physical id: 2
bus info: cpu@0
width: 64 bits
capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp x86-64 constant_tsc rep_good nopl xtopology nonstop_tsc pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx rdrand hypervisor lahf_lm abm
*-pci
description: Host bridge
product: 440FX - 82441FX PMC [Natoma]
vendor: Intel Corporation
physical id: 100
bus info: pci@0000:00:00.0
version: 02
width: 32 bits
clock: 33MHz
*-isa
description: ISA bridge
product: 82371SB PIIX3 ISA [Natoma/Triton II]
vendor: Intel Corporation
physical id: 1
bus info: pci@0000:00:01.0
version: 00
width: 32 bits
clock: 33MHz
capabilities: isa bus_master
configuration: latency=0
*-ide
description: IDE interface
product: 82371AB/EB/MB PIIX4 IDE
vendor: Intel Corporation
physical id: 1.1
bus info: pci@0000:00:01.1
version: 01
width: 32 bits
clock: 33MHz
capabilities: ide bus_master
configuration: driver=ata_piix latency=64
resources: irq:0 ioport:1f0(size=8) ioport:3f6 ioport:170(size=8) ioport:376 ioport:d000(size=16)
*-display UNCLAIMED
description: VGA compatible controller
product: VirtualBox Graphics Adapter
vendor: InnoTek Systemberatung GmbH
physical id: 2
bus info: pci@0000:00:02.0
version: 00
width: 32 bits
clock: 33MHz
capabilities: vga_controller bus_master
configuration: latency=0
resources: memory:e0000000-e0ffffff
*-network
description: Ethernet interface
product: 82540EM Gigabit Ethernet Controller
vendor: Intel Corporation
physical id: 3
bus info: pci@0000:00:03.0
logical name: eth0
version: 02
serial: 08:00:27:f8:f4:b6
size: 1Gbit/s
capacity: 1Gbit/s
width: 32 bits
clock: 66MHz
capabilities: pm pcix bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=e1000 driverversion=7.3.21-k8-NAPI duplex=full ip=192.168.0.17 latency=64 link=yes mingnt=255 multicast=yes port=twisted pair promiscuous=yes speed=1Gbit/s
resources: irq:19 memory:f0000000-f001ffff ioport:d010(size=8)
*-generic
description: System peripheral
product: VirtualBox Guest Service
vendor: InnoTek Systemberatung GmbH
physical id: 4
bus info: pci@0000:00:04.0
version: 00
width: 32 bits
clock: 33MHz
capabilities: bus_master
configuration: driver=vboxguest latency=0
resources: irq:20 ioport:d020(size=32) memory:f0400000-f07fffff memory:f0800000-f0803fff
*-multimedia
description: Multimedia audio controller
product: 82801AA AC'97 Audio Controller
vendor: Intel Corporation
physical id: 5
bus info: pci@0000:00:05.0
version: 01
width: 32 bits
clock: 33MHz
capabilities: bus_master
configuration: driver=snd_intel8x0 latency=64
resources: irq:21 ioport:d100(size=256) ioport:d200(size=64)
*-usb:0
description: USB controller
product: KeyLargo/Intrepid USB
vendor: Apple Inc.
physical id: 6
bus info: pci@0000:00:06.0
version: 00
width: 32 bits
clock: 33MHz
capabilities: ohci bus_master cap_list
configuration: driver=ohci-pci latency=64
resources: irq:22 memory:f0804000-f0804fff
*-bridge UNCLAIMED
description: Bridge
product: 82371AB/EB/MB PIIX4 ACPI
vendor: Intel Corporation
physical id: 7
bus info: pci@0000:00:07.0
version: 08
width: 32 bits
clock: 33MHz
capabilities: bridge bus_master
configuration: latency=0
*-usb:1
description: USB controller
product: 82801FB/FBM/FR/FW/FRW (ICH6 Family) USB2 EHCI Controller
vendor: Intel Corporation
physical id: b
bus info: pci@0000:00:0b.0
version: 00
width: 32 bits
clock: 33MHz
capabilities: ehci bus_master cap_list
configuration: driver=ehci-pci latency=64
resources: irq:19 memory:f0805000-f0805fff
*-storage
description: SATA controller
product: 82801HM/HEM (ICH8M/ICH8M-E) SATA Controller [AHCI mode]
vendor: Intel Corporation
physical id: d
bus info: pci@0000:00:0d.0
version: 02
width: 32 bits
clock: 33MHz
capabilities: storage pm ahci_1.0 bus_master cap_list
configuration: driver=ahci latency=64
resources: irq:21 ioport:d240(size=8) ioport:d250(size=8) ioport:d260(size=16) memory:f0806000-f0807fff
*-scsi:0
physical id: 3
logical name: scsi1
capabilities: emulated
*-cdrom
description: DVD reader
physical id: 0.0.0
bus info: scsi@1:0.0.0
logical name: /dev/cdrom
logical name: /dev/sr0
capabilities: audio dvd
configuration: status=nodisc
*-scsi:1
physical id: 4
logical name: scsi2
capabilities: emulated
*-disk
description: ATA Disk
product: VBOX HARDDISK
physical id: 0.0.0
bus info: scsi@2:0.0.0
logical name: /dev/sda
version: 1.0
serial: VB1b411a40-aced15de
size: 64GiB (68GB)
capabilities: partitioned partitioned:dos
configuration: ansiversion=5 sectorsize=512 signature=00087123
*-volume:0
description: Linux swap volume
physical id: 1
bus info: scsi@2:0.0.0,1
logical name: /dev/sda1
version: 1
serial: be1cf745-622b-4fa0-99f9-4595a674dec5
size: 7812MiB
capacity: 7812MiB
capabilities: primary bootable nofs swap initialized
configuration: filesystem=swap pagesize=4096
*-volume:1
description: Extended partition
physical id: 2
bus info: scsi@2:0.0.0,2
logical name: /dev/sda2
size: 56GiB
capacity: 56GiB
capabilities: primary extended partitioned partitioned:extended
*-logicalvolume
description: Linux filesystem partition
physical id: 5
logical name: /dev/sda5
logical name: /
logical name: /var/lib/docker/aufs
capacity: 56GiB
configuration: mount.fstype=ext4 mount.options=rw,relatime,errors=remount-ro,data=ordered state=mounted
*-network:0
description: Ethernet interface
physical id: 1
logical name: vethcf0a873
serial: 2e:63:93:a1:81:b7
capabilities: ethernet physical
configuration: autonegotiation=off broadcast=yes driver=veth driverversion=1.0 duplex=full link=yes multicast=yes port=twisted pair
*-network:1
description: Ethernet interface
physical id: 2
logical name: veth27fef91
serial: 66:db:b9:0a:6d:89
capabilities: ethernet physical
configuration: autonegotiation=off broadcast=yes driver=veth driverversion=1.0 duplex=full link=yes multicast=yes port=twisted pair
*-network:2
description: Ethernet interface
physical id: 3
logical name: vethf7fcba0
serial: 8e:4d:3e:b9:94:e6
capabilities: ethernet physical
configuration: autonegotiation=off broadcast=yes driver=veth driverversion=1.0 duplex=full link=yes multicast=yes port=twisted pair
*-network:3
description: Ethernet interface
physical id: 4
logical name: veth0bb4873
serial: b6:1e:d2:2b:cb:2a
capabilities: ethernet physical
configuration: autonegotiation=off broadcast=yes driver=veth driverversion=1.0 duplex=full link=yes multicast=yes port=twisted pair

sudo lscpu

Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 2
On-line CPU(s) list: 0,1
Thread(s) per core: 1
Core(s) per socket: 2
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 60
Stepping: 3
CPU MHz: 3997.680
BogoMIPS: 7995.36
Hypervisor vendor: KVM
Virtualization type: full
L1d cache: 32K
L1i cache: 32K
L2 cache: 256K
L3 cache: 8192K
NUMA node0 CPU(s): 0,1

sudo cat /proc/meminfo

MemTotal: 6145444 kB
MemFree: 4004512 kB
MemAvailable: 4473316 kB
Buffers: 64172 kB
Cached: 349028 kB
SwapCached: 0 kB
Active: 1701760 kB
Inactive: 235500 kB
Active(anon): 1525160 kB
Inactive(anon): 588 kB
Active(file): 176600 kB
Inactive(file): 234912 kB
Unevictable: 0 kB
Mlocked: 0 kB
SwapTotal: 7999484 kB
SwapFree: 7999484 kB
Dirty: 200 kB
Writeback: 0 kB
AnonPages: 1524040 kB
Mapped: 137072 kB
Shmem: 1692 kB
Slab: 144172 kB
SReclaimable: 94132 kB
SUnreclaim: 50040 kB
KernelStack: 5600 kB
PageTables: 13544 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 11072204 kB
Committed_AS: 3059112 kB
VmallocTotal: 34359738367 kB
VmallocUsed: 66416 kB
VmallocChunk: 34359642888 kB
HardwareCorrupted: 0 kB
AnonHugePages: 790528 kB
CmaTotal: 0 kB
CmaFree: 0 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
DirectMap4k: 86976 kB
DirectMap2M: 6240256 kB

sudo free -m

               total       used       free     shared    buffers     cached

Mem: 6001 2112 3889 1 64 342
-/+ buffers/cache: 1705 4296
Swap: 7811 0 7811

sudo swapon -s

Filename Type Size Used Priority
/dev/sda1 partition 7999484 0 -1

sudo lsb_release -a

No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.4 LTS
Release: 14.04
Codename: trusty

sudo uname -a

Linux ce145804980927713 4.2.0-27-generic #32~14.04.1-Ubuntu SMP Fri Jan 22 15:32:26 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

sudo fdisk -l

Disk /dev/sda: 68.7 GB, 68719476736 bytes
255 heads, 63 sectors/track, 8354 cylinders, total 134217728 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00087123

Device Boot Start End Blocks Id System
/dev/sda1 * 2048 16001023 7999488 82 Linux swap / Solaris
/dev/sda2 16003070 134215679 59106305 5 Extended
/dev/sda5 16003072 134215679 59106304 83 Linux

sudo blkid

/dev/sda1: UUID="be1cf745-622b-4fa0-99f9-4595a674dec5" TYPE="swap"
/dev/sda5: UUID="3c242943-a806-44a6-8dcb-6724cbc5c1cf" TYPE="ext4"

sudo df -HT

Filesystem Type Size Used Avail Use% Mounted on
udev devtmpfs 3.2G 8.2k 3.2G 1% /dev
tmpfs tmpfs 630M 709k 629M 1% /run
/dev/sda5 ext4 60G 4.2G 53G 8% /
none tmpfs 4.1k 0 4.1k 0% /sys/fs/cgroup
none tmpfs 5.3M 0 5.3M 0% /run/lock
none tmpfs 3.2G 1.1M 3.2G 1% /run/shm
none tmpfs 105M 0 105M 0% /run/user
none aufs 60G 4.2G 53G 8% /var/lib/docker/aufs/mnt/1368f8b1e47b2bc1120f8b5fe4586bbb0b2ed0e034ae933eeb8125149c79adff
shm tmpfs 68M 0 68M 0% /var/lib/docker/containers/65f96f900569ad65240de91f7311977ea1d89bf43a67ec1cf9c085f51f7c5a1a/shm
none aufs 60G 4.2G 53G 8% /var/lib/docker/aufs/mnt/62f3f819645ca11e21abb19124f260e531fd6b26ab58afba14dc01eece328dd5
none aufs 60G 4.2G 53G 8% /var/lib/docker/aufs/mnt/c64f8eae6671511c32f1ea63e8482cf1d0b6db91990a29857928960a7577a0b4
none aufs 60G 4.2G 53G 8% /var/lib/docker/aufs/mnt/78ba21094666af04affc60859a1c9d5dacde01b1c3ad1c82a8671c71952afc24
none aufs 60G 4.2G 53G 8% /var/lib/docker/aufs/mnt/043d2cf306c6d7aaa05d61c9ec7d0de251b34eed6d26d2107d23296812389cde
shm tmpfs 68M 0 68M 0% /var/lib/docker/containers/e773f7a24502f947d4e53bf9e637b30aca98b01fefd31d467761381a02e7b368/shm
shm tmpfs 68M 0 68M 0% /var/lib/docker/containers/78900d0592c82c30b79518eaa044f32d0011f25bff6def568607a9f7c6024023/shm
none aufs 60G 4.2G 53G 8% /var/lib/docker/aufs/mnt/b50cd0b8f606f6d41ad3551d4b824166ff3fc15b12807e344712efa9067776d1
shm tmpfs 68M 0 68M 0% /var/lib/docker/containers/c573263c1a10761289c218e838cb9d171b50717e08827a416d9cf4d4f1b5cd23/shm
shm tmpfs 68M 0 68M 0% /var/lib/docker/containers/bb6b92b663a7b63561d2afa9eddd353bc4ef779f2ede9953eef499dda9ff7825/shm
shm tmpfs 68M 0 68M 0% /var/lib/docker/containers/c00d4373222d71288c89b277262b416f057bba0cfa03a7153e61b2a11faec950/shm
none aufs 60G 4.2G 53G 8% /var/lib/docker/aufs/mnt/d2abb71e993ce59d147ecac2c527fed2fac6352ae6f07a7ff37bef5c48b871fa

sudo netstat -tulpn

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 566/smbd
tcp 0 0 0.0.0.0:64295 0.0.0.0:* LISTEN 949/sshd
tcp 0 0 127.0.0.1:64296 0.0.0.0:* LISTEN 1547/docker-proxy
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 566/smbd
tcp6 0 0 :::9200 :::* LISTEN 1529/docker-proxy
tcp6 0 0 :::80 :::* LISTEN 1332/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 1571/docker-proxy
tcp6 0 0 :::445 :::* LISTEN 566/smbd
tcp6 0 0 :::64295 :::* LISTEN 949/sshd
tcp6 0 0 :::139 :::* LISTEN 566/smbd
udp 0 0 0.0.0.0:68 0.0.0.0:* 684/dhclient
udp 0 0 172.17.0.1:123 0.0.0.0:* 3840/ntpd
udp 0 0 192.168.0.17:123 0.0.0.0:* 3840/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 3840/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 3840/ntpd
udp 0 0 172.17.255.255:137 0.0.0.0:* 788/nmbd
udp 0 0 172.17.0.1:137 0.0.0.0:* 788/nmbd
udp 0 0 192.168.0.255:137 0.0.0.0:* 788/nmbd
udp 0 0 192.168.0.17:137 0.0.0.0:* 788/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 788/nmbd
udp 0 0 172.17.255.255:138 0.0.0.0:* 788/nmbd
udp 0 0 172.17.0.1:138 0.0.0.0:* 788/nmbd
udp 0 0 192.168.0.255:138 0.0.0.0:* 788/nmbd
udp 0 0 192.168.0.17:138 0.0.0.0:* 788/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 788/nmbd
udp 0 0 0.0.0.0:28876 0.0.0.0:* 684/dhclient
udp6 0 0 :::48785 :::* 684/dhclient
udp6 0 0 fe80::b41e:d2ff:fe2:123 :::* 3840/ntpd
udp6 0 0 fe80::42:2dff:fe06::123 :::* 3840/ntpd
udp6 0 0 fe80::64db:b9ff:fe0:123 :::* 3840/ntpd
udp6 0 0 fe80::2c63:93ff:fea:123 :::* 3840/ntpd
udp6 0 0 fe80::8c4d:3eff:feb:123 :::* 3840/ntpd
udp6 0 0 fe80::a00:27ff:fef8:123 :::* 3840/ntpd
udp6 0 0 ::1:123 :::* 3840/ntpd
udp6 0 0 :::123 :::* 3840/ntpd

from tpotce.

What I did install was samba. The only permissions that I know of is when I create a script and chmod 700 it. I tried to force start dionaea once. I did not change and system/config files.

What I cannot understand is how when loading a snapshot dionaea starts working fine, when I shutdown and use the changed state of the loaded snapshot the day after, it gives No such container.

from tpotce.

There you have it:
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 566/smbd
tcp6 0 0 :::445 :::* LISTEN 566/smbd
Samba uses the same ports as dionaea, therefore dionaea cannot start. Uninstall samba and everything should work fine again.

If you make changes like that it is helpful mentioning first when opening the issue 😉

from tpotce.

That was it!! Life saver. Thankyou very much much :)

from tpotce.