Posted by Grommish on Jun 16, 2019; 5:56am
URL: https://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1763.html

The Emerging Threats rules were just the first ones I found. Any Snort rules can be used. Updates can be scheduled via Cron job as long as the URL is reasonably scriptable.

By all accounts, once I get everything sorted, we should be able to do a few things.  First, opkg has an upgrade option, if I recall correctly. So you could schedule the Cron job for that.  More importantly, turning out system updates for use in the luCi interface should be doable, as well.

As far as testing, the "Gateway" image I'm building is Gateway in name only. The first post has info on how to install. It's called Gateway because uboot looks for Itus<mode>Image (ItusgatewayImage, ItusrouterImage, etc) depending on the front switch at the end of Stage 2 into Stage 3 boot.  The test image is set to act like the router image, it just goes in the Gateway slot because no one ever used that slot.  It's also non destructive, so it doesn't mess with the /dev/mmcblk partitions (at this point. My current test builds I have locally do.). So you're perfectly safe in loading the test image in post 1 and just backup your existing ItusgatewayImage file before hand.  The test file doesn't do Snort by default, and won't save anything through a reboot of the device.  Snort is present, but the /etc/snort/snort.conf isn't right and it dies when it tries to start (silently).  You can still call it manually from the command line to test it. I've got it working on the local test builds, but again, it'll overwrite your Gateway stuff (you can restore it later, if you decide to).  It doesn't effect the Router image, at all.

If you really want to play with it, I'm always willing to walk you through it in something like Google Hangouts.  Just send the request to my email (grommish@gmail.com) and we can set aside some time.  Any additional eyes I can get on this would be extremely helpful since I never played with the Shield during the hayday, and almost immediately decided to start this little adventure after only like 1 or 2 days of use. I never even hooked it inline on my network, only console and stub use.

I can look at luCi2.  I didn't see a config option in the source, but I've not synced in a few weeks.


Edit: luCi2 can be installed, I suppose, but the dev on it looks kind of janky.  Last commit was 2 months ago. While I could put it in the image, it's beyond me to make the pages.  I'm no good with JSON or even Js.  I also don't know what issues and conflicts luCi and luCi2 might have.  I'm all for bleeding edge, but for now, we should probably stick to tried and true. Besides, the luCi limitations in space and RAM don't apply to us.

Gnomad wrote

Wow - nice work Grommish!
You've gone well past my capabilities with any of this..  I'm a .NET & Angular dev, so am comfortable following & debugging existing code - but doing all this from scratch?  not a chance!

RE: suggestions for extras, perhaps:
* some of the other (non emergingthreats) blocklists covered by the fw_ugprade script that "legacy" installs run weekly - e.g. shallalist, sslipblacklist, zeus, etc.
* is it feasible to get the OpenWrt distro & other installed packages to auto-update?  Too much risk of breakage?
* not sure if it's mature enough, but luci2 might also be worth a look.

Keep me posted once you think the router mode install is "user-proof" enough for a Windows user ;)