Login  Register

Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*

Posted by Roadrunnere42 on Aug 18, 2019; 2:20pm
URL: https://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1862.html

All working fine
Been playing around and maybe you want to change this file in /etc/config/hhttpd to prevent uhttpd listing on the wan port, they also say unbind ipv6 but couldn't fine any reference in uhttpd.
I will make suggestion as i play and let you full time computer guys decide what to include, Im just a guy who likes computers with no programming knowledge, just picking things up as i go

Securing uHTTPd

By default, uHTTPd is bind to 0.0.0.0 which also includes the WAN port of your router. To bind uHTTPd to the LAN port only you have to change the listen_http and listen_https options to your LAN IP address.

To get your current LAN IP address run this command:

root@OpenWrt:~# uci get network.lan.ipaddr
10.10.10.10

Then edit /etc/config/uhttpd and bind listen_http to specific 10.10.10.10 IP instead of 0.0.0.0

config uhttpd main
        # HTTP listen addresses, multiple allowed
        list listen_http        10.10.10.10:80
#       list listen_http        [::]:80
 
        # HTTPS listen addresses, multiple allowed
        list listen_https       10.10.10.10:443
#       list listen_https       [::]:443

On Sat, 17 Aug 2019 at 16:34, Grommish [via Itus Networks Owners Forum] <[hidden email]> wrote:
Road,

Here is the link to the commit if you just want to grab the files locally.  Anything under the files/ directory get injected into the image file tree as laid out (files/etc get put into /etc for example)



On Sat, Aug 17, 2019, 11:27 AM Grommish [via Itus Networks Owners Forum] <[hidden email]> wrote:
Let me check to see if I actually included this updated script in the image you have. I haven't synced in a few days and just did the pull request merge.

I'll sync up and build out here in a bit, then link up the updated image

On Sat, Aug 17, 2019, 11:23 AM Roadrunnere42 [via Itus Networks Owners Forum] <[hidden email]> wrote:
Gnomad

Great work on the updated scripts.

I'm have trouble running updaterules.sh, which is on a fresh image installed yesterday, had a look through and I must admit it's better code than what i did, nice a clean.

1. Ll2blacklist file is not present so script need to check if present if not create folder and files.
                     Replacing /etc/snort/rules/iplists/L2.blacklist
                     mv: can't rename '/etc/snort/rules/iplists/L2.blacklist': No such file or directory
                     mv: can't rename 'L2.blacklist': No such file or directory

2. ./updaterules.sh: line 66: file: not found. Again I think this is to do with folder / files not present on fresh install

                   Downloading community-rules
                     https://www.snort.org/downloads/community/community-rules.tar.gz
                      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
                     100   467    0   467    0     0    812      0 --:--:-- --:--:-- --:--:--  1212
                     100  321k  100  321k    0     0   190k      0  0:00:01  0:00:01 --:--:--  400k
                    . /updaterules.sh: line 66: file: not found
 
                   Downloading abuse-sslbl.rules
                    https://sslbl.abuse.ch/blacklist/sslipblacklist.rules
                     % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
                    100 21127  100 21127    0     0  36425      0 --:--:-- --:--:-- --:--:-- 88768
                    ./updaterules.sh: line 66: file: not found

3. Don't thing this is anything to do with your script but anyidea. I don't have the profile directory present, has this been added lately.

Restarting SNORT service
cat: can't open '/etc/snort/profile/config1_advanced.conf': No such file or directory
cat: can't open '/etc/snort/profile/config2_engine.conf': No such file or directory
cat: can't open '/etc/snort/profile/config3_preprocessors.conf': No such file or directory
cat: can't open '/etc/snort/profile/config4_other.conf': No such file or directory





On Tue, 13 Aug 2019 at 17:47, Gnomad [via Itus Networks Owners Forum] <[hidden email]> wrote:
Updated the script with some improvements - parameterised downloads which now continue if one fails, excluded sids out to a separate (optional) file.  
I also tried `service snort restart` but my shell complained it didn't recognise `service`.  Let me know if I got that syntax wrong.

https://gist.github.com/DaveA-W/e3e9e95a21d418e9c83a3a3a0731e3cc
OpenWrt SNAPSHOT, r10391-3d8d528939



If you reply to this email, your message will be added to the discussion below:
http://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1823.html
To start a new topic under Technical Discussion, email [hidden email]
To unsubscribe from Itus Networks Owners Forum, click here.
NAML



If you reply to this email, your message will be added to the discussion below:
http://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1849.html
To unsubscribe from [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*, click here.
NAML
Running Itus Shield v2 Firmware



If you reply to this email, your message will be added to the discussion below:
http://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1850.html
To unsubscribe from [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*, click here.
NAML
Running Itus Shield v2 Firmware



If you reply to this email, your message will be added to the discussion below:
http://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1851.html
To start a new topic under Technical Discussion, email [hidden email]
To unsubscribe from Itus Networks Owners Forum, click here.
NAML