since the upgrade I did 23rd December, data collection at project.turris.cz does not work any more. I did accept the data collection again in the corresponding section but still not work. My Honeypot on HaaS also shows no new data. I haven’t found any article how to either fix that or configure from scratch? Can you help please or point to some article for help (either English or Czech).
I assume I need to enable: sentinel-proxy, sentinel-minipot, sentinel-dynfw-client, so I did and rebooted. After that I found my Internet connection not working. I found out it completely messed up my Interface config. I tried rollback to my last snapshot but did not helped. In reForis I had to assign WAN and all LAN interfaces back to appropriate section (Radio interfaces were for some reason OK, lucky for me).
I’ve reenabled again those three services in LuCi and now I can see in IPtables those records you mention. After some SSH attempts to honeypot first one show 0 pkts and bytes and second one has some counts, jus like you shared above. But still not working as expected I guess. I cant login to honeypot, it refuses all connections on ssh.
you know, I have this router since Indiegogo campaign, I haven’t check or plaid with honeypot since I set that up years ago. I don’t remember how did I select the alternate port for honeypot etc. I have my putty sessions saved:
Omnia access from LAN: TCP 22
Honeypot from LAN: TCP 58732
Honepot from WAN: TCP 22
I have a port forwarding set for WAN 22 to LAN 58732 (it worked before).
I just don’t know if in 5.x it still works the same way or might need to change / delete some stuff here.
Also, I did the upgrade 23rd. I noticed that in project.turris.cz I see " Last update of the data was on Dec. 23, 2020" … but in HaaS webpage I see last logged “attask” was 2020-12-14, … so the honeypot stopped working some days before I even touch it.
As @fantomas correctly says, haas-proxy manages honeypot https://haas.nic.cz/
Sentinel takes care of the dynamic firewall. On 5.1.4 there is a known problem and already solved on HBK (5.1.5 testing), which inhibits the automatic activation and start of the services installed via reForis. To solve the problem on 5.1.4 and be sure to have everything working, just follow the official Data Collection activation guide https://docs.turris.cz/basics/collect/setup/ (see installation via ssh). By installing from ssh the Sentinel services will be enabled and started correctly. For the haas-proxy service (which controls the honeypot) remember to execute in addition to /etc/init.d/haas-proxy start, also /etc/init.d/haas-proxy enable, otherwise the honeypot will not work at reboot the router.
Anyway, I think I will wait if new data will appear tomorrow in project.turris.cz.
Regarding the honeypot, I think I either need to change the port for Honeypot and redirect SSH 22 to it, … OR I need to change the management SSH port for turris itself to some alternate port. However I haven’t found “how to” for changing either of them.
Turris documentation after all these years still sucks. There are no clear instructions for basic stuff, some of those basics are even missing in a GUI (in all three of them). If you are not a Linux geek, to figure out yourself, you are crewed. I can’t play that much and potentially destroy my router. I need it functional. I like it and hate it in the same time.
From version 4.x of Turris OS the data collection is no longer linked to the page you mentioned (https://project.turris.cz/), i.e. you can no longer check the statistics from that page. In fact, in the new version of the operating system there is no longer a section for registering with the turris project, enabling the data collection.
I see, so I can remove my router from project.turris.cz and I can unregister from the project completely. Thanks a lot for this info!
So now I’ll just try to fix the HaaS.
I did try also the mentioned via SSH guide + the additional commands, but still same result. I got connection refused.
I’m pretty sure it has something to do with my honeypot configuration from 3.x (port redirection etc.)
Meanwhile, does the WAN connection work for you? Try sshing router’s public IP address. If you don’t have a public IP address even if it is dynamic, Honeypot would be totally useless. In case it works from WAN, try to remember what you did to perform the port redirect (https://openwrt.org/docs/guide-user/firewall/firewall_configuration) and cancel the redirect. What’s the use of accessing a honeypot on the LAN?
You don’t need to register through web interface.
IIRC I have registered manually through https://haas.nic.cz/
while I had TOS 5.x installed, so at least my SSH honeypot is working and I can look up attempts from the net.