How to get rid of HaaS

RadoslavCap · January 20, 2018, 10:44am

Because Haas isn’t production ready (and this is very, very polite statement) I’ve decided to get rid it. I’ve uninstalled “SSH Honeypot” from Foris. My log was full of these type of messages:

SSHService ssh-connection on SSHServerTransport,1082,195.3.147.47] Failure ...

I’ve found there are some relicts in firewall settings:

I’ve removed them because I don’t need to access my router from outside.

Now, I can still observe haas activity in my log:


Jan 20 11:40:12 turris twisted: [haas_proxy.proxy.ProxySSHFactory] disabling non-fixed-group key exchange algorithms because we cannot find moduli file 
Jan 20 11:41:13 turris /usr/sbin/cron: (root) CMD (/etc/init.d/haas-proxy enabled && /etc/init.d/haas-proxy check_fw)

What should I have to do get rid this crappy piece of software? Should I manually disable haas-proxy from initscripts, remove manually cron tasks etc.?

JardaB · January 20, 2018, 11:31am

Port forwarding 22 is not needed for use from the inside. For VPN I do not know, but I would say that VPN should (MUST) * * * strictly * USE!!! * * another port * *, therefore VPN is used. Then there is no external access to 22 SSH.

The new SSH honeypot does not need to redirect anything, sets its private proxy.
We should probably honeypotu the Hass = Another function, different settings.

Perry · January 20, 2018, 1:10pm

Have you tried turning off Data collection? In Foris: http://192.168.1.1/foris/config/main/data-collection/ I’m just guessing.

Perry · January 20, 2018, 11:30pm

I just remembered it was somehow related, when you switched on SSH Honeypot. Well, I read TFM. No, it wasn’t. Ucollect is something completely different.

I asked because I wanted to turn off the HAAS. I got my reason to uninstall it and just wanna know what to expect. Uninstall was correct. And as soon as I confirmed the uninstall in updater, HAAS closed all sessions. Then I restarted rooter because, I wanted to be calm.

But honestly. The port forwarding you had to set yourself? According to the original manual.

woosting · January 21, 2018, 12:50pm

Could someone enlighting me?

~~~What is HaaS (or please direct me to a page that explains that)?~~~
I installed SSH honneypot in the Forris package UI; should I worry (turn it off / do something else)?

Edit: Information about Haas can be found here.

woosting · January 21, 2018, 1:50pm

Good to hear you got it solved on your end (and thanks for sharing it)!

What specific log are you referring to?

Can we check to see if we’re flooded too (sorry for asking beginner questions, trying to learn)?

woosting · January 21, 2018, 2:29pm

Yeap, thanks, I indeed found quite a few of the said failure messages in /var/log/messages.

Seeing there is no immediate security vulnerability I think I’ll tolerate the communication-failure situation for now (in anticipation of a fix), but it indeed does clutter up the logs.

For those looking for the answer to the OP’s question its @RadoslavCap’s post a couple of posts up.

Perry · January 21, 2018, 5:57pm

Thank you. I compared what the updater (Foris) did for me with your list. One library remained (libdb47), but I can live with that.

Edit: I find that netatalk depends on libdb47. At least for me.
A successful day. I learned something new. Thanks