I tried to install Ludus, but the dashboard was empty (only one graph was having some data).
So that force me to check suricata, pakon, ludus setup (/etc/config/ludus , /etc/config/suricata, /etc/ludus/ludus.config, /etc/ludus/suricata_for_ludus.yaml , /etc/suricata/suricata.yaml .
- somehow suricata was checking only “br-lan” so i added “eth1” in uci configs where it was missing
- in “yaml” config files , there was incorrect value for MY_NET variable (in suricata and ludus yaml files), so i changed in both accordingly (in suricata it was local range, in ludus it was public ip)
After several service restarts, still no graphs. After “reboot” of whole router it finally pops-up. (i am not sure what helped, but i am glad it make dashboard rendered correctly).
I am still getting warning that /tmp/suricata/rules is not existing (but it is and has quite a lot of rule files there), but emergingthreats-rules one still missing …even if i force-install related package.
Is there some trick to make that rule to be applied? Or to elimitate that warning? I tried to find some info using google, but actually no luck. It is not so important, but i would like to know why-where so i can be clever next time
Should I edit the yaml files manually ? (is that fine ? , TBH: i was not sure i assumed it is tailored by nic.cz so no need to manipulate with those. …) .
I noticed that some users are having “honeypot port:80” open by ludus, in my case i have “none”. Is that normal, should i check old-honeypots/Haas …?