Ludus -- empty dashboard

I tried to install Ludus, but the dashboard was empty (only one graph was having some data).
So that force me to check suricata, pakon, ludus setup (/etc/config/ludus , /etc/config/suricata, /etc/ludus/ludus.config, /etc/ludus/suricata_for_ludus.yaml , /etc/suricata/suricata.yaml .

  1. somehow suricata was checking only “br-lan” so i added “eth1” in uci configs where it was missing
  2. in “yaml” config files , there was incorrect value for MY_NET variable (in suricata and ludus yaml files), so i changed in both accordingly (in suricata it was local range, in ludus it was public ip)
    After several service restarts, still no graphs. After “reboot” of whole router it finally pops-up. (i am not sure what helped, but i am glad it make dashboard rendered correctly).

I am still getting warning that /tmp/suricata/rules is not existing (but it is and has quite a lot of rule files there), but emergingthreats-rules one still missing …even if i force-install related package.

Is there some trick to make that rule to be applied? Or to elimitate that warning? I tried to find some info using google, but actually no luck. It is not so important, but i would like to know why-where so i can be clever next time :slight_smile:

Should I edit the yaml files manually ? (is that fine ? , TBH: i was not sure i assumed it is tailored by so no need to manipulate with those. …) .

I noticed that some users are having “honeypot port:80” open by ludus, in my case i have “none”. Is that normal, should i check old-honeypots/Haas …?

So it was working partially, collecting, but still dashboard was frozen, also pakon in foris was having only historical data.
I tried to make it working, but somehow collision between suricata-pakon/suricata/ludus packages caused me final full/force removal of all these services. Maybe there was way to restore each individually.
Via Foris/Update i made deselect/reselect for pakon/device detection/honeypot lists.
Once pkgupdate was finished i simply used opkg and install ludus-gui and it went thru all the depdendencies correctly. With post-install stuff. Somehow i do not why, but he is still warning about “rules” in /tmp/suricata/rules" but those are there. Update_rules script is working fine. So i do not know what-where i should check/change to make it fine.

At this moment pakon/ludus are running fine, dashboard in ludus is refreshed every 3-5mins, pakon is also showing data.

EDIT: ad_warning about rules. my foundings: Ludus package - security research project invitation

1 Like

i was wondering, is it fully running ATM, so basically a nOOb can instal it on OS4? Or is it still in the alpha fase?

best , Dikke