Ludus package - security research project invitation

Hi,
today we released Ludus package (part of 3.11.6 release). Ludus is a joint research project between the Stratosphere Research Laboratory and CZ.NIC.
Its goal is to apply Game Theory to honeypot deployment in order to increase the security of the users.
You can read more about the project in this article.

We would be glad if you join this effort by installing Ludus package to your router.

To install and run package simply do the following:

opkg update
opkg install ludus-gui #only if you what to install Dashboard application on your router
opkg install ludus 

After install finish type these command to run Ludus permanently

/etc/init.d/ludus enable
/etc/init.d/ludus start

reboot

You should see new app icon in https://192.168.1.1 or you can access dashboard from http://192.168.1.1/ludus/ (or whatever your router IP address is).
If you have any problem please let me know here or via PM.

3 Likes

After installing Ludus, communication on port 80 is rejected (LAN)
(Luci, Foris, Nextcloud, Webapps, Ludus…). Web sites on other ports (1999,9091) are running.

Omnia 2GB

Could you please send Lighttpd log?

cat /tmp/log/lighttpd/error.log

Otherwise, you can uninstall Ludus dashboard by

opkg remove ludus-gui

Lighttpd log does not exist.

Ludus opened honeypods in ports 80 ?

/tmp/log/ludus/ludus.log

[2019/08/14 06:44:37.284385] Ludus system started.
[2019/08/14 06:44:40.782311] Opening honeypots in ports: [(‘tcp’, 80)]

On the MOX. Unknown package ‘ludus’.

RIght now ludus package is released only for Turris OS 3.X .

1 Like

Thanks paja; I was going nuts already as I got that msg as well on 4.0 beta 9. Even tried adding a feed before I read somewhere that doing so was a bad idea so I guess I’ll just have to be patient :slight_smile:

paja, one more thing; any idea on if and/or when it is included into the 4.0 version?

waiting … :slightly_smiling_face:

Not that it solves the problem, but I know why the comm on port 80 gets rejected.

The lighthttpd server fails to load due to a duplicate config variable.

Duplicate config variable in conditional 0 global: fastcgi.server
2019-08-15 17:48:47: (configfile.c.1289) source: /etc/lighttpd/conf.d/ludus.conf line: 14 pos: 1 parser failed somehow near h…

the duplication is in files
/etc/lighttpd/modules.d/30-php-fpm.load
/etc/lighttpd/conf.d/ludus.conf

The php one comes from nextcloud package.

P.S.: When I first tried to install ludus the haas proxy somehow came to life and tried to hijack my connection attempts from outside to my ssh server on port 22.

Edit:
got the rest. The second line in ludus.conf should be

fastcgi.server += (

instead of

fastcgi.server = (

2 Likes

Thanks for digging into it and also that you have been able to find where is an issue. You even send us a pull request. That’s cool. We will look at it!

2 Likes

Turris 1.1

opkg install ludus-gui
Installing ludus-gui (0.1-3) to root...
Downloading https://repo.turris.cz/turris-rc/packages//turrispackages/ludus-gui_0.1-3_mpc85xx.ipk
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 6170k  100 6170k    0     0  7850k      0 --:--:-- --:--:-- --:--:-- 7850k
Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for ludus-gui:
 *      libmaxminddb *
 * opkg_install_cmd: Cannot install package ludus-gui.

We would like to thank you for your interest to be a participant of Ludus project with Turris 1.x router. Package libmaxminddb is not available for Turris 1.x. due to compile issues. Because of that, it is just available for Turris Omnia owners in Turris OS 3.x release.

@paja is working to have Ludus package also on Turris OS 4.x. release.

It is important information … mising in initial announcement

2 Likes

@paja were able to look at the compile issues of package libmaxminddb for Turris 1.x and manage it to get it working, so it will be part of the next release.

I received some errors during the installation. Ludus installed fine nonetheless.

Configuring kmod-nfnetlink-queue.
Configuring kmod-ipt-nfqueue.
xt_NFQUEUE is already loaded
Configuring python-pyasn1-modules.
Configuring python-attrs.
Configuring libyaml.
Configuring jansson.
Configuring iptables-mod-nfqueue.
Configuring kmod-nfnetlink-log.
Configuring libnetfilter-log.
Configuring libiconv-full.
Configuring libhtp.
Configuring libnet-1.2.x.
Configuring suricata-bin.
Configuring suricata-emergingthreats-rules-ludus.
Configuring python-cachetools.
Configuring cython3.
Configuring python-incremental.
Configuring python3-simplejson.
Configuring msgpack-c.
Configuring suricata-rules.
Configuring kmod-ipt-compat-xtables.
Configuring kmod-ipt-tarpit.
Configuring iptables-mod-tarpit.
Configuring libzmq-nc.
Configuring libmicrohttpd.
Configuring liblz4.
Configuring czmq.
Configuring libpaho-mqtt-c.
Configuring sentinel-proxy.
Command failed: Not found
Configuring sentinel-minipot.
Command failed: Not found
Configuring python-constantly.
Configuring python3-zmq.
Configuring python-chardet.
Configuring python-urllib3.
Configuring python-certifi.
Configuring python-requests.
Configuring zope-interface.
Configuring twisted.
Configuring python-crypto.
Configuring python-service-identity.
Configuring sshpass.
Configuring haas-proxy.
Failed to get haas registration token
Command failed: Not found
Configuring python3-msgpack.
Configuring ludus.

Should ucollect be disabled beforehand, or does it work at the same time?

This does not work :(.

I was still getting warning about missing rules (when i was sure they are present and md5 file has data ;; and update_rules script is working correctly …).
Check condition in /etc/init.d/ludus starting at line 107 was always true and printing the warning and executing update_rules process. So i changed a bit that part …1st. added missing “else” branche (so changed print message and put rest under newly added else) . 2nd. later i changed it completely …

/etc/init.d/ludus
    if [ -f "/tmp/suricata/rules.md5" ] && [ -s "/tmp/suricata/rules.md5" ]
    then    print_msg "Rules are fine"
    else    print_msg "Warning /tmp/suricata/rules not found ! Suricata-emergingthreats-rules is probably not  running."
            if [ -f "/usr/bin/suricata_update_rules.sh" ]; then
                    print_msg "Trying to run suricata_update_rules.sh"
                    /usr/bin/suricata_update_rules.sh
            else
                    print_msg "Error suricata_update_rules.sh not found !"
                    exit 1
            fi
    fi
1 Like

This does work, thanks :).