Ludus package - security research project invitation

Thanks paja; I was going nuts already as I got that msg as well on 4.0 beta 9. Even tried adding a feed before I read somewhere that doing so was a bad idea so I guess I’ll just have to be patient :slight_smile:

paja, one more thing; any idea on if and/or when it is included into the 4.0 version?

waiting … :slightly_smiling_face:

Not that it solves the problem, but I know why the comm on port 80 gets rejected.

The lighthttpd server fails to load due to a duplicate config variable.

Duplicate config variable in conditional 0 global: fastcgi.server
2019-08-15 17:48:47: (configfile.c.1289) source: /etc/lighttpd/conf.d/ludus.conf line: 14 pos: 1 parser failed somehow near h…

the duplication is in files
/etc/lighttpd/modules.d/30-php-fpm.load
/etc/lighttpd/conf.d/ludus.conf

The php one comes from nextcloud package.

P.S.: When I first tried to install ludus the haas proxy somehow came to life and tried to hijack my connection attempts from outside to my ssh server on port 22.

Edit:
got the rest. The second line in ludus.conf should be

fastcgi.server += (

instead of

fastcgi.server = (

2 Likes

Thanks for digging into it and also that you have been able to find where is an issue. You even send us a pull request. That’s cool. We will look at it!

2 Likes

Turris 1.1

opkg install ludus-gui
Installing ludus-gui (0.1-3) to root...
Downloading https://repo.turris.cz/turris-rc/packages//turrispackages/ludus-gui_0.1-3_mpc85xx.ipk
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 6170k  100 6170k    0     0  7850k      0 --:--:-- --:--:-- --:--:-- 7850k
Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for ludus-gui:
 *      libmaxminddb *
 * opkg_install_cmd: Cannot install package ludus-gui.

We would like to thank you for your interest to be a participant of Ludus project with Turris 1.x router. Package libmaxminddb is not available for Turris 1.x. due to compile issues. Because of that, it is just available for Turris Omnia owners in Turris OS 3.x release.

@paja is working to have Ludus package also on Turris OS 4.x. release.

It is important information … mising in initial announcement

2 Likes

@paja were able to look at the compile issues of package libmaxminddb for Turris 1.x and manage it to get it working, so it will be part of the next release.

I received some errors during the installation. Ludus installed fine nonetheless.

Configuring kmod-nfnetlink-queue.
Configuring kmod-ipt-nfqueue.
xt_NFQUEUE is already loaded
Configuring python-pyasn1-modules.
Configuring python-attrs.
Configuring libyaml.
Configuring jansson.
Configuring iptables-mod-nfqueue.
Configuring kmod-nfnetlink-log.
Configuring libnetfilter-log.
Configuring libiconv-full.
Configuring libhtp.
Configuring libnet-1.2.x.
Configuring suricata-bin.
Configuring suricata-emergingthreats-rules-ludus.
Configuring python-cachetools.
Configuring cython3.
Configuring python-incremental.
Configuring python3-simplejson.
Configuring msgpack-c.
Configuring suricata-rules.
Configuring kmod-ipt-compat-xtables.
Configuring kmod-ipt-tarpit.
Configuring iptables-mod-tarpit.
Configuring libzmq-nc.
Configuring libmicrohttpd.
Configuring liblz4.
Configuring czmq.
Configuring libpaho-mqtt-c.
Configuring sentinel-proxy.
Command failed: Not found
Configuring sentinel-minipot.
Command failed: Not found
Configuring python-constantly.
Configuring python3-zmq.
Configuring python-chardet.
Configuring python-urllib3.
Configuring python-certifi.
Configuring python-requests.
Configuring zope-interface.
Configuring twisted.
Configuring python-crypto.
Configuring python-service-identity.
Configuring sshpass.
Configuring haas-proxy.
Failed to get haas registration token
Command failed: Not found
Configuring python3-msgpack.
Configuring ludus.

Should ucollect be disabled beforehand, or does it work at the same time?

This does not work :(.

I was still getting warning about missing rules (when i was sure they are present and md5 file has data ;; and update_rules script is working correctly …).
Check condition in /etc/init.d/ludus starting at line 107 was always true and printing the warning and executing update_rules process. So i changed a bit that part …1st. added missing “else” branche (so changed print message and put rest under newly added else) . 2nd. later i changed it completely …

/etc/init.d/ludus
    if [ -f "/tmp/suricata/rules.md5" ] && [ -s "/tmp/suricata/rules.md5" ]
    then    print_msg "Rules are fine"
    else    print_msg "Warning /tmp/suricata/rules not found ! Suricata-emergingthreats-rules is probably not  running."
            if [ -f "/usr/bin/suricata_update_rules.sh" ]; then
                    print_msg "Trying to run suricata_update_rules.sh"
                    /usr/bin/suricata_update_rules.sh
            else
                    print_msg "Error suricata_update_rules.sh not found !"
                    exit 1
            fi
    fi
1 Like

This does work, thanks :).

When will be Ludus available for MOX?

Some problem by me … after instaling is status “stoped” … and in the command
/etc/init.d/ludus start come error

Important information-the system I have installed on an SSD mSATA

root@turris:~# /etc/init.d/ludus start
Warning /tmp/suricata/rules not found ! Suricata-emergingthreats-rules is probably not running.
Trying to run suricata_update_rules.sh
Public IP autodetection IP=93.91.50.207
Copying normal suricata rules.
root@turris:~# ^C

root@turris:~# opkg install suricata-emergingthreats-rules
Installing suricata-emergingthreats-rules (6) to root...
Downloading https://repo.turris.cz/omnia/packages//turrispackages/suricata-emergingthreats-rules_6_mvebu.ipk
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2533  100  2533    0     0  11781      0 --:--:-- --:--:-- --:--:-- 27236
Collected errors:
 * check_data_file_clashes: Package suricata-emergingthreats-rules wants to install file /etc/logrotate.d/suricata-alert
        But that file is already provided by package  * suricata-emergingthreats-rules-ludus
 * check_data_file_clashes: Package suricata-emergingthreats-rules wants to install file /etc/cron.d/suricata
        But that file is already provided by package  * suricata-emergingthreats-rules-ludus
 * check_data_file_clashes: Package suricata-emergingthreats-rules wants to install file /usr/bin/suricata_update_rules.sh
        But that file is already provided by package  * suricata-emergingthreats-rules-ludus
 * opkg_install_cmd: Cannot install package suricata-emergingthreats-rules.
root@turris:~# opkg install suricata-emergingthreats-rules-ludus
Package suricata-emergingthreats-rules-ludus (6) installed in root is up to date.
root@turris:~# ^C

root@turris:~# /etc/init.d/ludus start
Warning /tmp/suricata/rules not found ! Suricata-emergingthreats-rules is probably not running.
Trying to run suricata_update_rules.sh
Public IP autodetection IP=93.91.50.207
Copying normal suricata rules.
root@turris:~#

And in syslog

2019-10-15 17:51:11 debug kernel[]: [   62.469105] ucollect-fake-open-inet: IN=eth1 OUT= MAC=d8:58:d7:00:35:50:cc:2d:e0:26:3f:54:08:00 SRC=179.97.248.76 DST=10.109.54.199 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=40191 PROTO=TCP SPT=25075 DPT=80 WINDOW=9388 RES=0x00 SYN URGP=0 MARK=0x80000 
2019-10-15 17:51:14 emerg kresd[8370]: Warning /tmp/suricata/rules not found ! Suricata-emergingthreats-rules is probably not running.
2019-10-15 17:51:14 notice ludus[]: Warning /tmp/suricata/rules not found ! Suricata-emergingthreats-rules is probably not running.
2019-10-15 17:51:14 emerg kresd[8370]: Trying to run suricata_update_rules.sh
2019-10-15 17:51:14 notice ludus[]: Trying to run suricata_update_rules.sh
2019-10-15 17:51:14 info kernel[]: [   65.493233] device br-guest_turris entered promiscuous mode
2019-10-15 17:51:15 emerg kresd[8370]: Public IP autodetection IP=93.91.50.207
2019-10-15 17:51:15 notice ludus[]: Public IP autodetection IP=93.91.50.207
2019-10-15 17:51:15 notice firewall[]: Reloading firewall due to ifup of wan (eth1)
2019-10-15 17:51:15 emerg kresd[8370]: Copying normal suricata rules.
2019-10-15 17:51:15 notice ludus[]: Copying normal suricata rules.
2019-10-15 17:51:15 info turris-firewall-rules[]: (v63) IPv4 WAN interface used - 'eth1'
2019-10-15 17:51:15 info turris-firewall-rules[]: (v63) IPv6 WAN interface used - 'lo'
2019-10-15 17:51:16 emerg turris[]: Router Turris successfully started.
2019-10-15 17:51:16 info procd[]: - init complete -
2019-10-15 17:51:16 err ludus.py[8625]: netstat: showing only processes with your user ID
2019-10-15 17:51:17 err ludus.py[4284]: Last message 'netstat: showing onl' repeated 6 times, suppressed by syslog-ng on turris
2019-10-15 17:51:17 info ludus.py[8625]: 2323
2019-10-15 17:51:17 info ludus.py[8625]: 23
2019-10-15 17:51:17 info ludus.py[8625]: 3128
2019-10-15 17:51:17 info ludus.py[8625]: 8080
2019-10-15 17:51:17 info ludus.py[8625]: 80
2019-10-15 17:51:17 info ludus.py[8625]: 8123
2019-10-15 17:51:17 info ludus.py[8625]: 53
2019-10-15 17:51:17 err ludus.py[8625]: Traceback (most recent call last):
2019-10-15 17:51:17 err ludus.py[8625]:   File "/usr/share/ludus/ludus.py", line 369, in <module>
2019-10-15 17:51:17 err ludus.py[8625]:     ludus.start()
2019-10-15 17:51:17 err ludus.py[8625]:   File "/usr/share/ludus/ludus.py", line 330, in start
2019-10-15 17:51:17 err ludus.py[8625]:     (self.production_ports, self.active_honeypots)=get_ports_information()
2019-10-15 17:51:17 err ludus.py[8625]:   File "/usr/share/ludus/ludus.py", line 127, in get_ports_information
2019-10-15 17:51:17 err ludus.py[8625]:     data = IPTablesAnalyzer.iptables_analyzer.get_output()
2019-10-15 17:51:17 err ludus.py[8625]:   File "/usr/share/ludus/IPTablesAnalyzer/iptables_analyzer.py", line 189, in get_output
2019-10-15 17:51:17 err ludus.py[8625]:     for port,protocol in process_honeypots(verbose):
2019-10-15 17:51:17 err ludus.py[8625]:   File "/usr/share/ludus/IPTablesAnalyzer/iptables_analyzer.py", line 47, in process_honeypots
2019-10-15 17:51:17 err ludus.py[8625]:     data = parse_from_line(subprocess.Popen('iptables -vnL -t mangle| grep -w '+ rule[9], shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE).communicate()[0].decode("utf-8"))
2019-10-15 17:51:17 err ludus.py[8625]:   File "/usr/share/ludus/IPTablesAnalyzer/iptables_analyzer.py", line 20, in parse_from_line
2019-10-15 17:51:17 err ludus.py[8625]:     return (output[0], output[1])
2019-10-15 17:51:17 err ludus.py[8625]: IndexError: list index out of range

Important information-the system I have installed on an SSD mSATA

root@turris:~# /tmp/log/ludus/ludus.log
-ash: /tmp/log/ludus/ludus.log: Permission denied
root@turris:~#

From the output, you are trying to run log file and you got permission denied, which is correct. If you would like to see that log/edit it, you need to have there some command before the path to the file/folder.

For example:

cat /tmp/log/ludus/ludus.log

Sorry, :frowning: only wrong copy of command from …see above

root@turris:~# ^C
root@turris:~# cat /tmp/log/ludus/ludus.log
[2019/10/16 13:45:55.204569]    Ludus system started.
[2019/10/16 13:52:43.481238]    Ludus system started.
root@turris:~#