SSH Honeypot is invisible

Hello,

I wanted to set SSH honeypot on my Omnia. I have already been contributing some date before so I have everything checked in Data Collection tab except of port 80 trap. Yet after downloading the SSH honeypot module I couldn’t see it anywhere, even after using some methods described in other forum threads (reinstalling ssh trap and registering in data collection tab once more).

Please note that I have port 22 forwarded to the one of honeypot as described in the manual and the real SSH has been moved to another port by changing the value in /etc/config/sshd. One day ago I got such error in the home page:

Error from 2017/09/28 22:09:35
Updater failed: Failed operations:
ucollect-badconf/postrm: /usr/lib/opkg/info//ucollect-badconf.postrm: line 2: /etc/init.d/ucollect: not found

ucollect-count/postrm: /usr/lib/opkg/info//ucollect-count.postrm: line 2: /etc/init.d/ucollect: not found

ucollect-fwup/postrm: /usr/lib/opkg/info//ucollect-fwup.postrm: line 2: /etc/init.d/ucollect: not found

ucollect-spoof/postrm: /usr/lib/opkg/info//ucollect-spoof.postrm: line 2: /etc/init.d/ucollect: not found

ucollect-flow/postrm: /usr/lib/opkg/info//ucollect-flow.postrm: line 2: /etc/init.d/ucollect: not found

ucollect-sniff/postrm: /usr/lib/opkg/info//ucollect-sniff.postrm: line 2: /etc/init.d/ucollect: not found

ucollect-refused/postrm: /usr/lib/opkg/info//ucollect-refused.postrm: line 2: /etc/init.d/ucollect: not found

ucollect-bandwidth/postrm: /usr/lib/opkg/info//ucollect-bandwidth.postrm: line 2: /etc/init.d/ucollect: not found

I’m not sure if it’s relevant to the issue. Could you help me with that?

Hello,
This shouldn’t happen at all.

It’s weird that updater (or maybe you) uninstalled these apps and let’s try to install them back:

opkg install nikola ucollect-meta ucollect-badconf ucollect-bandwidth ucollect-count ucollect-sniff ucollect-spoof ucollect-fake ucollect-flow ucollect-diffstore ucollect-refused ucollect-prog ucollect-fwup ucollect-lib

Thank you for the reply. Here is my output:

root@turris:~# opkg install nikola ucollect-meta ucollect-badconf ucollect-bandw
idth ucollect-count ucollect-sniff ucollect-spoof ucollect-fake ucollect-flow uc
ollect-diffstore ucollect-refused ucollect-prog ucollect-fwup ucollect-lib
Package nikola (42) installed in root is up to date.
Package ucollect-meta (6) installed in root is up to date.
Package ucollect-badconf (25) installed in root is up to date.
Package ucollect-bandwidth (22) installed in root is up to date.
Package ucollect-count (28) installed in root is up to date.
Package ucollect-sniff (19) installed in root is up to date.
Package ucollect-spoof (8) installed in root is up to date.
Package ucollect-fake (23) installed in root is up to date.
Package ucollect-flow (33) installed in root is up to date.
Package ucollect-diffstore (1.2) installed in root is up to date.
Package ucollect-refused (13) installed in root is up to date.
Package ucollect-prog (119) installed in root is up to date.
Package ucollect-fwup (12) installed in root is up to date.
Package ucollect-lib (119) installed in root is up to date.

Maybe this can help:

opkg install ucollect-meta --force-reinstall
updater.sh

and the problem could be related to mobile apllication - Turris.
https://forum.test.turris.cz/t/ever-increasing-leaking-nuci-process/3743
and solution for it is uninstall. :confused:

I had that problem before installing Turris app. I executed the commands you gave and here is what I got:

root@turris:~# opkg install ucollect-meta --force-reinstall
Removing package ucollect-meta from root…
Installing ucollect-meta (6) to root…
Collected errors:

  • opkg_download_pkg: Package ucollect-meta is not available from any configured src.
  • opkg_install_pkg: Failed to download ucollect-meta. Perhaps you need to run ‘opkg update’?
  • opkg_install_cmd: Cannot install package ucollect-meta.
    root@turris:~# opkg update

(…)

root@turris:~# opkg install ucollect-meta --force-reinstall
No packages removed.
Installing ucollect-meta (6) to root…
Downloading https://repo.turris.cz/omnia/packages//turrispackages/ucollect-meta_6_mvebu.ipk
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 987 100 987 0 0 8451 0 --:–:-- --:–:-- --:–:-- 8582
Configuring ucollect-meta.
root@turris:~# updater.sh
WARN:Script revision-specific not found, but ignoring its absence as requested
WARN:Script serial-specific not found, but ignoring its absence as requested
WARN:Requested package luci-i18n-ddns-en that is missing, ignoring as requested.
Working on message: 1506718177-8764
Working on message: 1506853064-20388
Working on message: 1506853186-22094
There is no message to send.

Just in case I have removed Turris app, revoked token and removed module responsible for generating them. Unfortunately I still don’t see SSH honeypot in the relevant tab (even after reinstalling it).

Ok the second issue what you have is gone.

Back to SSH honyepot:

I think that you’re looking for these statistics am I right?
Otherwise I don’t really understand what you mean in OP and in the post in the other thread.
Because in 1st post you said: “You couldn’t find it anywhere” so I suppose you installed SSH honeypot via Foris under Updater tab, right? Now you want to see some statistics and I think you didn’t read mine (which is above your’s there) or nijel, where it is explained, where you can find them.
https://forum.test.turris.cz/t/where-is-ssh-honeypot-on-omnia/1145/41?u=pepe

And I don’t think that you look at official documentation for Turris routers.
Please see it here: SSH honeypot – HaaS [Turris wiki] and there’s explained where you can find statistics. :wink:

I have SSH honeypot marked in the updater section and I know where to search for the results (Turris Project) but I cannot enable collecting data in the Data Collection section and that means there are no entries at all (I maintain home server and there were tons of bots trying to get inside port 22). Here is how my Data Collection tab looks like:


A few moths ago I managed to install SSH honeypot and a new switch in the mentioned tab appeared, right now I see nothing.

That’s what you meant, right… Sorry.

I don’t have it there either, but it should work.

There is little bit delay when it will show you statistics on Project Turris, but today or tomorrow you should see it.

Hmm, it seems that no switch is needed anymore as I just saw entries from my honeypot on Turris Project. Hopefully I didn’t mess up anything today so it will continue to work. Thanks for your help very much! I’m not sure what should I mark as a solution. Maybe the one about opkg force update?

1 Like