As you might have heard, we are working on redesign of old uCollect system that was collecting firewall logs and various data about people trying to attack your router. In Turris OS 3.11 we will make first parts of our new software – called Sentinel – available. So we would like to ask you to test it out.
How to do that? First of all you have to disable the old system. You can do that simply in updater tab of Foris web interface where you uncheck Data Collection list.
Installation of the new one is a little trickier and you need LuCI/CLI to do that. First update list of packages and afterwards install
sentinel-minipot packages with these commands:
opkg update opkg install sentinel-dynfw-client sentinel-minipot
We don’t have fancy list in updater yet as it is highly experimental at the moment. There is also no web UI that you can check to see whether it works. The only way to do so is to play an attacker and try connecting via telnet to your internet facing IP. If everything works, you should get prompt asking for credentials. Those credentials will be logged, be aware!
Also you can check that you are getting the list of attackers using command
ipset -L turris-sn-wan-input-block. But don’t search there for your IP. Attacking one router is not evil enough to get you on the list.
Our current plan is to get more testers, put the system under some stress and fine tune the new detection algorithms. Over the time, we will phase out the old system and replace it completely with the new one.
If you are interested in more details about how we are redesigning our data collection system and you happen to speak Czech and be in Prague next week, we are going to have a talk about it on IT18 conference.