Turris Hardening

Is there a setup guide for hardening the Turris? When running a scan of the WAN ip, getting some responses from ports 80,21,23 but there have been firewall rules setup to filter these ports. Not quite
sure why they are still showing up on censys.io

Maybe because you have honeypots running on your Turris device? That would explain open ports. There is nothing to worry about.

You probably need to disable turris detection & attack prevention system sentinel to block/drop all incoming connections.
Would not recomend it though….

Read more about turris detection & attack prevention system


this means, your omnia is already hardened and you help to harden others…

1 Like

Not worried about it in any way. Just trying to see if it could be turned off so that it’s not visible (filtered) from WAN scanning.
Turned off the Sentinal Minipot and SSH Honeypot and just left the firewall and logging. However it still shows up on scans like censys.io or zoomeye.org. Would it be required to stop one or more of the startup services?

Or maybe one of the processes needs to be disabled?

You have to force run updater to get rid of honeypots and a network restart should be needed as well.

How to force run updater? Within the Forris webGUI? or via CLI?

You can do that from foris by confirming after you change software list of from CLI using pkgupdate

this should work. but I don’t see point in it.

how to access the Turris CLI?

You should use CLI in Your computer, there is no CLI in Turris OS.

What do you expand CLI to? If it is command line interface, I would respectufully propose that ssh root@${TURRIS_ROUTERS_IP-ADDRESS} is a way to access turris’ CLI… :wink:


OK. I mean, the only thing I wanted to say is that if I was trying to do something with Turris router, I have opened up CLI in the computer and that’s it :innocent:

1 Like