Unverified Commit e2de8e4b authored by Martin Prudek's avatar Martin Prudek 🌀
Browse files

basics/sentinel: Drop data collection & 5.3 update

parent 7a622ca9
Pipeline #89280 passed with stages
in 2 minutes and 20 seconds
......@@ -4,19 +4,18 @@ board: shield, mox, omnia, 1.x
# Sentinel
## What is Sentinel?
Sentinel is our [data collection](../collect/collect.md) system providing dynamic
firewall. Router side of the system consists of data collect subsystem,
subsystem for dynamic firewall and mechanism providing secure channel for data
exchange.
Sentinel is Turris threat detection & attack prevention system. It is able
to detect attack attemps carried out by various attackers and protect the
router with dynamic firewall. If you seek more details check [Sentinel comprehensive guide](../sentinel/intro.md).
## Installation & first run
!!! tip
Data collection system is installed out of the box on [Turris
Shield](../../models/#turris-shield). There is no need to configure it.
Turris Sentinel is installed out of the box on [Turris
Shield](../../models/#turris-shield). There is no need to configure it.
To use Sentinel on Turris device just have to follow the instructions in the [date
collection setup](../collect/setup.md) article.
To use Sentinel on Turris device just have to follow the instructions in the
[setup guide](../sentinel/setup.md).
During the installation, the system tries to obtain Sentinel client
certificate and starts to collect the data. New firewall rules
......
---
board: shield
competency: novice
---
## How to set up data collection on Shield?
!!! important
This guide is only for Turris Shield. If you want to set up another
Turris device (Omnia, MOX or Turris 1.x) please use
the [appropriate guide](setup.md).
Data collection is enabled by default. We strongly encourage to keep it
enabled because it helps to protect all Sentinel users against security
threats. But if you don't want use it for some reason you can disable it.
The only thing you have to do is to disagree with our EULA. You can find
it at the _Sentinel -> Data Collection_ tab in reForis. Switch the radio
button to _I do not accept..._ and press _Save_.
![Data Collection EULA on Shield](collect-shield.png)
When done, you can see at the _Overview_ page that data collection is disabled.
![Data Collection is disabled](collect-disabled.png)
### HaaS
[HaaS](collect.md#haas-honeypot-as-a-service) is not operational by default
because it requires a few steps:
1. Register on our website – [HaaS.nic.cz](https://haas.nic.cz).
2. There, in section _My Honeypot_ click on _Add new device_. After naming it,
you will get a **token**.
![HaaS Device](haas-device.png)
3. Insert the token into the _HaaS token_ field at the _Sentinel -> HaaS_ page.
Ensure that the _Enable HaaS proxy_ checkbox is checked and press _Save_.
![HaaS setup](haas-shield.png)
{%
include-markdown "setup.md"
start="<!--isp-start-->"
end="<!--isp-end-->"
%}
---
board: mox, omnia, 1.x
competency: novice
---
## How to set up data collection?
!!! important
This guide does not cover Turris Shield. Sentinel Data collect
is *enabled* by default on Turris Shield. If you want to configure your
Shield please use the [appropriate guide](setup-shield.md).
The whole functionality is nowadays provided by [Sentinel](../apps/sentinel.md).
You just need to enable the _Data Collection_ package list in the
_Package Management_ tab and agree with our
[EULA](https://gitlab.nic.cz/turris/sentinel/eula/-/blob/master/eulas/1.txt)
via _Data Collection_ tab in reForis. This will install and enable
[dynamic firewall](dynfw/collect-dynfw.md) and other selected data collection
components.
![Package Sentinel](setup-packages.png)
![EULA](eula.png)
You can also install the data collection manually using command line (SSH):
```
opkg update
opkg install turris-survey sentinel-dynfw-client sentinel-nikola sentinel-minipot haas-proxy
uci set sentinel.main.agreed_with_eula_version=1 && uci commit
```
In both cases, few extra steps are needed to activate HaaS:
1. Register on our website – [HaaS.nic.cz](https://haas.nic.cz).
2. There, in section _My Honeypot_ click on _Add new device_. After
naming it, you will get a **token**
![HaaS Device](haas-device.png)
3. Add your token to the router using command line (SSH):
```
uci set haas.settings.token="YOUR_TOKEN"
uci commit
/etc/init.d/haas-proxy enable
/etc/init.d/haas-proxy start
```
<!--isp-start-->
## Important note about Internet Service Providers
Some [Internet Service Providers](https://en.wikipedia.org/wiki/Internet_service_provider)
(ISPs) actively detect potentially vulnerable services running by their
customers. If they find such services they send notification or even block
external access to such ports.
!!! info
The same applies for some community, municipal or other networks as well.
Some parts of Sentinel ([Minipots and HaaS](collect.md)) may be detected as
such vulnerable services because they emulate them to catch potential
attackers without any risk (the attackers do not enter any real environment).
What to say to your ISP if you receive such warning:
1. Those services are operated intentionally as a part of the Sentinel security
research project.
2. They are provided by honeypots and not vulnerable software.
3. The results of the project are instantly deployed to routers and improve
security of the routers and the networks beyond them.
4. You want to keep those ports/service accessible from the Internet.
Please let us to know ([tech.support@turris.cz](mailto:tech.support@turris.cz))
if your ISP sends you such warning or event applies some "protective" measures
on your Internet connection.
!!! warning
Some ISPs silently block access to some ports (they do not declare that
they do so). It is useful to ask explicitly which ports are blocked.
<!--isp-end-->
......@@ -3,9 +3,10 @@ board: shield, mox, omnia, 1.x
---
# Dynamic Firewall
The dynamic firewall (A.K.A. DynFW) is Turris IDS and IPS system – the tool for
detecting network attackers and preventing them from attacking your device. It is
a part of Turris [data collection](../collect.md).
The dynamic firewall (DynFW) is Turris attack prevention system.
Based on the data provided by the threat detection subsystem it is able to
identify potential attackers and update the firewall rules so that they are
unable to harm you device. DynFW is a part of [Turris Sentinel](intro.md).
The system consists of two counterparts: the server side and the client
application.
......@@ -33,7 +34,7 @@ The dynamic list of all attackers is snapshoted and published daily as a CSV fil
which we refer as the *greylist*. The greylist is also enhanced with *tags*
describing the reason why particular address appears on the list (e.g. "haas",
"port_scan" or so). You can download the latest greylist snapshot on the
[Sentinel:View](https://view.sentinel.turris.cz/) web.
[Sentinel View](https://view.sentinel.turris.cz/) web.
## DynFW client
......@@ -41,8 +42,8 @@ describing the reason why particular address appears on the list (e.g. "haas",
The official dynamic firewall client is intended to run on Turris routers.
It automatically subscribes to DynFW server public interface to obtain the most
recent list of attackers and its updates. It could be installed together with
all other data collection components using
[reForis package management tab](../collect.md#how-to-set-up-data-collection).
all other Sentinel components using
[reForis package management tab](intro.md#how-to-set-up-data-collection).
The more detailed info about the application itself could be found in its code
[repository](https://gitlab.nic.cz/turris/sentinel/dynfw-client).
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment