Can the RT-N66U run UTM? How?

[Jcconnell]

I'd like to see if my RT-N66U could support running the packages required to create a unified threat management device.

I've seen firmware available for other Asus routers (Wgl-500 I believe was one) that ran Squid, Snort, DansGuardian, OpenVPN and others. I'm really only interested in Squid and Snort at this point, but would be interested in adding more if possible. I like the VPN support already built in to MerlinWRT.

Could someone shed some light on this for me and possibly help me implement this?

 

[MercuryV]

Entware repository contains:

• Squid 2.7.STABLE9
• Snort 2.9.2.2
• DansGuardian 2.10.1.1
• and more

 

[Jcconnell]

Yes, I verified their availability before I posted.

I was more interested in whether the router hardware could support running one or all of these programs.

Additionally, I don't exactly know how to set these up, but I'd like to tinker. A little Googling hasn't turned up anything. I was hoping you could describe the process or point me in a direction that I could use to learn about it.

 

[Jcconnell]

After some trial and error, I have Snort running on the RT-N66U. It doesn't seem to have much of an impact on the router's performance...None, in fact.

I was getting some errors during launch, they had to do with low memory. I lowered the max_tcp and max_udp values to 9999 as mentioned here: http://itknowledgeexchange.techtarget.com/security-admin/snort-on-low-end-servers/. That fixed the problem.

I then ran Snort in daemon mode with this command: /opt/bin/snort -c /opt/etc/snort/snort.conf -A fast -h 192.168.1.0 -D

Previous attempts printed data to the screen. In this mode, it should be printing data to the default log location in /var/log but it is not.

Now that I have it running, I'm trying to make sure it's working properly. Next, I will move onto squid.

 

[MercuryV]

it should be printing data to the default log location in /var/log but it is not.

/var is read-only. check /opt/var/log
or set your own log dir in snort.conf

# Configure default log directory for snort to log to.  For more information see snort -h command line options (-l)
#
# config logdir:

 

[Jcconnell]

I've checked there as well, still not able to find them.

 

[Jcconnell]

I've kind of hit a wall here with Snort. I can turn it on and run it as a daemon, but it's not logging anything. I can't even tell if it's doing it's job really.

Is there anyone more experienced with Snort that could help?

 

[Wisiwyg]

Any updates on this? I'd like to run SNORT within my AC66U. If anyone has had success with it I'd appreciate any write-up. TIA

 

[ugvenkat]

Snort Logging

To Run Sort use the following command.
snort -A fast -d -D -c /opt/snort/conf/snort.conf -l /opt/snort/log

where /opt/snort/log is the directory created by me.


Search G o o g l e
Step by Step procedure for installing and configuring SNORT on TomatoUSB.

 

[DSwit]

Security Logging

I didn't realize that snort or similar utilities where available for the RT-N66U.

I am familiar with snort, but is there another utility that other users prefer using with the RT-N66U for stability or functionality reasons?

TIA

 

[Wisiwyg]

Quick update... The iGuardian project being developed by ITUS networks (itusnetworks.com) has posted a blog entry stating they've commissioned an OpenWRT gui front end to Snort, Squid, DansGuardian and some other security components and intend to make these open source. It would be interesting to have one or more of these loaded into the Merlin AsusWRT firmware for those of us that aren't command-line savvy...