Aegis aegis: a firewall blocklist

[Tom Brough]

I'm still struggling to get it installed...

This is what telnet gives me...

root@R7800:/$ wget -qO- https://github.com/bolemo/aegis/raw/master/aegis-install.sh | sh
Where do you want to install aegis?
0 - router internal memory (rootfs)
1 - external drive: /mnt/UNTITLED
2 - external drive: /mnt/sda
c - cancel installation
Your choice: 1
aegis will be installed on external drive /tmp/mnt/UNTITLED
Creating directory (if not already existing): /opt/scripts
Creating directory (if not already existing): /tmp/mnt/UNTITLED/bolemo
Creating symlink (if not already existing): /opt/bolemo
ln: /opt/bolemo: File exists
Creating subdirectories in bolemo: scripts, etc
Downloading and installing aegis...
/opt/bolemo/scripts/aegis: No such file or directory
Could not download aegis!

 

[HELLO_wORLD]

Is there anything unusual in your router environment?
You seem to be the only one encountering this problem.

Anyway, let’s find out what is the problem here.
The idea is to diagnose the problem first.

After you run the installer (and it fails to download aegis), can you do those commands?

First, let’s check your mounted drives:

ls -l /mnt/

Can you post the output?

Then can you post the output of this:

ls -l /mnt/UNTITLED/

Now, let’s check if the bolemo directory and subdirectories are created:

ls -l /mnt/UNTITLED/bolemo/*

And then, let’s check if the bolemo symlink is in place:

cd /opt
ls -l bolemo/*

After you share the output of those commands, I will be able to assess if the problem is at this level, or further with wget. I have an idea on how to make it work for you, but I need first to be sure there is no problem with directories on your setup.

I'm still struggling to get it installed...

This is what telnet gives me...

root@R7800:/$ wget -qO- https://github.com/bolemo/aegis/raw/master/aegis-install.sh | sh
Where do you want to install aegis?
0 - router internal memory (rootfs)
1 - external drive: /mnt/UNTITLED
2 - external drive: /mnt/sda
c - cancel installation
Your choice: 1
aegis will be installed on external drive /tmp/mnt/UNTITLED
Creating directory (if not already existing): /opt/scripts
Creating directory (if not already existing): /tmp/mnt/UNTITLED/bolemo
Creating symlink (if not already existing): /opt/bolemo
ln: /opt/bolemo: File exists
Creating subdirectories in bolemo: scripts, etc
Downloading and installing aegis...
/opt/bolemo/scripts/aegis: No such file or directory
Could not download aegis!

 

[Tom Brough]

Morning, thanks for this assistance... My system environment is completely stock apart from kamoj build... I do sometimes swap over to openwrt and back.

First, let’s check your mounted drives:
Code:l ls-l /mnt/

This gives me...

root@R7800:/$ ls -l /mnt/
lrwxrwxrwx 1 root root 8 Jan 1 1970 UNTITLED -> /mnt/sda
drwxrwxrwx 4 root root 4096 May 23 00:05 sda

can you post the output of this:
Code:
ls -l /mnt/UNTITLED/

root@R7800:/$ ls -l /mnt/UNTITLED/
drwxrwxrwx 4 root root 4096 May 23 00:05 bolemo
-rwxrwxrwx 1 root root 29976 May 21 14:23 iprange_1.0.4-1_ipq806x.ipk
-rwxrwxrwx 1 root root 220705 May 19 21:19 kamoj-addon_200519-165446-5.3b2_ipq806x.ipk

Now, let’s check if the bolemo directory and subdirectories are created:
Code:
ls -l /mnt/UNTITLED/bolemo/*

root@R7800:/$ ls -l /mnt/UNTITLED/bolemo/*
/mnt/UNTITLED/bolemo/etc:

/mnt/UNTITLED/bolemo/scripts:

And then, let’s check if the bolemo symlink is in place:
Code:cd /optl ls-l bolemo/*

root@R7800:/$ cd /opt
root@R7800:/opt$ ls -l bolemo/*
ls: bolemo/*: No such file or directory

 

[Tom Brough]

How can I remove the bolemo folder from the router file system to effectively do a fresh install, the folders I can wipe from the USB easily... How do I delete the installed part onto the router?

 

[HELLO_wORLD]

How can I remove the bolemo folder from the router file system to effectively do a fresh install, the folders I can wipe from the USB easily... How do I delete the installed part onto the router?

Ok, we are progressing.

What is this giving:

cd /opt
ls -l

To remove what is in the router internal memory, it should simply be removing the symlink in /opt.
However, it seems that in your case, /opt/bolemo is a file.
So try:

cd /opt
rm bolemo

If it tells you it is a directory, then try this:

cd /opt
rm -rf bolemo

 

[Tom Brough]

What is this giving:
Code:
cd /opt
ls -l

root@R7800:/$ cd /opt
root@R7800:/opt$ ls -l
lrwxrwxrwx 1 root root 24 May 18 22:10 bolemo -> /tmp/mnt/R7800USB/bolemo
-rw-r--r-- 1 root root 175 Apr 22 16:36 dirlist
-rw-r--r-- 1 root root 855 Apr 22 16:36 filelist
drwxr-xr-x 3 root root 224 May 19 20:39 kamoj
drwxr-xr-x 2 root root 224 Oct 14 2019 leafp2p
drwxr-xr-x 4 root root 648 Oct 14 2019 rcagent
drwxr-xr-x 2 root root 296 Oct 14 2019 remote
drwxr-xr-x 2 root root 248 Apr 22 16:29 scripts
-rw-r--r-- 1 root root 9 Apr 22 16:36 version
drwxr-xr-x 3 root root 504 Oct 14 2019 xagent
root@R7800:/opt$

 

[Tom Brough]

So try:
Code:
cd /opt
rm bolemo

root@R7800:/opt$ cd /opt
root@R7800:/opt$ rm bolemo
rm: remove 'bolemo'? y
root@R7800:/opt$ ls -l
-rw-r--r-- 1 root root 175 Apr 22 16:36 dirlist
-rw-r--r-- 1 root root 855 Apr 22 16:36 filelist
drwxr-xr-x 3 root root 224 May 19 20:39 kamoj
drwxr-xr-x 2 root root 224 Oct 14 2019 leafp2p
drwxr-xr-x 4 root root 648 Oct 14 2019 rcagent
drwxr-xr-x 2 root root 296 Oct 14 2019 remote
drwxr-xr-x 2 root root 248 Apr 22 16:29 scripts
-rw-r--r-- 1 root root 9 Apr 22 16:36 version
drwxr-xr-x 3 root root 504 Oct 14 2019 xagent
root@R7800:/opt$

 

[Tom Brough]

Success!!!

root@R7800:~$ wget -qO- https://github.com/bolemo/aegis/raw/master/aegis-install.sh | sh
Where do you want to install aegis?
0 - router internal memory (rootfs)
1 - external drive: /mnt/UNTITLED
2 - external drive: /mnt/sda
c - cancel installation
Your choice: 1
aegis will be installed on external drive /tmp/mnt/UNTITLED
Creating directory (if not already existing): /opt/scripts
Creating directory (if not already existing): /tmp/mnt/UNTITLED/bolemo
Creating symlink (if not already existing): /opt/bolemo
Creating subdirectories in bolemo: scripts, etc
Downloading and installing aegis...
Downloading aegis default sources file...
iprange is installed.
Done!
root@R7800:~$

Big thanks @HELLO_wORLD

 

[HELLO_wORLD]

v1.1.3

Some optimizations.
Future upgrades will stripe empty lines and comments to reduce file size.
Installer should overcome the rare problem encountered by @Tom Brough (forcing the symlink when already existing and pointing to wrong place)
Now, if the sources file is missing, it will download the default one. Should never happen, but gives some self regeneration ability to the script.

Also, new option: -html
This allows to send the output to an html file accessible from the router web: http://routerlogin.net/bolemo/aegis.htm
For exemple: aegis status -html will generates the web page with status. More details in the readme.
Thanks to @NetBytes for the suggestion.

 

[KW.]

Works perfectly, did it all with short commands, didn't even have to copy paste. I feel im in control. Really nice.

 

[Tom Brough]

Well big thank you @HELLO_wORLD

I've just upgraded and it all went without a hitch! Perfect.

 

[NetBytes]

Fully upgraded and working great!.
Thanks @HELLO_wORLD for all your work!
FWFW: I'm using 'aegis -v status -html' to get the full output and this works great.

 

[Tom Brough]

@HELLO_wORLD

I've noticed something odd, when you finally got my install working yesterday with those extra bits of code, you'll see I installed it to external storage, but I upgraded it this morning when you posted, it all went great, just worked like it should... But I've just tried this HTML section you added and noticed it now says it's installed to internal storage? The upgrade must have swapped install location.

When installed...

root@R7800:~$ wget -qO- https://github.com/bolemo/aegis/raw/master/aegis-install.sh | sh
Where do you want to install aegis?
0 - router internal memory (rootfs)
1 - external drive: /mnt/UNTITLED
2 - external drive: /mnt/sda
c - cancel installation
Your choice: 1
aegis will be installed on external drive /tmp/mnt/UNTITLED
Creating directory (if not already existing): /opt/scripts
Creating directory (if not already existing): /tmp/mnt/UNTITLED/bolemo
Creating symlink (if not already existing): /opt/bolemo
Creating subdirectories in bolemo: scripts, etc
Downloading and installing aegis...
Downloading aegis default sources file...
iprange is installed.
Done!
root@R7800:~$

Just now when checked after a "aegis upgrade" this morning, it now shows...

root@R7800:/$ aegis info
Info:
- 'aegis' version 1.1.3 is installed on internal drive.
- This is the last version.
- 'iprange' is installed: iprange 1.0.4

 

[KW.]

Also on my info says it is installed on internal drive now.

- 'aegis' version 1.1.3 is installed on internal drive.  
- This is the last version. 
 - 'iprange' is installed: iprange 1.0.4

 

[HELLO_wORLD]

I will look into that tomorrow.
During upgrade, the install location is not changing, so it is likely that it is the detection of where it is installed that is not working.

@Tom Brough and @KW. can you try this:

cd /opt/bolemo/scripts

It tells you where it is installed; should be /tmp/mnt/YOURDRIVE/bolemo/scripts

For me:

root@R7800:~$ cd /opt/bolemo/scripts
root@R7800:/tmp/mnt/sda1/bolemo/scripts$

You can also chack it is not installed on internal drive doing:

ls -l /root/

It should be empty or not show a folder bolemo.

Now, for me aegis info tells me it is on external drive, so I will need to figure out why it tells you it is on internal drive,

 

[HELLO_wORLD]

Ok, found the problem.

As I thought, install location did not change.
Short version of aegis thinks it is on internal drive. If you do /opt/bolemo/scripts/aegis info it will give you correct info.

I will fix that tomorrow. Thank you for reporting !

 

[Tom Brough]

Morning, ran your code and it gives me...

root@R7800:/$ cd /opt/bolemo/scripts
root@R7800:/tmp/mnt/sda/bolemo/scripts$

So yes from that it's still on the USB but just not reporting as such...

 

[KW.]

It was a very minor problem then

 

[HELLO_wORLD]

Ok, was able to fix it. Next release will come soon with the fix.

Had to be creative since the command readlink is not on firmware binaries.

I am fixing another issue while script called from cron with html output. Once it is fixed, I will release the next version.

 

[HELLO_wORLD]

v1.1.4
Fixed the canonical path detection when using aegis from $PATH (former detection thinking we were on internal drive even if aegis is on external drive)
Fixed environment $PATH when launched from cron (giving funky and wrong html output)
Simplified the execution of the script. Before, it was renicing itself to a lower priority to not slow down the router while rebuilding ipsets, but since I changed ipset building method a while ago, there is no need to renice the script.