Skynet Skynet - Router Firewall & Security Enhancements

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Marin

Very Senior Member
My Skynet did not survive the reboot once again even after updating and applying the web GUI restart/refresh command. Will retry again or reformat my USb drive and reinstall everything to see if that makes a difference.


Sent from my iPhone using Tapatalk
 

Marin

Very Senior Member
It survived the reboot! We are back in business! Thank you @Adamm!
 

L&LD

Part of the Furniture
@Marin, was it just an additional reboot needed? Or did you have to nuke the USB drive and the JFFS partition too?
 

Marin

Very Senior Member
@Marin, was it just an additional reboot needed? Or did you have to nuke the USB drive and the JFFS partition too?
Just an additional reboot but it took a little for the tab to appear.
 

dev_null

Regular Contributor
The command was never designed to be visually pleasing when output to a file, but to make it somewhat more readable you can do the following;

Code:
sh /jffs/scripts/firewall stats | sed -r 's/'$(echo -e "\033")'\[[0-9]{1,2}(;([0-9]{1,2})?)?[mK]//g' | strings > skynet.txt
While all of this amazing UI work has been rolling out, I was trying to hack together a way to email a Skynet report to myself - a la the Diversion weekly report.

For those interested, it's ugly as heck, but seems to work.

Note: this is run as two CRON jobs: the first creates the report (takes about 10-12 minutes for "top 50") and the second CRON job emails the output file. These are separated by 30-45 minutes to ensure the file is ready. As I said, it's not elegant.


EDIT: UPDATED TO NOW INCLUDE A SUBJECT LINE and Friendly From Name as part of the mime process (cribbed from @thelonelycoder Diversion email communication process in stats.div - thanks to @Adamm for the hint).

1) Create the report as Adamm laid out in his reply to me (above)
I set this up as a cron job under services-start (cru a skynet-wkly "22 2 * * SAT sh /jffs/scripts/skynet-stats") to run weekly. Be sure to make it executable.
Code:
#!/bin/sh
sh /jffs/scripts/firewall stats 50 | sed -r 's/'$(echo -e "\033")'\[[0-9]{1,2}(;([0-9]{1,2})?)?[mK]//g' | strings > skynet.txt

2) Mime and email the report (so it comes as an attachment; inline is possible but more likely to be considered SP4M due to the number of "links" in the report)
I set this up as a cron job under services-start (cru a skynet-email "45 2 * * SAT sh /jffs/scripts/skynet-email") to run weekly, after the report runs. If it runs too close to the report generation, there are errors. Also - you may need the full path to these files (/home/root) - seems to run fine in my case but YMMV. Be sure that you make this executable.
Code:
#!/bin/sh
FROM="Skynet Weekly Stats"
AUTH="[email protected]"
PASS="secret"
TO="[email protected]"
FRIENDLY_ROUTER_NAME="Your Router Name"

makemime skynet.txt
makemime -a"Subject: $FRIENDLY_ROUTER_NAME Router Stats $(date +"%F_%H.%M")" -a"From: $FROM" -o output.msg skynet.txt

cat /home/root/output.msg | sendmail -H"exec openssl s_client -quiet \
-CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
-connect smtp.gmail.com:587 -tls1 -starttls smtp" \
-f"$FROM" \
-au"$AUTH" -ap"$PASS" $TO
You may need to 'wget' the Equifax PEM file too.

3) Finally, backup the skynet output file and give it a unique filename (save a copy before it is over-written) - this command can be added at the end of either of the scripts above.
Code:
 cp -a skynet.txt "/tmp/mnt/path/to/backup/skynet-$(date +"%y-%d-%m").txt"

Unfortunately there is no subject line, and gmail may flag it as SP4M, so you may need to unflag it. Edit - figured the subject line out, see note above.

I tried to figure out how to use the email information already set up with Diversion, but could not, so took the separate email approach.

(I did read most all of the 5000+ posts in this thread but didn't see anything like this posted).

Cheers, (feedback and whatnot welcome!)
 
Last edited:

QuikSilver

Very Senior Member
@Adamm When I hover over the View Details URL link for "Last 10 Unique Connections Blocked (Outbound) (click to expand/collapse)" I see the tooltip as "http://192.168.1.1/user1.asp" and "http://192.168.1.1/US" for second link in same group. Other Alienvault URLs look to be correct. Seems to be the first and second items in the list.
 

randomName

Very Senior Member
Only 1 country can be banned at a time?
 

Adamm

Part of the Furniture
Uh, whoopsie! :oops: o_O

I have had this ntp server battle intermittently for months. Thought I had whitelised the entire pool.ntp.org domain and solved it - guess not. @XIII this might be something of your issue, seeing your posts on this DNS niggle. @Adamm any comment?



Result of clicking View Details
https://otx.alienvault.com/indicator/ip/23.129.64.159
Looks like its also used as a TOR exit node which is why it was probably blacklisted, but as per usual I don't control the content on these lists so its up to the maintainer weather to remove it or not.

Is there a way we can collapse(default) source ports inbound or even remove from the page as it's really not significant to show as they are random anyway, that's my understanding.
I'll see if we can store the collapsed/open chart preferences as cookies much like we do the chart types. All data is useful data when trying to establish patterns :p

I created/formatted to NTFS to clear out previous ext2 then deleted partition and did a clean ext2.

I have removed the devices section in paste below...
Code:
Router Model; RT-AC1900P
Skynet Version;  (04/01/2020) (261a3ffac493975e67c86db6970e2133)
iptables v1.4.15 - (eth0 @ 192.168.x.x)
ipset v6.32, protocol version: 6
FW Version; 384.14_2 (Dec 31 2019) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/sdc5/skynet (3.0G / 3.7G Space Available)
SWAP File; /tmp/mnt/sdc5/myswap.swp (512.5M)
Uptime; 0 days, 20 hours, 13 minutes.
Ram Available; (181M / 249M)


--------------------                | ----------
| Test Description |                | | Result |
--------------------                | ----------

Internet-Connectivity               | [Passed]
Write Permission                    | [Passed]
Firewall-Start Entry                | [Passed]
Services-Stop Entry                 | [Passed]
SWAP                                | [Passed]
Cron Jobs                           | [Failed]
IPSet Comment Support               | [Passed]
Log Level 5 Settings                | [Failed]
Duplicate Rules In RAW              | [Passed]
Inbound Filter Rules                | [Failed]
Inbound Logging Rules               | [Failed]
Outbound Filter Rules               | [Failed]
Outbound Logging Rules              | [Failed]
Whitelist IPSet                     | [Failed]
BlockedRanges IPSet                 | [Failed]
Blacklist IPSet                     | [Failed]
Skynet IPSet                        | [Failed]
Diversion Plus Content              | [Failed]


-----------                         | ----------
| Setting |                         | | Status |
----------                          | ----------

Skynet Auto-Updates                 | [Disabled]
Malware List Auto-Updates           | [Enabled]
Logging                             | [Enabled]
Filter Traffic                      | [Enabled]
Unban PrivateIP                     | [Enabled]
Log Invalid Packets                 | [Disabled]
Ban AiProtect                       | [Enabled]
Secure Mode                         | [Enabled]
Fast Switch List                    | [Disabled]
Syslog Location                     | [Default]
IOT Blocking                        | [Disabled]
Country Lookup For Stats            | [Disabled]
CDN Whitelisting                    | [Enabled]
Display WebUI                       | [Disabled]

7/18 Tests Sucessful
Should I try to format JFFS partition at next boot?
Do you happen to have multiple partitions on your USB? Another user a few days ago had similar issues when trying to use NTFS/ext* partitions on the same USB. I highly suggest just 1x unified ext partition if you want things to work smoothly.

My Skynet did not survive the reboot once again even after updating and applying the web GUI restart/refresh command. Will retry again or reformat my USb drive and reinstall everything to see if that makes a difference.


Sent from my iPhone using Tapatalk
It survived the reboot! We are back in business! Thank you @Adamm!
Do you happen to have one of @Jack Yaz 's ui* scripts installed? As previously stated you will experience some oddities in behavior due to them racing to mount menuTree.js using the old and new methods.

@Adamm When I hover over the View Details URL link for "Last 10 Unique Connections Blocked (Outbound) (click to expand/collapse)" I see the tooltip as "http://192.168.1.1/user1.asp" and "http://192.168.1.1/US" for second link in same group. Other Alienvault URLs look to be correct. Seems to be the first and second items in the list.
Can't reproduce on my end but I'll look into it, mind sending me a copy of your stats.js file located in your skynet install directory.
 

duceyaj

New Around Here
I've been having some issues with Skynet not being able to start up properly.


Code:
Router Model; RT-AX88U
Skynet Version;  (04/01/2020) (261a3ffac493975e67c86db6970e21)
iptables v1.4.15 - (eth0 @ 192.168.50.1)
ipset v6.32, protocol version: 6
IP Address; (XXX.XXX.XXX.XXX)
FW Version; 384.14_0 (Dec 13 2019) (4.1.51)
Install Dir; /tmp/mnt/yangdrive/skynet (12.0G / 14.2G Space A)

IPTables Rules                      | [Failed]
Here is my debug output

Code:
--------------------                | ----------
| Test Description |                | | Result |
--------------------                | ----------

Internet-Connectivity               | [Passed]
Write Permission                    | [Passed]
Firewall-Start Entry                | [Passed]
Services-Stop Entry                 | [Passed]
SWAP                                | [Passed]
Cron Jobs                           | [Passed]
IPSet Comment Support               | [Passed]
Log Level 6 Settings                | [Passed]
Duplicate Rules In RAW              | [Passed]
Inbound Filter Rules                | [Failed]
Inbound Logging Rules               | [Failed]
Outbound Filter Rules               | [Failed]
Outbound Logging Rules              | [Failed]
Whitelist IPSet                     | [Passed]
BlockedRanges IPSet                 | [Passed]
Blacklist IPSet                     | [Passed]
Skynet IPSet                        | [Passed]
Diversion Plus Content              | [Passed]


-----------                         | ----------
| Setting |                         | | Status |
----------                          | ----------

Skynet Auto-Updates                 | [Enabled]
Malware List Auto-Updates           | [Enabled]
Logging                             | [Enabled]
Filter Traffic                      | [Enabled]
Unban PrivateIP                     | [Enabled]
Log Invalid Packets                 | [Disabled]
Ban AiProtect                       | [Enabled]
Secure Mode                         | [Enabled]
Fast Switch List                    | [Disabled]
Syslog Location                     | [Default]
IOT Blocking                        | [Disabled]
Country Lookup For Stats            | [Disabled]
CDN Whitelisting                    | [Enabled]
Display WebUI                       | [Enabled]

14/18 Tests Sucessful


==============================================================


[#] 0 IPs (+0) -- 0 Ranges Banned (+0) ||  Inbound --  Outbou]



[i] Press Enter To Continue...
Sent from my SM-G975U1 using Tapatalk
 

Adamm

Part of the Furniture
I've been having some issues with Skynet not being able to start up properly.


Code:
Router Model; RT-AX88U
Skynet Version;  (04/01/2020) (261a3ffac493975e67c86db6970e21)
iptables v1.4.15 - (eth0 @ 192.168.50.1)
ipset v6.32, protocol version: 6
IP Address; (XXX.XXX.XXX.XXX)
FW Version; 384.14_0 (Dec 13 2019) (4.1.51)
Install Dir; /tmp/mnt/yangdrive/skynet (12.0G / 14.2G Space A)

IPTables Rules                      | [Failed]
Here is my debug output

Code:
--------------------                | ----------
| Test Description |                | | Result |
--------------------                | ----------

Internet-Connectivity               | [Passed]
Write Permission                    | [Passed]
Firewall-Start Entry                | [Passed]
Services-Stop Entry                 | [Passed]
SWAP                                | [Passed]
Cron Jobs                           | [Passed]
IPSet Comment Support               | [Passed]
Log Level 6 Settings                | [Passed]
Duplicate Rules In RAW              | [Passed]
Inbound Filter Rules                | [Failed]
Inbound Logging Rules               | [Failed]
Outbound Filter Rules               | [Failed]
Outbound Logging Rules              | [Failed]
Whitelist IPSet                     | [Passed]
BlockedRanges IPSet                 | [Passed]
Blacklist IPSet                     | [Passed]
Skynet IPSet                        | [Passed]
Diversion Plus Content              | [Passed]


-----------                         | ----------
| Setting |                         | | Status |
----------                          | ----------

Skynet Auto-Updates                 | [Enabled]
Malware List Auto-Updates           | [Enabled]
Logging                             | [Enabled]
Filter Traffic                      | [Enabled]
Unban PrivateIP                     | [Enabled]
Log Invalid Packets                 | [Disabled]
Ban AiProtect                       | [Enabled]
Secure Mode                         | [Enabled]
Fast Switch List                    | [Disabled]
Syslog Location                     | [Default]
IOT Blocking                        | [Disabled]
Country Lookup For Stats            | [Disabled]
CDN Whitelisting                    | [Enabled]
Display WebUI                       | [Enabled]

14/18 Tests Sucessful


==============================================================


[#] 0 IPs (+0) -- 0 Ranges Banned (+0) ||  Inbound --  Outbou]



[i] Press Enter To Continue...
Sent from my SM-G975U1 using Tapatalk

Did you change anything about your setup lately, plus what other scripts do you have installed?

Also what is the output of the following commands;

Code:
iptables --line -t raw -vnL

cat /jffs/scripts/firewall-start
Finally have you tried a firewall restart (followed by waiting about 60 seconds);

Code:
sh /jffs/scripts/firewall restart
 

elorimer

Very Senior Member
I tried to figure out how to use the email information already set up with Diversion, but could not, so took the separate email approach.
In your script, include two lines: a dot command to pull most of the info from the diversion email.conf command, and then something that extracts the password from the encrypted file.
Code:
# Email settings (mail envelope) #
. /opt/share/diversion/.conf/email.conf
PASSWORD=$(openssl aes-256-cbc -d -in /opt/share/diversion/.conf/emailpw.enc -pass pass:ditbabot,isoi)
Actually, it is convenient to have a separate email script that accepts a subject line and text file as parameters to use for any email scripting.
Code:
#!/opt/bin/sh
#Parameters passed#
mailsubject=$1
mailbody=$2
# Email settings (mail envelope) #
. /opt/share/diversion/.conf/email.conf
PASSWORD=$(openssl aes-256-cbc -d -in /opt/share/diversion/.conf/emailpw.enc -pass pass:ditbabot,isoi)
#Build email
    echo "From: \"$FRIENDLY_ROUTER_NAME\" <$FROM_ADDRESS>" >/tmp/mail.txt
    echo "To: \"$TO_NAME\" <$TO_ADDRESS>" >>/tmp/mail.txt
    echo "Subject: $mailsubject " >>/tmp/mail.txt
    echo "Date: $(date -R)" >>/tmp/mail.txt
    echo >>/tmp/mail.txt
    echo " $(cat $mailbody)" >>/tmp/mail.txt
 
#Send Email
/usr/sbin/curl --url $PROTOCOL://$SMTP:$PORT \
        --mail-from "$FROM_ADDRESS" --mail-rcpt "$TO_ADDRESS" \
                    --upload-file /tmp/mail.txt \
                    --ssl-reqd \
                    --user "$USERNAME:$PASSWORD" $SSL_FLAG
        
rm /tmp/mail.txt
 
Last edited:

dev_null

Regular Contributor
In your script, include two lines: a dot command to pull most of the info from the diversion email.conf command, and then something that extracts the password from the encrypted file.
<snip>

Actually, it is convenient to have a separate email script that accepts a subject line and text file as parameters to use for any email scripting.
<snip>
Thanks for the reply, I did try that latter script, but when I cat'd the skynet info into the message, gmail kept flagging it as SP4M due to the number of embedded links. So the easiest workaround was to create an attachment. But I could not figure out how to add a subject line using the versions of mime or sendmail included on our routers.

I will try to tweak the script to pull from the diversion credentials so I don't have to have two sets to maintain; I'll update my original post if I sort it out.

Now folks have a couple different approaches!

EDIT: @thelonelycoder - is there any way to have the sendmail command for Diversion attach a second file (skynet report) at the time it emails the weekly report?
 
Last edited:

QuikSilver

Very Senior Member
Can't reproduce on my end but I'll look into it, mind sending me a copy of your stats.js file located in your skynet install directory.
Check this morning and its showing properly....o_O.
 

elorimer

Very Senior Member
But I could not figure out how to add a subject line using the versions of mime or sendmail included on our routers.
You might look at stats.div for how diversion does it with curl.
 

Rhialto

Regular Contributor
Do you happen to have multiple partitions on your USB? Another user a few days ago had similar issues when trying to use NTFS/ext* partitions on the same USB.
No what I was saying is I made the stick NTFS to make sure to overwrite it all before making it again ext2.

Code:
nvram show | grep jffs
size: 59238 bytes (6298 left)
jffs2_on=1
jffs2_enable=1
jffs2_format=0
jffs2_scripts=1
log_path=/jffs
Should I format JFFS partition at next reboot? Maybe @RMerlin can tell me what's stored there. I have manually assigned IPs I would not like to lose. Yet I only run Diversion and uiDivStats.
 
Last edited:

Adamm

Part of the Furniture
No what I was saying is I made the stick NTFS to make sure to overwrite it all before making it again ext2.

Code:
nvram show | grep jffs
size: 59238 bytes (6298 left)
jffs2_on=1
jffs2_enable=1
jffs2_format=0
jffs2_scripts=1
log_path=/jffs
Should I format JFFS partition at next reboot? Maybe @RMerlin can tell me what's stored there. I have manually assigned IPs I would not like to lose. Yet I only run Diversion and uiDivStats.
Issue is to-do with your USB not JFFS. My suggestion is to nuke it and start over using something like MiniTool Partition Wizard, I'm guessing it wasn't formatted correctly.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top