Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Schmiddi

Pages1
#1
German - Deutsch / Re: Was benötigt man als Privatperson an "Schutz" Zuhause? Was verwendet Ihr?
October 17, 2024, 03:09:17 PM
Ich vertrete auch die Meinung, solange man sich lediglich mit dem Internet verbinden möchte, reicht eine FritzBox.

Macht man sein Heim zu einem SmartHome mit vielen verschiedenen IoT Devices, kann wenn gewünscht auch noch hier die Fritze mit dem Gast-Netz ganz gut genutzt werden.

Eleganter wird das natürlich alles mit VLANs und kann mit strikten Regeln das eigene Netz schonmal sicherer machen, je nach dem was für IoT Devices man so alle betreibt.

Ab dem Punkt wo Services ins WAN freigegeben werden, wird es interessant über eine FritzBox hinaus zu gehen.

Hat man an dem ganzen Thema Spaß und/oder hat damit auch beruflich zu tun, kann man das Ganze mehr oder weniger stark weiter aufziehen

Ich persönlich nutze in meinem Heimnetzerk

3 VLANs
Unbound
AdGuard Home mit dieser Blocklist Collection Firebog
Neben persönlichen Whitelists diese drei Whitelists 1 2 3
CrowdSec mit dem ganzen Paket an Scenarios und drei Blocklisten von Firehol
#2
German - Deutsch / Re: CrowdSec - Port Scans - kein Alert/Ban
October 11, 2024, 05:14:59 PM
Hab Crowdsec so sauber es geht von der Sense entfernt, Datenbank gelöscht ect pp.
Komplett neu eingerichtet, nun gehts wieder.

Es sind jetzt automatisch gefühlt alle Scenarios geladen, ist das mittlerweile normal so?  ;D


Vorher hatte ich da nur insgesamt sieben an der Zahl, ausgewählt nach meinen Services.
#3
German - Deutsch / Re: CrowdSec - Port Scans - kein Alert/Ban
October 11, 2024, 11:19:16 AM
Völlig richtig, sieht bei mir entsprechend auch so aus, nur ohne aktuelle Alerts/Blocks, nur meine manuell getesteten bzw durch meinen SSH Brute Force.

Eigene Port Scans werden nicht geblockt, andere dementsprechend ebenso nicht.

An der Konfiguration sollte es eigentlich nicht liegen, ist mir wie gesagt seit 24.7.5 aufgefallen.
Aber wenn es bei dir mit .6 klappt :/
Meine ist auch derweil auf .6

Bin alles nochmals durchgegangen, im crowdsec-firewall-bouncer.log sowie crowdsec.log sieht alles in Ordnung aus, die Ergebnisse der entsprechendenen cscli Befehle sehen in Ordnung aus sowie alles im GUI..

Das Einzige was mir aufgefallen ist, im CrowdSec Account bei der Security Engine siehe Screenshot.


Aber das wird nicht der Grund sein für die nicht geblockten PortScans. Lasse gerade ununterbrochen welche auf die Sense laufen, es passiert gar nichts :(

#4
German - Deutsch / CrowdSec - Port Scans - kein Alert/Ban
October 11, 2024, 11:00:26 AM
Hallo zusammen,

seit dem Update der OPNsense auf 24.7.5 konnte ich beobachten, dass CrowdSec mit firewallservices/pf-scan-multi_ports Scenario keine Alerts und Bans mehr diesbezüglich anzeigt/vornimmt.

Generelle Funktionalität besteht und wurde mit SSH BruteForce getestet.
Pre 24.7.5 wurden PortScans auch verlässlich geblockt, auch durch mich selbst getestet, jetzt jedoch nicht mehr. Die Anfragen selbst werden verlässlich durch die Sense geblockt, leider kein Ban mehr durch CrowdSec vorgenommen.
Habe das Scenario neuinstalliert, ohne Erfolg.

Konnte jemand etwas ähnliches beobachten?

Wenn ja, wird es allem Anschein nach irgendeine Inkompatibilität seit 24.7.5 geben.
#5
German - Deutsch / Re: Telekom FTTH Hilfe
October 11, 2024, 10:49:27 AM
Ohne weitere Erläuterung deiner Konfiguration, oder Screenshots aus der OPNsense ist das n bisschen schwierig zu beantworten.
Ich selbst bin noch nicht auf Glasfaser umgestellt, habe mich diesbezüglich aber schon etwas belesen.

Nach meinem Kenntnisstand musst du

VLAN Tag7, als Parent das WAN Interface erstellen
und bei PPPoE Devices
Interfaces: <WAN Interface> und vlan0.7 anhaken

Dann sollte es eigentlich klappen.
#6
24.7, 24.10 Legacy Series / Stuck at update 24.7.6 (no more)
October 09, 2024, 05:24:40 PM
Tried to manually stop crowdsec, but update doesn't continue

Code Select
***GOT REQUEST TO UPDATE***
Currently running OPNsense 24.7.5_3 at Wed Oct  9 17:17:18 CEST 2024
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
Checking for upgrades (46 candidates): .......... done
Processing candidates (46 candidates): .......... done
The following 48 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
py311-ldap3: 2.9.1 [OPNsense]
redis72: 7.2.6 [OPNsense]

Installed packages to be UPGRADED:
acme.sh: 3.0.8 -> 3.0.9 [OPNsense]
boost-libs: 1.84.0 -> 1.85.0 [OPNsense]
ca_root_nss: 3.93 -> 3.104 [OPNsense]
crowdsec: 1.6.3_1 -> 1.6.3_2 [OPNsense]
curl: 8.10.0_1 -> 8.10.1 [OPNsense]
dhcp6c: 20240919 -> 20241008 [OPNsense]
easy-rsa: 3.2.1,1 -> 3.2.1_1,1 [OPNsense]
haproxy28: 2.8.10 -> 2.8.11 [OPNsense]
isc-dhcp44-server: 4.4.3P1_1 -> 4.4.3P1_2 [OPNsense]
json-c: 0.17 -> 0.18 [OPNsense]
kea: 2.6.1 -> 2.6.1_1 [OPNsense]
libuv: 1.48.0 -> 1.49.0 [OPNsense]
monit: 5.33.0_1 -> 5.34.1 [OPNsense]
opnsense: 24.7.5_3 -> 24.7.6 [OPNsense]
opnsense-update: 24.7.5 -> 24.7.6 [OPNsense]
os-acme-client: 4.5 -> 4.6 [OPNsense]
os-ddclient: 1.24_1 -> 1.24_2 [OPNsense]
php82: 8.2.23 -> 8.2.24 [OPNsense]
php82-ctype: 8.2.23 -> 8.2.24 [OPNsense]
php82-curl: 8.2.23 -> 8.2.24 [OPNsense]
php82-dom: 8.2.23 -> 8.2.24 [OPNsense]
php82-filter: 8.2.23 -> 8.2.24 [OPNsense]
php82-gettext: 8.2.23 -> 8.2.24 [OPNsense]
php82-ldap: 8.2.23 -> 8.2.24 [OPNsense]
php82-mbstring: 8.2.23 -> 8.2.24 [OPNsense]
php82-pcntl: 8.2.23 -> 8.2.24 [OPNsense]
php82-pdo: 8.2.23 -> 8.2.24 [OPNsense]
php82-session: 8.2.23 -> 8.2.24 [OPNsense]
php82-simplexml: 8.2.23 -> 8.2.24 [OPNsense]
php82-sockets: 8.2.23 -> 8.2.24 [OPNsense]
php82-sqlite3: 8.2.23 -> 8.2.24 [OPNsense]
php82-xml: 8.2.23 -> 8.2.24 [OPNsense]
php82-zlib: 8.2.23 -> 8.2.24 [OPNsense]
protobuf: 28.1,1 -> 28.2,1 [OPNsense]
protobuf-c: 1.4.1_5 -> 1.4.1_6 [OPNsense]
py311-anyio: 4.4.0 -> 4.6.0 [OPNsense]
py311-boto3: 1.35.16 -> 1.35.22 [OPNsense]
py311-botocore: 1.35.16 -> 1.35.22 [OPNsense]
py311-dnspython: 2.6.1,1 -> 2.7.0,1 [OPNsense]
py311-duckdb: 1.0.0 -> 1.1.1 [OPNsense]
py311-idna: 3.8 -> 3.10 [OPNsense]
py311-tzdata: 2024.1 -> 2024.2 [OPNsense]
readline: 8.2.13 -> 8.2.13_1 [OPNsense]
suricata: 7.0.6_2 -> 7.0.7 [OPNsense]
unbound: 1.21.0 -> 1.21.1 [OPNsense]

Installed packages to be REINSTALLED:
os-redis-1.1_2 [OPNsense] (direct dependency changed: redis72)

Number of packages to be installed: 2
Number of packages to be upgraded: 45
Number of packages to be reinstalled: 1

The process will require 20 MiB more space.
104 MiB to be downloaded.
[1/48] Fetching py311-anyio-4.6.0.pkg: .......... done
[2/48] Fetching unbound-1.21.1.pkg: .......... done
[3/48] Fetching php82-session-8.2.24.pkg: ..... done
[4/48] Fetching opnsense-update-24.7.6.pkg: ..... done
[5/48] Fetching py311-boto3-1.35.22.pkg: .......... done
[6/48] Fetching libuv-1.49.0.pkg: .......... done
[7/48] Fetching boost-libs-1.85.0.pkg: .......... done
[8/48] Fetching monit-5.34.1.pkg: .......... done
[9/48] Fetching php82-zlib-8.2.24.pkg: ... done
[10/48] Fetching php82-dom-8.2.24.pkg: ......... done
[11/48] Fetching php82-simplexml-8.2.24.pkg: ... done
[12/48] Fetching json-c-0.18.pkg: ......... done
[13/48] Fetching easy-rsa-3.2.1_1,1.pkg: ....... done
[14/48] Fetching haproxy28-2.8.11.pkg: .......... done
[15/48] Fetching py311-idna-3.10.pkg: .......... done
[16/48] Fetching crowdsec-1.6.3_2.pkg: .......... done
[17/48] Fetching php82-pdo-8.2.24.pkg: ....... done
[18/48] Fetching php82-curl-8.2.24.pkg: ...... done
[19/48] Fetching py311-botocore-1.35.22.pkg: .......... done
[20/48] Fetching dhcp6c-20241008.pkg: ......... done
[21/48] Fetching acme.sh-3.0.9.pkg: .......... done
[22/48] Fetching php82-mbstring-8.2.24.pkg: .......... done
[23/48] Fetching isc-dhcp44-server-4.4.3P1_2.pkg: .......... done
[24/48] Fetching protobuf-c-1.4.1_6.pkg: .......... done
[25/48] Fetching os-acme-client-4.6.pkg: .......... done
[26/48] Fetching php82-ldap-8.2.24.pkg: ..... done
[27/48] Fetching ca_root_nss-3.104.pkg: .......... done
[28/48] Fetching py311-dnspython-2.7.0,1.pkg: .......... done
[29/48] Fetching py311-ldap3-2.9.1.pkg: .......... done
[30/48] Fetching kea-2.6.1_1.pkg: .......... done
[31/48] Fetching py311-tzdata-2024.2.pkg: .......... done
[32/48] Fetching php82-sockets-8.2.24.pkg: ...... done
[33/48] Fetching php82-8.2.24.pkg: .......... done
[34/48] Fetching php82-sqlite3-8.2.24.pkg: .... done
[35/48] Fetching php82-pcntl-8.2.24.pkg: ... done
[36/48] Fetching php82-xml-8.2.24.pkg: ... done
[37/48] Fetching curl-8.10.1.pkg: .......... done
[38/48] Fetching os-ddclient-1.24_2.pkg: .... done
[39/48] Fetching suricata-7.0.7.pkg: .......... done
[40/48] Fetching php82-gettext-8.2.24.pkg: . done
[41/48] Fetching os-redis-1.1_2.pkg: ... done
[42/48] Fetching protobuf-28.2,1.pkg: .......... done
[43/48] Fetching opnsense-24.7.6.pkg: .......... done
[44/48] Fetching py311-duckdb-1.1.1.pkg: .......... done
[45/48] Fetching readline-8.2.13_1.pkg: .......... done
[46/48] Fetching php82-ctype-8.2.24.pkg: . done
[47/48] Fetching redis72-7.2.6.pkg: .......... done
[48/48] Fetching php82-filter-8.2.24.pkg: ... done
Checking integrity... done (1 conflicting)
  - redis72-7.2.6 [OPNsense] conflicts with redis-7.2.5 [installed] on /usr/local/bin/redis-benchmark
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 49 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
redis: 7.2.5

New packages to be INSTALLED:
py311-ldap3: 2.9.1 [OPNsense]
redis72: 7.2.6 [OPNsense]

Installed packages to be UPGRADED:
acme.sh: 3.0.8 -> 3.0.9 [OPNsense]
boost-libs: 1.84.0 -> 1.85.0 [OPNsense]
ca_root_nss: 3.93 -> 3.104 [OPNsense]
crowdsec: 1.6.3_1 -> 1.6.3_2 [OPNsense]
curl: 8.10.0_1 -> 8.10.1 [OPNsense]
dhcp6c: 20240919 -> 20241008 [OPNsense]
easy-rsa: 3.2.1,1 -> 3.2.1_1,1 [OPNsense]
haproxy28: 2.8.10 -> 2.8.11 [OPNsense]
isc-dhcp44-server: 4.4.3P1_1 -> 4.4.3P1_2 [OPNsense]
json-c: 0.17 -> 0.18 [OPNsense]
kea: 2.6.1 -> 2.6.1_1 [OPNsense]
libuv: 1.48.0 -> 1.49.0 [OPNsense]
monit: 5.33.0_1 -> 5.34.1 [OPNsense]
opnsense: 24.7.5_3 -> 24.7.6 [OPNsense]
opnsense-update: 24.7.5 -> 24.7.6 [OPNsense]
os-acme-client: 4.5 -> 4.6 [OPNsense]
os-ddclient: 1.24_1 -> 1.24_2 [OPNsense]
php82: 8.2.23 -> 8.2.24 [OPNsense]
php82-ctype: 8.2.23 -> 8.2.24 [OPNsense]
php82-curl: 8.2.23 -> 8.2.24 [OPNsense]
php82-dom: 8.2.23 -> 8.2.24 [OPNsense]
php82-filter: 8.2.23 -> 8.2.24 [OPNsense]
php82-gettext: 8.2.23 -> 8.2.24 [OPNsense]
php82-ldap: 8.2.23 -> 8.2.24 [OPNsense]
php82-mbstring: 8.2.23 -> 8.2.24 [OPNsense]
php82-pcntl: 8.2.23 -> 8.2.24 [OPNsense]
php82-pdo: 8.2.23 -> 8.2.24 [OPNsense]
php82-session: 8.2.23 -> 8.2.24 [OPNsense]
php82-simplexml: 8.2.23 -> 8.2.24 [OPNsense]
php82-sockets: 8.2.23 -> 8.2.24 [OPNsense]
php82-sqlite3: 8.2.23 -> 8.2.24 [OPNsense]
php82-xml: 8.2.23 -> 8.2.24 [OPNsense]
php82-zlib: 8.2.23 -> 8.2.24 [OPNsense]
protobuf: 28.1,1 -> 28.2,1 [OPNsense]
protobuf-c: 1.4.1_5 -> 1.4.1_6 [OPNsense]
py311-anyio: 4.4.0 -> 4.6.0 [OPNsense]
py311-boto3: 1.35.16 -> 1.35.22 [OPNsense]
py311-botocore: 1.35.16 -> 1.35.22 [OPNsense]
py311-dnspython: 2.6.1,1 -> 2.7.0,1 [OPNsense]
py311-duckdb: 1.0.0 -> 1.1.1 [OPNsense]
py311-idna: 3.8 -> 3.10 [OPNsense]
py311-tzdata: 2024.1 -> 2024.2 [OPNsense]
readline: 8.2.13 -> 8.2.13_1 [OPNsense]
suricata: 7.0.6_2 -> 7.0.7 [OPNsense]
unbound: 1.21.0 -> 1.21.1 [OPNsense]

Installed packages to be REINSTALLED:
os-redis-1.1_2 [OPNsense] (direct dependency changed: redis72)

Number of packages to be removed: 1
Number of packages to be installed: 2
Number of packages to be upgraded: 45
Number of packages to be reinstalled: 1

The process will require 12 MiB more space.
[1/49] Deinstalling redis-7.2.5...
[1/49] Deleting files for redis-7.2.5: .......... done
==> You should manually remove the "redis" user
==> You should manually remove the "redis" group
[2/49] Upgrading py311-idna from 3.8 to 3.10...
[2/49] Extracting py311-idna-3.10: .......... done
[3/49] Upgrading php82 from 8.2.23 to 8.2.24...
[3/49] Extracting php82-8.2.24: .......... done
[4/49] Upgrading php82-zlib from 8.2.23 to 8.2.24...
[4/49] Extracting php82-zlib-8.2.24: ........ done
[5/49] Upgrading py311-botocore from 1.35.16 to 1.35.22...
[5/49] Extracting py311-botocore-1.35.22: .......... done
[6/49] Upgrading php82-xml from 8.2.23 to 8.2.24...
[6/49] Extracting php82-xml-8.2.24: ......... done
[7/49] Upgrading php82-session from 8.2.23 to 8.2.24...
[7/49] Extracting php82-session-8.2.24: .......... done
[8/49] Upgrading boost-libs from 1.84.0 to 1.85.0...
[8/49] Extracting boost-libs-1.85.0: .......... done
[9/49] Upgrading php82-pdo from 8.2.23 to 8.2.24...
[9/49] Extracting php82-pdo-8.2.24: .......... done
[10/49] Upgrading py311-dnspython from 2.6.1,1 to 2.7.0,1...
[10/49] Extracting py311-dnspython-2.7.0,1: .......... done
[11/49] Upgrading curl from 8.10.0_1 to 8.10.1...
[11/49] Extracting curl-8.10.1: .......... done
[12/49] Upgrading protobuf from 28.1,1 to 28.2,1...
[12/49] Extracting protobuf-28.2,1: .......... done
[13/49] Upgrading unbound from 1.21.0 to 1.21.1...
===> Creating groups
Using existing group 'unbound'
===> Creating users
Using existing user 'unbound'
[13/49] Extracting unbound-1.21.1: .......... done
[14/49] Upgrading opnsense-update from 24.7.5 to 24.7.6...
[14/49] Extracting opnsense-update-24.7.6: .......... done
[15/49] Upgrading py311-boto3 from 1.35.16 to 1.35.22...
[15/49] Extracting py311-boto3-1.35.22: .......... done
[16/49] Upgrading monit from 5.33.0_1 to 5.34.1...
[16/49] Extracting monit-5.34.1: ....... done
[17/49] Upgrading php82-dom from 8.2.23 to 8.2.24...
[17/49] Extracting php82-dom-8.2.24: .......... done
[18/49] Upgrading php82-simplexml from 8.2.23 to 8.2.24...
[18/49] Extracting php82-simplexml-8.2.24: ......... done
[19/49] Upgrading php82-curl from 8.2.23 to 8.2.24...
[19/49] Extracting php82-curl-8.2.24: .......... done
[20/49] Upgrading dhcp6c from 20240919 to 20241008...
[20/49] Extracting dhcp6c-20241008: ........ done
[21/49] Upgrading acme.sh from 3.0.8 to 3.0.9...
===> Creating groups
Using existing group 'acme'
===> Creating users
Using existing user 'acme'
===> Creating homedir(s)
[21/49] Extracting acme.sh-3.0.9: .......... done
[22/49] Upgrading isc-dhcp44-server from 4.4.3P1_1 to 4.4.3P1_2...
===> Creating groups
Using existing group 'dhcpd'
===> Creating users
Using existing user 'dhcpd'
[22/49] Extracting isc-dhcp44-server-4.4.3P1_2: .......... done
[23/49] Upgrading php82-ldap from 8.2.23 to 8.2.24...
[23/49] Extracting php82-ldap-8.2.24: ........ done
[24/49] Upgrading ca_root_nss from 3.93 to 3.104...
[24/49] Extracting ca_root_nss-3.104: ...... done
[25/49] Installing py311-ldap3-2.9.1...
[25/49] Extracting py311-ldap3-2.9.1: .......... done
[26/49] Upgrading kea from 2.6.1 to 2.6.1_1...
[26/49] Extracting kea-2.6.1_1: .......... done
[27/49] Upgrading php82-sockets from 8.2.23 to 8.2.24...
[27/49] Extracting php82-sockets-8.2.24: .......... done
[28/49] Upgrading php82-sqlite3 from 8.2.23 to 8.2.24...
[28/49] Extracting php82-sqlite3-8.2.24: ......... done
[29/49] Upgrading php82-pcntl from 8.2.23 to 8.2.24...
[29/49] Extracting php82-pcntl-8.2.24: ......... done
[30/49] Upgrading suricata from 7.0.6_2 to 7.0.7...
[30/49] Extracting suricata-7.0.7: .......... done
[31/49] Upgrading php82-gettext from 8.2.23 to 8.2.24...
[31/49] Extracting php82-gettext-8.2.24: ........ done
[32/49] Upgrading py311-duckdb from 1.0.0 to 1.1.1...
[32/49] Extracting py311-duckdb-1.1.1: .......... done
[33/49] Upgrading php82-ctype from 8.2.23 to 8.2.24...
[33/49] Extracting php82-ctype-8.2.24: ........ done
[34/49] Installing redis72-7.2.6...
===> Creating groups
Using existing group 'redis'
===> Creating users
Using existing user 'redis'
[34/49] Extracting redis72-7.2.6: ......... done
[35/49] Upgrading php82-filter from 8.2.23 to 8.2.24...
[35/49] Extracting php82-filter-8.2.24: ......... done
[36/49] Upgrading readline from 8.2.13 to 8.2.13_1...
[36/49] Extracting readline-8.2.13_1: .......... done
[37/49] Upgrading py311-anyio from 4.4.0 to 4.6.0...
[37/49] Extracting py311-anyio-4.6.0: .......... done
[38/49] Upgrading libuv from 1.48.0 to 1.49.0...
[38/49] Extracting libuv-1.49.0: .......... done
[39/49] Upgrading json-c from 0.17 to 0.18...
[39/49] Extracting json-c-0.18: .......... done
[40/49] Upgrading protobuf-c from 1.4.1_5 to 1.4.1_6...
[40/49] Extracting protobuf-c-1.4.1_6: .......... done
[41/49] Upgrading py311-tzdata from 2024.1 to 2024.2...
[41/49] Extracting py311-tzdata-2024.2: .......... done
[42/49] Upgrading easy-rsa from 3.2.1,1 to 3.2.1_1,1...
[42/49] Extracting easy-rsa-3.2.1_1,1: .......... done
[43/49] Upgrading php82-mbstring from 8.2.23 to 8.2.24...
[43/49] Extracting php82-mbstring-8.2.24: .......... done
[44/49] Upgrading haproxy28 from 2.8.10 to 2.8.11...
[44/49] Extracting haproxy28-2.8.11: ........ done
[45/49] Upgrading crowdsec from 1.6.3_1 to 1.6.3_2...
[45/49] Extracting crowdsec-1.6.3_2: .......... done
crowdsec is running as pid 12071.
Stopping crowdsec.
Waiting for PIDS: 12071.
Waiting for PIDS: 61834

Nevermind, rebooted, triggered update again, it continued right where it stopped, this time stopping crowdsec without problems, rebooted again - 24.7.6 running good so far.
Pages1