Everyday we can read stories about password database hacking, malware, ransomware, and so on, and companies can try to protect themselves by paying professionals that do a more or less good jobs, but individuals can’t afford professional service, so it is harder to protect oneself. One solution is to educate yourself as much as possible, but everybody has the time and/or skills to do it, so developers have worked on FalconGate open source smart gateway that’s supposed to protect home devices against hackers, and alerts the user in case of intrusions on your home network, or devices misbehaving.
FalconGate is said to be able to:
- Block several types of Malware based on open source blacklists
- Block Malware using the Tor network
- Detect and report potential Malware DNS requests based on VirusTotal reports
- Detect and report the presence of Malware executables and other components based on VirusTotal reports
- Detect and report Domain Generation Algorithm (DGA) Malware patterns
- Detect and report on Malware spamming activity
- Detect and report on internal and outbound port scans
- Report details of all new devices connected to your network
- Block ads based on open source lists
- Monitor a custom list of personal or family accounts used in online services for public reports of hacking
The software relies on dependencies such as Bro IDS, Python 2.7, Nginx,Dnsmasq,Exim, and PHP, as well as Have I been pwned API, and as been tested with Debian Jessie Lite on Raspberry Pi 2/3 and Banana Pi M2+ boards, with the Raspberry Pi boards limited to 10/100M Ethernet, potentially a bottlenck if you have a fast Internet connection, but FalconGate should also be supported on other (ARM based) boards running Debian or Ubuntu.
The easiest way to install it to get the SD card image for the tested boards. For other boards, you can try a manual installation:
1 2 3 4 5 6 |
sudo apt-get update sudo apt-get install git cd /opt sudo git clone https://github.com/A3sal0n/FalconGate.git cd FalconGate/ sudo python install.py |
This will take a while depending on your platform and storage device. Your FalconGate powered board will also become your new DHCP server, so you’ll need to disable DHCP in your router. Reboot both, and login to the web interface to configure the email address(es) to be used as recipients for alerts and optionally your VirusTotal API key. Finally, remember to change the default root password, and re-generate the SSH keys.
Via n0where
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress
Banana Pi M2+ has Gigabit Ethernet (yes, it’s already written wrong in the readme.md of this project — strange). And it seems this Banana thingie is only mentioned since hardware manufacturer SinoVoip provides a ‘Raspian Jessie Lite’ OS image for this board (running with a smelly 3.4.39 kernel containing no ‘Dirty COW’ fix and maybe also vulnerable to ‘rootmydevice’ and countless other exploitable vulnerabilities known since years — anyone caring about security and using OS images from some Google Drive link without caring about kernel version or manually inserted backdoors should be considered clueless or maybe even stupid as hell).… Read more »
@tkaiser Can you say anything whether this FalconGate package will run flawlessly (compatibility question) on armbian on a banana pi with mainline kernel (https://www.armbian.com/banana-pi/) Debian or Ubunto… I would even favourite ubunto because of its more up-tp-date nginx and openssl packages and so on. What do you think? Currently I use the banana Pi only as a private Seafile server, but this here sounds very interesting to give the machine a bit more purpose 🙂 Just to make it clear: I’m no very experienced user, that is why I ask for your experienced opinion. Generally…I understand how this system works… Read more »
have a spare Pi2 so I gave it a run on an isolated network. The web interface only allows configuration of a virustotal key and there is not much info on anything except dhcp clients.
I like the idea of of the project, especially the IDS but it seems very early on in the development.
blocking tor relays does not make any sense. they are idiots
infinity : Can you say anything whether this FalconGate package will run flawlessly (compatibility question) on armbian No idea. If this stuff can only run on a Raspbian userland then this is another good reason to not use it. You might get in contact with the developer if you run in any compatibility problems since Python should run everywhere and writing installers that can deal with every Debian-flavour Linux distros isn’t that hard. And if you’re at it please tell the developer that it’s irresponsible to recommend running ‘security software’ on insecure distros (as it’s done here: some Chinese Raspbian… Read more »
tkaiser : infinity : Can you say anything whether this FalconGate package will run flawlessly (compatibility question) on armbian No idea. If this stuff can only run on a Raspbian userland then this is another good reason to not use it. You might get in contact with the developer if you run in any compatibility problems since Python should run everywhere and writing installers that can deal with every Debian-flavour Linux distros isn’t that hard. And if you’re at it please tell the developer that it’s irresponsible to recommend running ‘security software’ on insecure distros (as it’s done here: some… Read more »
@infinity
That was quick 🙂
I dropped him a note how to easily improve compatibility/portability on the Github issue since it looks trivial to make the installer script run on recent Ubuntus and also next Debian/Raspbian release (he has to prepare for anyway).
FalconGate has now been ported to Pine A64+ with an image based on Armbian -> https://github.com/A3sal0n/FalconGate/wiki/Downloads