Everyday we can read stories about password database hacking, malware, ransomware, and so on, and companies can try to protect themselves by paying professionals that do a more or less good jobs, but individuals can’t afford professional service, so it is harder to protect oneself. One solution is to educate yourself as much as possible, but everybody has the time and/or skills to do it, so developers have worked on FalconGate open source smart gateway that’s supposed to protect home devices against hackers, and alerts the user in case of intrusions on your home network, or devices misbehaving.
FalconGate is said to be able to:
- Block several types of Malware based on open source blacklists
- Block Malware using the Tor network
- Detect and report potential Malware DNS requests based on VirusTotal reports
- Detect and report the presence of Malware executables and other components based on VirusTotal reports
- Detect and report Domain Generation Algorithm (DGA) Malware patterns
- Detect and report on Malware spamming activity
- Detect and report on internal and outbound port scans
- Report details of all new devices connected to your network
- Block ads based on open source lists
- Monitor a custom list of personal or family accounts used in online services for public reports of hacking
The software relies on dependencies such as Bro IDS, Python 2.7, Nginx,Dnsmasq,Exim, and PHP, as well as Have I been pwned API, and as been tested with Debian Jessie Lite on Raspberry Pi 2/3 and Banana Pi M2+ boards, with the Raspberry Pi boards limited to 10/100M Ethernet, potentially a bottlenck if you have a fast Internet connection, but FalconGate should also be supported on other (ARM based) boards running Debian or Ubuntu.
The easiest way to install it to get the SD card image for the tested boards. For other boards, you can try a manual installation:
1 2 3 4 5 6 |
sudo apt-get update sudo apt-get install git cd /opt sudo git clone https://github.com/A3sal0n/FalconGate.git cd FalconGate/ sudo python install.py |
This will take a while depending on your platform and storage device. Your FalconGate powered board will also become your new DHCP server, so you’ll need to disable DHCP in your router. Reboot both, and login to the web interface to configure the email address(es) to be used as recipients for alerts and optionally your VirusTotal API key. Finally, remember to change the default root password, and re-generate the SSH keys.
Via n0where
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress
Banana Pi M2+ has Gigabit Ethernet (yes, it’s already written wrong in the readme.md of this project — strange).
And it seems this Banana thingie is only mentioned since hardware manufacturer SinoVoip provides a ‘Raspian Jessie Lite’ OS image for this board (running with a smelly 3.4.39 kernel containing no ‘Dirty COW’ fix and maybe also vulnerable to ‘rootmydevice’ and countless other exploitable vulnerabilities known since years — anyone caring about security and using OS images from some Google Drive link without caring about kernel version or manually inserted backdoors should be considered clueless or maybe even stupid as hell).
The 3rd word in ‘open source smart gateway’ finally triggered a snake oil alert.
@tkaiser
Can you say anything whether this FalconGate package will run flawlessly (compatibility question) on armbian on a banana pi with mainline kernel (https://www.armbian.com/banana-pi/) Debian or Ubunto… I would even favourite ubunto because of its more up-tp-date nginx and openssl packages and so on. What do you think? Currently I use the banana Pi only as a private Seafile server, but this here sounds very interesting to give the machine a bit more purpose 🙂
Just to make it clear: I’m no very experienced user, that is why I ask for your experienced opinion.
Generally…I understand how this system works inside my network: if I assume that I would need to simply connect the banana to my routers LAN Port and then change my DHCP from Router to Banana PI, how does that protect me from malicious websites? Do I also have to set the banana to be my DNS server? So the Banana with FalconGate will resolve all my dns requests?
Do you guys think that a dual core banana pi is powerful enough for that? Or what would be a better low power SBC solution for this?
Thank you very much in advance
have a spare Pi2 so I gave it a run on an isolated network. The web interface only allows configuration of a virustotal key and there is not much info on anything except dhcp clients.
I like the idea of of the project, especially the IDS but it seems very early on in the development.
blocking tor relays does not make any sense. they are idiots
No idea. If this stuff can only run on a Raspbian userland then this is another good reason to not use it.
You might get in contact with the developer if you run in any compatibility problems since Python should run everywhere and writing installers that can deal with every Debian-flavour Linux distros isn’t that hard. And if you’re at it please tell the developer that it’s irresponsible to recommend running ‘security software’ on insecure distros (as it’s done here: some Chinese Raspbian that has been found on Google Drive)
Well…. I think it is obsolete now… they’ve heard the concerns apparently. As I’ve subscribed to the newsletter of FalconGate, I got this email today:
That’s the linked Issue:
https://github.com/A3sal0n/FalconGate/issues/21
@infinity
That was quick 🙂
I dropped him a note how to easily improve compatibility/portability on the Github issue since it looks trivial to make the installer script run on recent Ubuntus and also next Debian/Raspbian release (he has to prepare for anyway).
FalconGate has now been ported to Pine A64+ with an image based on Armbian -> https://github.com/A3sal0n/FalconGate/wiki/Downloads