Skip to main content

Deployment on Router

Release by ASTRI

  • Clone repos
  • Build and package release

Refer to: https://gitlab.astricsa.cf/hkt-idps/router-deployment

Deployment

  • Extract the tarball/copy folder to $IDPS_FOLDER

  • Environment variables that is expected to be set at boot time:

    EnvRemark
    IDPS_FOLDERFolder where IDPS release package is located (this is /var/Astri/ in the following examples)
    IDPS_DEVICE_IDString to uniquely identify device in backend
    202509: HKT and TP-Link decided to use MAC address

  • Prepare app config
    cp $IDPS_FOLDER/.env.example $IDPS_FOLDER/bin/.env
    One can optionally modify the environment variables

  • Create unix socket if SOCK_SEQPACKET (unixpacket) type at $IDPS_SOCKET_NOTIFICATION to listen to notifications
    One can use $IDPS_FOLDER/bin/unixpacketlistener-linux-arm64 for demo

    $IDPS_FOLDER/bin/unixpacketlistener-linux-arm64 --socket $IDPS_SOCKET_NOTIFICATION
    # Expected result:
    listening on /var/Astri/socket/notification.socket (unixpacket)

  • Run $IDPS_FOLDER/bin/idpsctld-linux-arm64 at start up
    Expected result:

    {"level":"info","ts":1761877141.8402598,"logger":"command_service","caller":"services/command_service.go:270","msg":"ids enabled","suricata_pid":4417,"cfm_live_pid":4419}
    {"level":"info","ts":1761877141.8406916,"logger":"cfm_listener","caller":"socket/cfm_listener.go:56","msg":"cfm listener started","address":"/var/Astri/log/cfm.socket","protocol":"unixpacket"}
    {"level":"info","ts":1761877141.8407066,"logger":"evtlog_listener","caller":"socket/eventlog_listener.go:52","msg":"event log listener started","address":"/var/Astri/log/evt-log.socket","protocol":"unixgram"}
    {"level":"info","ts":1761877141.841308,"logger":"command_listener","caller":"socket/command_listener.go:52","msg":"command listener started","address":"/var/Astri/socket/command.socket","protocol":"unixpacket"}
    {"level":"info","ts":1761877141.841581,"logger":"rule_scheduler","caller":"scheduler/rule_scheduler.go:44","msg":"rule pulling scheduler started","interval":3600}
    {"level":"info","ts":1761877141.9604518,"logger":"command_service.suricata","caller":"process/manager.go:252","msg":"restarting process","reason":"ids_rules_updated"}
    {"level":"info","ts":1761877141.9610102,"logger":"rule_sync_service","caller":"services/rule_sync_service.go:146","msg":"rules updated","kind":"ids_rules","timestamp":"2025-10-28T06:49:21.607531Z","location":"/var/Astri/rules/ids/default.rules"}
    {"level":"info","ts":1761877141.9780724,"logger":"rule_sync_service","caller":"services/rule_sync_service.go:146","msg":"rules updated","kind":"firewall_rules","timestamp":"2025-10-28T06:49:21.593895Z","location":"/var/Astri/rules/firewall/default.csv"}
    {"level":"info","ts":1761877145.5554156,"logger":"command_service","caller":"services/command_service.go:219","msg":"ids already running","suricata_pid":4647,"cfm_live_pid":4419}

Notes

  • idpsctld shall have read/write control under $IDPS_FOLDER
  • idpsctld shall be able to create Unix sockets
  • idpsctld will create unix sockets under $IDPS_FOLDER/socks/
  • ids and firewall rules will be downloaded under $IDPS_FOLDER/rules/, old files will be deleted intermittently