Dec 18, 2015

Hardened Builds of Chaos Calmer (15.05) Stable Branch for Yacom Arv4518pw R01A & Yacom Arv7518pw

The other day I suspected one of my routers got messed up in a suspicious way. I couldn't find any proof of an attack but there was no explanation to why the jffs2 partition got corrupted in that way either. I used OpenWrt for years now, not a single incident happened. But this time I've got the feeling that perhaps because I ran something of interest to the guys who tap the network here so maybe someone tried to fiddle with it. Again no proof just suspicions.

Well, alright, time to mount up some defenses.

I wanted to share these hardened builds of Chaos Calmer (15.05) Stable Branch for Yacom Arv4518pw R01A & Yacom Arv7518pw. These builds were built with just the essential parts mainly LuCi & DNSCrypt. I had to remove IPv6 support and Swap Support for Arv4518pw R01A because its flash size is 4MB.

These builds were generated with a focus on security and therefore would be in most cases incompatible with most apps in OpenWrt software repository.


I tried a couple of times building them with grsecurity but no luck. The effort to backport patches from the latest release of grsecurity (currently kernel 4.3.3) to OpenWrt 15.05 kernel 3.18.x is just too much. I'll wait till OpenWrt Trunk and grsecurity coincide then I'll give it another try.



After flashing consider hardening TCP/IP via systctl options and be strict in your firewall config and follow OpenWrt security recommendations and set up DNSCrypt.


I'll probably update this post later for newer Chaos Calmer builds.



OpenWrt 15.05.1 (Chaos Calmer) r49231 (April-26-2016)



OpenWrt 15.05.1 (Chaos Calmer) r49053 (March-20-2016)



OpenWrt 15.05 (Chaos Calmer) r48220 (Jan-12-2016)



OpenWrt 15.05 (Chaos Calmer) r48186 (Jan-10-2016)



OpenWrt 15.05 (Chaos Calmer) r47895 (Dec-18-2015)