Jump to content

Newbie modification Armbian to ids/ips


Recommended Posts

Posted

Hello
i wanted to use tv box like hardware firewall like pfsense but found out that arm system is built for specific hardware so i thought i could install linux plus snort / suricata .
the only dist that works on this box is armbian but using only firefox uses a lot of resources.

my box is mxq pro 4k amilogic s905x

now questions:

1.It is possible to modify / uninstall unnecessary things (programs / desktop environment theoretically everything can be installed and config from cmd / bash)

in the future could create a web guide for more user-friendliness and transfer some of the load to another pc.

2. Could you tell me in short how the process of building a system for arm looks like in steps

Posted

Armbian does not support any kind of TV box. Efforts you notice in this direction are entirely community driven.

Anyway for your questions:

1. If you manage to install a working Linux distribution (a Armbian derivat for example :lol:) you have full control over the system and the installed packages which can be installed and removed via apt as needed. Not like thes weird Linux-made thingy called Android where you are trapped in your own system.

 

2. Depending on the amount of detail you think about it is impossible to answer this in one posting :lol:. I guess it is easier to break it down to the essential differences from x86 to arm which are mostly visible by the need of having a proper device tree. x86 system have a bus system all components listen and answer to so the kernel just needs to ask the bus what components are built in your system and it "just works". arm does not have such a bus system so YOU have to tell the kernel exactly where which component is located and how to address it. If this information is not there or wrong nothing works or acts unusual. A respectable hardware vendor who is claiming to be open source would share this information and help operating systems to build support for their hardware. But the reality is - especially for tvboxes - they give a sh.. about you as customer, hack together a system built around stoneage kernels and make it somehow look nice and leave you alone with it just to sell cheap crap.

Those device tree information you find on the web is often product of reverse engineering simply because enthusiats for whatever reason like the products and want to make them better by enhancing software support.

 

tl;dr: Get a properly supported board and then realize your firewall with that. For example the Nanopi R2S is a decent option

Posted

 

Thank you very much for your answer and for explaining the differences between architectures.

I've got a working armbian on this device in server / heedles version, and that's a good basis to build something on this device

https://forum.armbian.com/topic/12162-single-armbian-image-for-rk-aml-aw-aarch64-armv8/

And in order to continue learning about the arm, as you said, I will look for RasberyPi or nano because it is better for this purpose at every point :)

for my project I will probably buy some fanless miniPc / swith with normal Pc architecture :)

Thank you and best regards

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines