Hardening Gained Access
Run the following in the SSH terminal to prevent your Gateway loosing root access unexpectedly.
You can pick only what you need
You can paste each block directly into the terminal independently, use only ones your firmware needs. If you don't know, just paste them all. If you get any error messages from a command, just ignore it, it means that command wasn't needed for your firmware version.
# Disable CWMP uci delete cwmpd.cwmpd_config uci delete firewall.cwmpd uci del_list [email protected].pidfile='/var/run/cwmpd.pid' uci del_list [email protected].pidfile='/var/run/cwmpevents.pid' uci commit /etc/init.d/watchdog-tch reload /etc/init.d/cwmpd disable /etc/init.d/cwmpd stop /etc/init.d/cwmpdboot disable /etc/init.d/cwmpdboot stop /etc/init.d/zkernelpanic disable /etc/init.d/zkernelpanic stop # Disable CWMP - extra, in case you think it may resurrect uci set cwmpd.cwmpd_config.state=0 uci set cwmpd.cwmpd_config.acs_url='https://127.0.1.1:7547/' uci set cwmpd.cwmpd_config.use_dhcp=0 uci set cwmpd.cwmpd_config.interface=loopback uci set cwmpd.cwmpd_config.enforce_https=1 uci commit cwmpd # Disable Telstra monitoring uci delete tls-vsparc.Config uci delete tls-vsparc.Passive uci delete autoreset.vsparc_enabled uci delete autoreset.thor_enabled uci delete wifi_doctor_agent.acs uci delete wifi_doctor_agent.config uci delete wifi_doctor_agent.as_config uci commit # Disable Telstra Air/Fon WiFi /etc/init.d/hotspotd stop /etc/init.d/hotspotd disable uci delete dhcp.hotspot uci delete dhcp.fonopen uci commit # Remove any ISP ssh access pubkey echo > /etc/dropbear/authorized_keys # Completely disable SSH access over wan uci set dropbear.wan.enable='0' uci commit # Free space for gateways with small flash opkg --force-removal-of-dependent-packages remove conf-cwmpd cwmpd autoreset-tch mappings-fon geolocation-tch find /rom/usr/lib/ipk -type f |xargs -n1 basename | cut -f 1 -d '_' |xargs opkg --force-removal-of-dependent-packages remove