fix(mitmproxy): Use WAF input data path for threat stats
- Changed RPCD handler to read from /srv/mitmproxy-in (WAF input) - Previously read from /srv/mitmproxy which had no threat data - Fixed threats_today, alerts, autobans stats - Check mitmproxy-in and mitmproxy-out containers for running status Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
8cfa6fba70
commit
42d85c4d0f
@ -8,6 +8,8 @@ LXC_NAME="mitmproxy"
|
|||||||
LXC_PATH="/srv/lxc"
|
LXC_PATH="/srv/lxc"
|
||||||
LXC_ROOTFS="$LXC_PATH/$LXC_NAME/rootfs"
|
LXC_ROOTFS="$LXC_PATH/$LXC_NAME/rootfs"
|
||||||
MITMPROXY_CACHE="/tmp/secubox/mitmproxy.json"
|
MITMPROXY_CACHE="/tmp/secubox/mitmproxy.json"
|
||||||
|
# WAF input instance data path (for threat stats)
|
||||||
|
WAF_DATA_PATH="/srv/mitmproxy-in"
|
||||||
|
|
||||||
# Read cached status for fast API responses
|
# Read cached status for fast API responses
|
||||||
get_cached_status() {
|
get_cached_status() {
|
||||||
@ -40,10 +42,12 @@ get_status() {
|
|||||||
local lxc_available=0
|
local lxc_available=0
|
||||||
command -v lxc-start >/dev/null 2>&1 && lxc_available=1
|
command -v lxc-start >/dev/null 2>&1 && lxc_available=1
|
||||||
|
|
||||||
# Check if container is running
|
# Check if container is running (check both mitmproxy-in and mitmproxy-out)
|
||||||
local running=0
|
local running=0
|
||||||
if [ "$lxc_available" = "1" ]; then
|
if [ "$lxc_available" = "1" ]; then
|
||||||
lxc-info -n "$LXC_NAME" -s 2>/dev/null | grep -q "RUNNING" && running=1
|
(lxc-info -n mitmproxy-in -s 2>/dev/null | grep -q "RUNNING" || \
|
||||||
|
lxc-info -n mitmproxy-out -s 2>/dev/null | grep -q "RUNNING" || \
|
||||||
|
lxc-info -n "$LXC_NAME" -s 2>/dev/null | grep -q "RUNNING") && running=1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check if installed (rootfs exists)
|
# Check if installed (rootfs exists)
|
||||||
@ -72,19 +76,19 @@ get_status() {
|
|||||||
local autoban_sensitivity=$(uci_get autoban.sensitivity)
|
local autoban_sensitivity=$(uci_get autoban.sensitivity)
|
||||||
local autoban_duration=$(uci_get autoban.ban_duration)
|
local autoban_duration=$(uci_get autoban.ban_duration)
|
||||||
|
|
||||||
# Count threats today
|
# Count threats today - use WAF input instance data
|
||||||
local threats_today=0
|
local threats_today=0
|
||||||
local threats_log="${data_path:-/srv/mitmproxy}/threats.log"
|
local threats_log="${WAF_DATA_PATH}/threats.log"
|
||||||
if [ -f "$threats_log" ]; then
|
if [ -f "$threats_log" ]; then
|
||||||
local today=$(date -u +%Y-%m-%d)
|
local today=$(date -u +%Y-%m-%d)
|
||||||
threats_today=$(grep -c "\"timestamp\": \"$today" "$threats_log" 2>/dev/null)
|
threats_today=$(grep -c "\"timestamp\": \"$today" "$threats_log" 2>/dev/null)
|
||||||
: ${threats_today:=0}
|
: ${threats_today:=0}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Count processed autobans
|
# Count processed autobans - use WAF input instance data
|
||||||
local autobans_total=0
|
local autobans_total=0
|
||||||
local autobans_today=0
|
local autobans_today=0
|
||||||
local autoban_log="${data_path:-/srv/mitmproxy}/autoban-processed.log"
|
local autoban_log="${WAF_DATA_PATH}/autoban-processed.log"
|
||||||
if [ -f "$autoban_log" ]; then
|
if [ -f "$autoban_log" ]; then
|
||||||
autobans_total=$(wc -l < "$autoban_log" 2>/dev/null || echo 0)
|
autobans_total=$(wc -l < "$autoban_log" 2>/dev/null || echo 0)
|
||||||
local today=$(date +%Y-%m-%d)
|
local today=$(date +%Y-%m-%d)
|
||||||
@ -92,9 +96,9 @@ get_status() {
|
|||||||
: ${autobans_today:=0}
|
: ${autobans_today:=0}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Pending autoban requests
|
# Pending autoban requests - use WAF input instance data
|
||||||
local autobans_pending=0
|
local autobans_pending=0
|
||||||
local autoban_requests="${data_path:-/srv/mitmproxy}/autoban-requests.log"
|
local autoban_requests="${WAF_DATA_PATH}/autoban-requests.log"
|
||||||
if [ -f "$autoban_requests" ] && [ -s "$autoban_requests" ]; then
|
if [ -f "$autoban_requests" ] && [ -s "$autoban_requests" ]; then
|
||||||
autobans_pending=$(wc -l < "$autoban_requests" 2>/dev/null || echo 0)
|
autobans_pending=$(wc -l < "$autoban_requests" 2>/dev/null || echo 0)
|
||||||
fi
|
fi
|
||||||
@ -472,8 +476,8 @@ do_restart() { [ -x /etc/init.d/mitmproxy ] && /etc/init.d/mitmproxy restart >/d
|
|||||||
get_alerts() {
|
get_alerts() {
|
||||||
# Read alerts from host-visible JSONL log file
|
# Read alerts from host-visible JSONL log file
|
||||||
# The analytics addon writes to /data/threats.log inside container
|
# The analytics addon writes to /data/threats.log inside container
|
||||||
# which is bind-mounted to /srv/mitmproxy/threats.log on host
|
# which is bind-mounted to /srv/mitmproxy-in/threats.log on host (WAF input)
|
||||||
local log_file="/srv/mitmproxy/threats.log"
|
local log_file="${WAF_DATA_PATH}/threats.log"
|
||||||
local max_alerts=50
|
local max_alerts=50
|
||||||
local alerts_json="[]"
|
local alerts_json="[]"
|
||||||
|
|
||||||
@ -509,9 +513,9 @@ get_threat_stats() {
|
|||||||
local stats_file="/tmp/secubox-mitm-stats.json"
|
local stats_file="/tmp/secubox-mitm-stats.json"
|
||||||
local container_stats=""
|
local container_stats=""
|
||||||
|
|
||||||
# Try to get stats from LXC container
|
# Try to get stats from WAF input LXC container
|
||||||
if command -v lxc-attach >/dev/null 2>&1; then
|
if command -v lxc-attach >/dev/null 2>&1; then
|
||||||
container_stats=$(lxc-attach -n "$LXC_NAME" -- cat /tmp/secubox-mitm-stats.json 2>/dev/null)
|
container_stats=$(lxc-attach -n mitmproxy-in -- cat /tmp/secubox-mitm-stats.json 2>/dev/null)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Fall back to host path
|
# Fall back to host path
|
||||||
@ -535,9 +539,9 @@ get_subdomain_metrics() {
|
|||||||
local metrics_file="/tmp/secubox-subdomain-metrics.json"
|
local metrics_file="/tmp/secubox-subdomain-metrics.json"
|
||||||
local subdomain_metrics=""
|
local subdomain_metrics=""
|
||||||
|
|
||||||
# Try to get metrics from LXC container
|
# Try to get metrics from WAF input LXC container
|
||||||
if command -v lxc-attach >/dev/null 2>&1; then
|
if command -v lxc-attach >/dev/null 2>&1; then
|
||||||
subdomain_metrics=$(lxc-attach -n "$LXC_NAME" -- cat /tmp/secubox-subdomain-metrics.json 2>/dev/null)
|
subdomain_metrics=$(lxc-attach -n mitmproxy-in -- cat /tmp/secubox-subdomain-metrics.json 2>/dev/null)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Fall back to host path
|
# Fall back to host path
|
||||||
@ -560,8 +564,8 @@ EOFJ
|
|||||||
}
|
}
|
||||||
|
|
||||||
clear_alerts() {
|
clear_alerts() {
|
||||||
# Clear the host-visible threats log file
|
# Clear the host-visible threats log file (WAF input)
|
||||||
local log_file="/srv/mitmproxy/threats.log"
|
local log_file="${WAF_DATA_PATH}/threats.log"
|
||||||
> "$log_file" 2>/dev/null
|
> "$log_file" 2>/dev/null
|
||||||
|
|
||||||
# Also clear the legacy alerts file
|
# Also clear the legacy alerts file
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user