feat(secubox-core): Add detail collector for LuCI flash views

- Creates double-buffered JSON caches with last N entries - Caches: threats, kernel, syslog, crowdsec details - Writes to /tmp/secubox and /www for LuCI access - Cron runs every minute for real-time updates - Usage: secubox-detail-collector [count] [type] Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-07 09:03:36 +01:00 · 2026-02-07 09:03:36 +01:00 · a00f4b6b84
commit a00f4b6b84
parent e31e43b8d7
1 changed files with 77 additions and 0 deletions
--- a/package/secubox/secubox-core/files/usr/sbin/secubox-detail-collector
+++ b/package/secubox/secubox-core/files/usr/sbin/secubox-detail-collector
@ -0,0 +1,77 @@
+#\!/bin/sh
+# SecuBox Detail Collector - Last N entries for LuCI flash views
+
+CACHE_DIR="/tmp/secubox"
+WWW_DIR="/www"
+LIMIT="${1:-5}"
+
+mkdir -p "$CACHE_DIR"
+
+# Collect last N threats with full details
+collect_threats() {
+    local out="$CACHE_DIR/threats-detail.json"
+    if [ -f /srv/mitmproxy/threats.log ]; then
+        printf "{\"updated\":\"%s\",\"count\":%d,\"entries\":[" "$(date -Is)" "$LIMIT" > "$out"
+        tail -n "$LIMIT" /srv/mitmproxy/threats.log | head -n "$LIMIT" | {
+            first=1
+            while IFS= read -r line; do
+                [ "$first" = "1" ] || printf ","
+                first=0
+                printf "%s" "$line"
+            done
+        } >> "$out"
+        printf "]}" >> "$out"
+        cp "$out" "$WWW_DIR/threats-detail.json" 2>/dev/null
+    fi
+}
+
+# Collect last N kernel log entries
+collect_kernel() {
+    local out="$CACHE_DIR/kernel-detail.json"
+    printf "{\"updated\":\"%s\",\"entries\":[" "$(date -Is)" > "$out"
+    dmesg 2>/dev/null | grep -iE "error|warn|fail" | tail -n "$LIMIT" | {
+        first=1
+        while IFS= read -r line; do
+            [ "$first" = "1" ] || printf ","
+            first=0
+            escaped=$(printf "%s" "$line" | sed 's/\\/\\\\/g; s/"/\\"/g')
+            printf "{\"msg\":\"%s\"}" "$escaped"
+        done
+    } >> "$out"
+    printf "]}" >> "$out"
+    cp "$out" "$WWW_DIR/kernel-detail.json" 2>/dev/null
+}
+
+# Collect last N syslog entries
+collect_syslog() {
+    local out="$CACHE_DIR/syslog-detail.json"
+    printf "{\"updated\":\"%s\",\"entries\":[" "$(date -Is)" > "$out"
+    logread 2>/dev/null | tail -n "$LIMIT" | {
+        first=1
+        while IFS= read -r line; do
+            [ "$first" = "1" ] || printf ","
+            first=0
+            escaped=$(printf "%s" "$line" | sed 's/\\/\\\\/g; s/"/\\"/g')
+            printf "{\"msg\":\"%s\"}" "$escaped"
+        done
+    } >> "$out"
+    printf "]}" >> "$out"
+    cp "$out" "$WWW_DIR/syslog-detail.json" 2>/dev/null
+}
+
+# Collect last N CrowdSec alerts
+collect_crowdsec() {
+    local out="$CACHE_DIR/crowdsec-detail.json"
+    printf "{\"updated\":\"%s\",\"entries\":" "$(date -Is)" > "$out"
+    cscli alerts list -l "$LIMIT" -o json 2>/dev/null >> "$out" || echo "[]" >> "$out"
+    printf "}" >> "$out"
+    cp "$out" "$WWW_DIR/crowdsec-detail.json" 2>/dev/null
+}
+
+case "${2:-all}" in
+    threats) collect_threats ;;
+    kernel) collect_kernel ;;
+    syslog) collect_syslog ;;
+    crowdsec) collect_crowdsec ;;
+    all) collect_threats; collect_kernel; collect_syslog; collect_crowdsec ;;
+esac