gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(secubox-core): Add file integrity monitoring

Browse Source 
- secubox-integrity: SHA256-based file integrity checker
- Monitors critical files: haproxy.cfg, firewall, network, passwd, shadow
- Cron job runs check every 5 minutes
- LED pulse alert on file changes
- Commands: init, check, status, clear

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-02-06 11:07:24 +01:00
parent 29ba711acc
commit a2dd2499d6
3 changed files with 88 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
package/secubox/secubox-core/Makefile
View File

@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=secubox-core
PKG_VERSION:=0.10.0
PKG_RELEASE:=13
PKG_RELEASE:=14
PKG_ARCH:=all
PKG_LICENSE:=GPL-2.0
PKG_MAINTAINER:=SecuBox Team
@ -78,6 +78,7 @@ define Package/secubox-core/install
$(INSTALL_BIN) ./root/usr/sbin/secubox-diagnostics $(1)/usr/sbin/
$(INSTALL_BIN) ./root/usr/sbin/secubox-recovery $(1)/usr/sbin/
$(INSTALL_BIN) ./root/usr/sbin/secubox-verify $(1)/usr/sbin/
$(INSTALL_BIN) ./root/usr/sbin/secubox-integrity $(1)/usr/sbin/
$(INSTALL_BIN) ./root/usr/sbin/secubox-state $(1)/usr/sbin/
$(INSTALL_BIN) ./root/usr/sbin/secubox-component $(1)/usr/sbin/
$(INSTALL_BIN) ./root/usr/sbin/secubox-sync-registry $(1)/usr/sbin/
@ -93,6 +94,10 @@ define Package/secubox-core/install
# TFTP Recovery init script
$(INSTALL_BIN) ./root/etc/init.d/secubox-tftp-recovery $(1)/etc/init.d/
# File integrity monitoring cron job
$(INSTALL_DIR) $(1)/etc/cron.d
$(INSTALL_DATA) ./root/etc/cron.d/secubox-integrity $(1)/etc/cron.d/
# TFTP Mesh library
$(INSTALL_DIR) $(1)/usr/lib/secubox
$(INSTALL_DATA) ./root/usr/lib/secubox/tftp-mesh.sh $(1)/usr/lib/secubox/

3
package/secubox/secubox-core/root/etc/cron.d/secubox-integrity Normal file
View File

@ -0,0 +1,3 @@
# SecuBox File Integrity Monitor
# Check critical files every 5 minutes
*/5 * * * * root /usr/sbin/secubox-integrity check >/dev/null 2>&1

79
package/secubox/secubox-core/root/usr/sbin/secubox-integrity Normal file
View File

@ -0,0 +1,79 @@
#!/bin/sh
# SecuBox File Integrity Monitor
# Monitors critical system files for unauthorized changes
WATCH_FILES="
/srv/haproxy/config/haproxy.cfg
/etc/config/haproxy
/etc/config/firewall
/etc/config/network
/etc/config/wireless
/etc/config/dropbear
/etc/passwd
/etc/shadow
"
HASH_FILE="/var/run/secubox/integrity.sha256"
ALERT_FILE="/tmp/secubox/integrity-alert"
LOG_FILE="/var/log/secubox/integrity.log"
mkdir -p /var/run/secubox /tmp/secubox /var/log/secubox
log() {
echo "$(date "+%Y-%m-%d %H:%M:%S") $*" >> "$LOG_FILE"
logger -t secubox-integrity "$*"
}
case "$1" in
init)
# Initialize baseline hashes
> "$HASH_FILE"
for f in $WATCH_FILES; do
[ -f "$f" ] && sha256sum "$f" >> "$HASH_FILE"
done
log "Baseline initialized with $(wc -l < "$HASH_FILE") files"
echo "Baseline created: $HASH_FILE"
;;
check)
[ -f "$HASH_FILE" ] || { echo "No baseline. Run: secubox-integrity init"; exit 1; }
CHANGES=$(sha256sum -c "$HASH_FILE" 2>/dev/null | grep -v ": OK$")
if [ -n "$CHANGES" ]; then
echo "$CHANGES" > "$ALERT_FILE"
log "ALERT: File changes detected!"
echo "$CHANGES" | while read line; do
log " $line"
done
# Trigger LED event pulse
echo "alert" > /tmp/secubox/led-event 2>/dev/null
echo "ALERT: Files modified!"
echo "$CHANGES"
exit 1
else
echo "OK: All files intact"
exit 0
fi
;;
status)
if [ -f "$ALERT_FILE" ]; then
echo "ALERT: Changes detected:"
cat "$ALERT_FILE"
else
echo "OK: No alerts"
fi
[ -f "$HASH_FILE" ] && echo "Baseline: $(wc -l < "$HASH_FILE") files monitored"
;;
clear)
rm -f "$ALERT_FILE"
log "Alerts cleared"
echo "Alerts cleared"
;;
*)
echo "Usage: secubox-integrity {init|check|status|clear}"
echo ""
echo "Commands:"
echo " init - Create baseline hashes for monitored files"
echo " check - Verify files against baseline"
echo " status - Show current alert status"
echo " clear - Clear alerts after review"
;;
esac