gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(interceptor): Check mitmproxy-in/out containers instead of mitmproxy

Browse Source 
The mitmproxy service now uses separate containers:
- mitmproxy-in: External WAF (WAN protection)
- mitmproxy-out: Insider WAF (LAN threat detection)

Updated RPCD handler to check correct container names for status.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-02-14 17:21:25 +01:00
parent 54d555206b
commit c3ebb4a42a
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
package/secubox/luci-app-interceptor/root/usr/libexec/rpcd/luci.interceptor
View File

@ -46,9 +46,10 @@ get_mitm_status() {
# Check UCI config # Check UCI config
enabled=$(uci -q get mitmproxy.main.enabled || echo "0") enabled=$(uci -q get mitmproxy.main.enabled || echo "0")
# Check if LXC container is running (use lxc-info which is more reliable) # Check if any mitmproxy LXC container is running (in/out instances)
if command -v lxc-info >/dev/null 2>&1; then if command -v lxc-info >/dev/null 2>&1; then
lxc-info -n mitmproxy -s 2>/dev/null | grep -q "RUNNING" && running=1 lxc-info -n mitmproxy-in -s 2>/dev/null | grep -q "RUNNING" && running=1
[ "$running" = "0" ] && lxc-info -n mitmproxy-out -s 2>/dev/null | grep -q "RUNNING" && running=1
fi fi
# Count today's threats from log # Count today's threats from log
@ -156,10 +157,10 @@ get_failover_status() {
get_insider_waf_status() { get_insider_waf_status() {
local enabled=0 running=0 insider_threats=0 blocked_clients=0 exfil_attempts=0 local enabled=0 running=0 insider_threats=0 blocked_clients=0 exfil_attempts=0
# Insider WAF is enabled when mitmproxy container is running # Insider WAF is enabled when mitmproxy-out container is running
# This inspects LAN→WAN traffic for insider threats # This inspects LAN→WAN traffic for insider threats
if command -v lxc-info >/dev/null 2>&1; then if command -v lxc-info >/dev/null 2>&1; then
lxc-info -n mitmproxy -s 2>/dev/null | grep -q "RUNNING" && running=1 lxc-info -n mitmproxy-out -s 2>/dev/null | grep -q "RUNNING" && running=1
fi fi
# Check mitmproxy config for outbound inspection # Check mitmproxy config for outbound inspection
@ -240,8 +241,8 @@ case "$1" in
pillars_active=$((pillars_active + 1)) pillars_active=$((pillars_active + 1))
fi fi
# mitmproxy running (external WAF) # mitmproxy running (external WAF) - check mitmproxy-in container
if pgrep mitmproxy >/dev/null 2>&1 || lxc-info -n mitmproxy -s 2>/dev/null | grep -q "RUNNING"; then if pgrep mitmproxy >/dev/null 2>&1 || lxc-info -n mitmproxy-in -s 2>/dev/null | grep -q "RUNNING"; then
score=$((score + 17)) score=$((score + 17))
pillars_active=$((pillars_active + 1)) pillars_active=$((pillars_active + 1))
fi fi
@ -264,8 +265,8 @@ case "$1" in
pillars_active=$((pillars_active + 1)) pillars_active=$((pillars_active + 1))
fi fi
# Insider WAF (mitmproxy outbound instance) # Insider WAF (mitmproxy-out outbound instance)
if lxc-info -n mitmproxy -s 2>/dev/null | grep -q "RUNNING"; then if lxc-info -n mitmproxy-out -s 2>/dev/null | grep -q "RUNNING"; then
score=$((score + 16)) score=$((score + 16))
pillars_active=$((pillars_active + 1)) pillars_active=$((pillars_active + 1))
fi fi