From f917b5412c463d10c94a8d250515abfcf10aeb37 Mon Sep 17 00:00:00 2001
From: CyberMind-FR <gandalf@Gk2.net>
Date: Tue, 13 Jan 2026 08:53:18 +0100
Subject: [PATCH] fix(crowdsec): Auto-enable Dropbear verbose logging for SSH
 detection

When SSH logging is enabled in the wizard, automatically:
- Set dropbear.@dropbear[0].verbose=1 to log auth failures
- Restart dropbear to apply changes

This ensures CrowdSec can detect SSH brute force attempts.
Without verbose mode, Dropbear doesn't log failed auth to syslog.

Also enable uhttpd syslog when HTTP logging is enabled.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../luci-app-crowdsec-dashboard/Makefile      |  2 +-
 .../usr/libexec/rpcd/luci.crowdsec-dashboard  | 23 ++++++++++++++++++-
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/package/secubox/luci-app-crowdsec-dashboard/Makefile b/package/secubox/luci-app-crowdsec-dashboard/Makefile
index 227c3059..733355a1 100644
--- a/package/secubox/luci-app-crowdsec-dashboard/Makefile
+++ b/package/secubox/luci-app-crowdsec-dashboard/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-crowdsec-dashboard
 PKG_VERSION:=0.7.0
-PKG_RELEASE:=18
+PKG_RELEASE:=19
 PKG_ARCH:=all
 
 PKG_LICENSE:=Apache-2.0
diff --git a/package/secubox/luci-app-crowdsec-dashboard/root/usr/libexec/rpcd/luci.crowdsec-dashboard b/package/secubox/luci-app-crowdsec-dashboard/root/usr/libexec/rpcd/luci.crowdsec-dashboard
index b84bdbfa..c00c30bc 100755
--- a/package/secubox/luci-app-crowdsec-dashboard/root/usr/libexec/rpcd/luci.crowdsec-dashboard
+++ b/package/secubox/luci-app-crowdsec-dashboard/root/usr/libexec/rpcd/luci.crowdsec-dashboard
@@ -1364,7 +1364,28 @@ configure_acquisition() {
 	uci commit crowdsec
 	steps_done="${steps_done}Updated UCI settings; "
 
-	# Step 3: Generate acquisition YAML files
+	# Step 3: Enable verbose logging for services that need it
+	# Dropbear SSH needs verbose mode to log authentication failures
+	if [ "$ssh_enabled" = "1" ]; then
+		if uci -q get dropbear.@dropbear[0] >/dev/null 2>&1; then
+			uci set dropbear.@dropbear[0].verbose='1'
+			uci commit dropbear
+			/etc/init.d/dropbear restart >/dev/null 2>&1
+			steps_done="${steps_done}Enabled Dropbear verbose logging; "
+		fi
+	fi
+
+	# Enable uhttpd syslog for HTTP auth logging
+	if [ "$http_enabled" = "1" ]; then
+		if uci -q get uhttpd.main >/dev/null 2>&1; then
+			uci set uhttpd.main.syslog='1'
+			uci commit uhttpd
+			/etc/init.d/uhttpd restart >/dev/null 2>&1
+			steps_done="${steps_done}Enabled uhttpd syslog; "
+		fi
+	fi
+
+	# Step 4: Generate acquisition YAML files
 	# OpenWrt uses logread command instead of /var/log/messages by default
 	# All syslog entries (SSH, firewall, system) go through the same log stream
 	# We create ONE unified acquisition file to avoid multiple logread processes