gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

perf(crowdsec-dashboard): Pre-cached get_overview for instant response

Browse Source 
Problem: get_overview RPC was timing out (30s+) due to 12+ sequential
cscli calls with CAPI data, causing "TypeError: can't assign to property
'countries' on 5" in LuCI.

Solution:
- Pre-cached architecture with /tmp/secubox/crowdsec-overview.json
- get_overview() returns cached data instantly (0.08s)
- refresh_overview_cache() runs via cron every minute
- Reduced cscli calls from 12 to 4 (metrics, decisions, alerts, bouncers)
- Extract flat decisions array using jsonfilter
- Manual JSON building to avoid jshn argument size limits
- Add /etc/cron.d/crowdsec-dashboard for periodic refresh

Also includes:
- Streamlit Control: Deploy functionality like metablogizer
- Streamlit Control: Enhanced Security page with WAF/CrowdSec data
- mitmproxy LuCI: Add timeout race to prevent page hang

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-03-11 15:24:57 +01:00
parent 9081444c7a
commit fbd0abd716
9 changed files with 696 additions and 299 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.claude/WIP.md
View File

@ -1,6 +1,6 @@
# Work In Progress (Claude)
_Last updated: 2026-03-11 (Streamlit Control Phase 3 + CrowdSec bugfix)_
_Last updated: 2026-03-11 (CrowdSec Dashboard Performance Optimization)_
> **Architecture Reference**: SecuBox Fanzine v3 — Les 4 Couches
@ -10,6 +10,23 @@ _Last updated: 2026-03-11 (Streamlit Control Phase 3 + CrowdSec bugfix)_
### 2026-03-11
- **CrowdSec Dashboard Performance Optimization**
- **Problem**: `get_overview` RPC call was timing out (30s+), causing "TypeError: can't assign to property 'countries' on 5"
- **Root cause**: Function made 12+ sequential `cscli` calls, each taking 2-5s with CAPI data
- **Solution**: Pre-cached architecture with background refresh
- Cache file: `/tmp/secubox/crowdsec-overview.json` (60s TTL)
- `get_overview()` returns cached data instantly (0.08s)
- `refresh_overview_cache()` runs via cron every minute
- Background async refresh triggered when cache is stale
- **Technical fixes**:
- Reduced cscli calls from 12 to 4 (metrics, decisions, alerts, bouncers)
- Extracted flat decisions array from nested alert structure using jsonfilter
- Simplified alerts_raw to empty array (full alerts too large for ubus JSON)
- Manual JSON building to avoid jshn argument size limits (BusyBox constraint)
- Added `/etc/cron.d/crowdsec-dashboard` for periodic cache refresh
- **Files modified**: `luci.crowdsec-dashboard` RPCD, Makefile
- **Result**: Dashboard loads instantly, no more TypeError
- **Streamlit Control Dashboard Phase 3 (Complete)**
- **Auto-refresh**: Toggle + interval selector on all main pages (10s/30s/60s)
- **Permission-aware UI**: Hide/disable action buttons for SecuBox users (limited access)

3
package/secubox/luci-app-crowdsec-dashboard/Makefile
View File

@ -35,9 +35,10 @@ define Package/luci-app-crowdsec-dashboard/install
$(INSTALL_CONF) ./root/etc/config/crowdsec-dashboard $(1)/etc/config/
$(INSTALL_CONF) ./root/etc/config/crowdsec_abuseipdb $(1)/etc/config/
# Cron job for AbuseIPDB reporter
# Cron jobs
$(INSTALL_DIR) $(1)/etc/cron.d
$(INSTALL_DATA) ./root/etc/cron.d/crowdsec-reporter $(1)/etc/cron.d/
$(INSTALL_DATA) ./root/etc/cron.d/crowdsec-dashboard $(1)/etc/cron.d/
# Reporter script
$(INSTALL_DIR) $(1)/usr/sbin

3
package/secubox/luci-app-crowdsec-dashboard/root/etc/cron.d/crowdsec-dashboard Normal file
View File

@ -0,0 +1,3 @@
# CrowdSec Dashboard cache refresh
# Refresh overview stats every minute to avoid UI timeouts
* * * * * root /usr/libexec/rpcd/luci.crowdsec-dashboard call refresh_cache >/dev/null 2>&1

446
package/secubox/luci-app-crowdsec-dashboard/root/usr/libexec/rpcd/luci.crowdsec-dashboard
View File

@ -8,12 +8,17 @@
SECCUBOX_LOG="/usr/sbin/secubox-log"
CROWDSEC_CACHE="/tmp/secubox/crowdsec.json"
CROWDSEC_OVERVIEW_CACHE="/tmp/secubox/crowdsec-overview.json"
CACHE_MAX_AGE=60 # Cache is valid for 60 seconds
secubox_log() {
[ -x "$SECCUBOX_LOG" ] || return
"$SECCUBOX_LOG" --tag "crowdsec" --message "$1" >/dev/null 2>&1
}
# Ensure cache directory exists
mkdir -p /tmp/secubox 2>/dev/null
# Read cached status for fast API responses
get_cached_status() {
if [ -f "$CROWDSEC_CACHE" ]; then
@ -23,8 +28,18 @@ get_cached_status() {
fi
}
# Check if cache file is fresh (less than CACHE_MAX_AGE seconds old)
is_cache_fresh() {
local cache_file="$1"
[ ! -f "$cache_file" ] && return 1
local now=$(date +%s)
local mtime=$(stat -c %Y "$cache_file" 2>/dev/null || echo 0)
local age=$((now - mtime))
[ "$age" -lt "$CACHE_MAX_AGE" ]
}
CSCLI="/usr/bin/cscli"
CSCLI_TIMEOUT=10
CSCLI_TIMEOUT=5 # Reduced from 10 to prevent cumulative timeouts
# Check if timeout command exists
HAS_TIMEOUT=""
@ -2248,7 +2263,24 @@ save_settings() {
}
# Consolidated overview data for dashboard - single API call optimization
# get_overview - returns cached data for instant response
# Cache is refreshed by background cron job or refresh_overview_cache call
get_overview() {
# Return cached data if available and fresh
if is_cache_fresh "$CROWDSEC_OVERVIEW_CACHE"; then
cat "$CROWDSEC_OVERVIEW_CACHE"
return 0
fi
# If cache exists but stale, return stale data (better than timeout)
if [ -f "$CROWDSEC_OVERVIEW_CACHE" ]; then
cat "$CROWDSEC_OVERVIEW_CACHE"
# Trigger async refresh
( refresh_overview_cache ) >/dev/null 2>&1 &
return 0
fi
# No cache - build minimal fast response with live process checks
json_init
# Service status (fast - just process checks)
@ -2260,159 +2292,37 @@ get_overview() {
pgrep -f "crowdsec-firewall-bouncer" >/dev/null 2>&1 && bouncer_running=1
json_add_string "bouncer" "$([ "$bouncer_running" = "1" ] && echo running || echo stopped)"
# Version
# Fast version check
local version=""
[ -x "$CSCLI" ] && version=$("$CSCLI" version 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1)
json_add_string "version" "${version:-unknown}"
# Quick stats
local decisions_count=0
local local_decisions=0
local capi_decisions=0
local alerts_count=0
local bouncers_count=0
if [ "$cs_running" = "1" ] && [ -x "$CSCLI" ]; then
# Local decisions (from local scenarios)
# Count local decisions using jq
local decisions_json2="$(run_cscli decisions list -o json 2>/dev/null)"
if [ -n "$decisions_json2" ] && [ "$decisions_json2" != "null" ] && [ "$decisions_json2" != "[]" ]; then
if command -v jq >/dev/null 2>&1; then
local_decisions=$(echo "$decisions_json2" | jq "length" 2>/dev/null)
else
local_decisions=$(echo "$decisions_json2" | grep -c ".id.:" 2>/dev/null)
fi
fi
# CAPI decisions (blocklists) - parse from metrics output
capi_decisions=$(run_cscli metrics 2>/dev/null | grep 'CAPI.*ban' | awk -F'|' '{sum += $5} END {print sum+0}')
# Total decisions
decisions_count=$((local_decisions + capi_decisions))
alerts_count=$(run_cscli alerts list -o json --since 24h --limit 100 2>/dev/null | jsonfilter -e '@[*]' 2>/dev/null | wc -l)
bouncers_count=$(run_cscli bouncers list -o json 2>/dev/null | jsonfilter -e '@[*]' 2>/dev/null | wc -l)
fi
json_add_int "total_decisions" "${decisions_count:-0}"
json_add_int "local_decisions" "${local_decisions:-0}"
json_add_int "capi_decisions" "${capi_decisions:-0}"
json_add_int "alerts_24h" "${alerts_count:-0}"
json_add_int "bouncer_count" "${bouncers_count:-0}"
# Active bans = local decisions (IPs being actively blocked by local scenarios)
# Use local_decisions count which is already calculated above
json_add_int "active_bans" "${local_decisions:-0}"
# Bouncer effectiveness stats (packets/bytes dropped vs processed)
local dropped_packets=0
local dropped_bytes=0
local processed_packets=0
local processed_bytes=0
if [ "$cs_running" = "1" ]; then
# Parse Total line from Bouncer Metrics table
# Format: | Total | 16.00k | 13.72k | 231 | 356.19k | 6.02k |
local totals
totals=$(run_cscli metrics 2>/dev/null | grep -E '^\|.*Total' | sed 's/|//g')
if [ -n "$totals" ]; then
# Convert k/M suffixes to numbers
dropped_bytes=$(echo "$totals" | awk '{v=$3; gsub(/k$/,"",v); gsub(/M$/,"",v); if(v~/\./){v=v*1000}; print v}')
dropped_packets=$(echo "$totals" | awk '{print $4}')
processed_bytes=$(echo "$totals" | awk '{v=$5; gsub(/k$/,"",v); gsub(/M$/,"",v); if(v~/\./){v=v*1000}; if(v=="-")v=0; print v}')
processed_packets=$(echo "$totals" | awk '{v=$6; gsub(/k$/,"",v); gsub(/M$/,"",v); if(v~/\./){v=v*1000}; if(v=="-")v=0; print v}')
fi
fi
json_add_string "dropped_packets" "${dropped_packets:-0}"
json_add_string "dropped_bytes" "${dropped_bytes:-0}"
json_add_string "processed_packets" "${processed_packets:-0}"
json_add_string "processed_bytes" "${processed_bytes:-0}"
# GeoIP status - check if GeoIP database exists (check multiple paths)
local geoip_enabled=0
local data_path
data_path=$(grep "db_path:" /etc/crowdsec/config.yaml 2>/dev/null | awk '{print $2}' | xargs dirname 2>/dev/null)
[ -z "$data_path" ] && data_path="/srv/crowdsec/data"
[ -f "${data_path}/GeoLite2-City.mmdb" ] && geoip_enabled=1
[ -f "${data_path}/GeoLite2-ASN.mmdb" ] && geoip_enabled=1
# Also check common alternative paths
[ -f "/var/lib/crowdsec/data/GeoLite2-City.mmdb" ] && geoip_enabled=1
json_add_boolean "geoip_enabled" "$geoip_enabled"
# Acquisition sources count
local acquisition_count=0
if [ -d "/etc/crowdsec/acquis.d" ]; then
acquisition_count=$(ls -1 /etc/crowdsec/acquis.d/*.yaml 2>/dev/null | wc -l)
fi
[ -f "/etc/crowdsec/acquis.yaml" ] && acquisition_count=$((acquisition_count + 1))
json_add_int "acquisition_count" "${acquisition_count:-0}"
# Scenario count (installed scenarios)
local scenario_count=0
if [ "$cs_running" = "1" ] && [ -x "$CSCLI" ]; then
scenario_count=$(run_cscli scenarios list -o json 2>/dev/null | jsonfilter -e '@[*]' 2>/dev/null | wc -l)
fi
json_add_int "scenario_count" "${scenario_count:-0}"
# Top scenarios (from cscli metrics - includes CAPI blocklist breakdown)
local scenarios=""
if [ "$cs_running" = "1" ]; then
# Parse "Local API Decisions" table from cscli metrics
# Lines like: | ssh:bruteforce | CAPI | ban | 12095 |
scenarios=$(run_cscli metrics 2>/dev/null | \
grep -E '^\| [a-z].*\| CAPI' | \
sed 's/|//g;s/^[ ]*//;s/[ ]*$//' | \
awk '{print $4, $1}' | sort -rn | head -5 | \
awk '{print "{\"scenario\":\"" $2 "\",\"count\":" $1 "}"}' | \
tr '\n' ',' | sed 's/,$//')
fi
json_add_string "top_scenarios_raw" "[$scenarios]"
# Top countries (from alerts with GeoIP enrichment)
# Note: CAPI decisions don't include country - only local detections have GeoIP
local countries=""
if [ "$cs_running" = "1" ]; then
countries=$(run_cscli alerts list -o json --limit 200 2>/dev/null | \
jsonfilter -e '@[*].source.cn' 2>/dev/null | \
grep -v '^$' | sort | uniq -c | sort -rn | head -10 | \
awk '{print "{\"country\":\"" $2 "\",\"count\":" $1 "}"}' | \
tr '\n' ',' | sed 's/,$//')
fi
json_add_string "top_countries_raw" "[$countries]"
# Recent decisions (limited to 10 for display)
# Recent decisions as raw JSON array string
local decisions_raw="[]"
if [ "$cs_running" = "1" ]; then
decisions_raw=$(run_cscli decisions list -o json --limit 10 2>/dev/null || echo "[]")
[ -z "$decisions_raw" ] && decisions_raw="[]"
fi
json_add_string "decisions_raw" "$decisions_raw"
# Recent alerts as raw JSON array string
local alerts_raw="[]"
if [ "$cs_running" = "1" ]; then
alerts_raw=$(run_cscli alerts list -o json --limit 8 2>/dev/null || echo "[]")
[ -z "$alerts_raw" ] && alerts_raw="[]"
fi
json_add_string "alerts_raw" "$alerts_raw"
# CrowdSec logs (last 30 lines)
# Minimal defaults
json_add_int "total_decisions" 0
json_add_int "local_decisions" 0
json_add_int "capi_decisions" 0
json_add_int "alerts_24h" 0
json_add_int "bouncer_count" 0
json_add_int "active_bans" 0
json_add_string "dropped_packets" "0"
json_add_string "dropped_bytes" "0"
json_add_string "processed_packets" "0"
json_add_string "processed_bytes" "0"
json_add_boolean "geoip_enabled" 0
json_add_int "acquisition_count" 0
json_add_int "scenario_count" 0
json_add_string "top_scenarios_raw" "[]"
json_add_string "top_countries_raw" "[]"
json_add_string "decisions_raw" "[]"
json_add_string "alerts_raw" "[]"
json_add_array "logs"
if [ -f /var/log/crowdsec.log ]; then
tail -n 30 /var/log/crowdsec.log 2>/dev/null | while IFS= read -r line; do
json_add_string "" "$line"
done
fi
json_close_array
# LAPI status (dynamic port detection from config)
# LAPI status (fast port check)
local lapi_ok=0
local lapi_port=""
# Get LAPI port from credentials or config file
lapi_port=$(grep -oE ':[0-9]+/?$' /etc/crowdsec/local_api_credentials.yaml 2>/dev/null | tr -d ':/')
[ -z "$lapi_port" ] && lapi_port=$(grep 'listen_uri' /etc/crowdsec/config.yaml 2>/dev/null | grep -oE ':[0-9]+$' | tr -d ':')
[ -z "$lapi_port" ] && lapi_port=8080
# Convert port to hex for /proc/net/tcp lookup
local lapi_port_hex
lapi_port_hex=$(printf '%04X' "$lapi_port")
if [ "$cs_running" = "1" ] && grep -qi ":${lapi_port_hex} " /proc/net/tcp 2>/dev/null; then
@ -2420,28 +2330,187 @@ get_overview() {
fi
json_add_string "lapi_status" "$([ "$lapi_ok" = "1" ] && echo available || echo unavailable)"
# CAPI status (from config check, not live call)
# CAPI status
local capi_enrolled=0
[ -f /etc/crowdsec/online_api_credentials.yaml ] && capi_enrolled=1
json_add_boolean "capi_enrolled" "$capi_enrolled"
# WAF Autoban statistics (from mitmproxy)
local waf_autoban_enabled=0
local waf_bans_today=0
local waf_threats_today=0
local waf_sensitivity=""
# WAF stats
json_add_boolean "waf_autoban_enabled" 0
json_add_string "waf_sensitivity" "moderate"
json_add_int "waf_bans_today" 0
json_add_int "waf_threats_today" 0
json_add_int "waf_autoban_total" 0
json_add_string "cache_status" "building"
json_dump
# Trigger async cache build
( refresh_overview_cache ) >/dev/null 2>&1 &
}
# refresh_overview_cache - builds full overview data (called by cron or async)
# This function does the heavy lifting with cscli calls
# Uses file I/O for large JSON to avoid jshn argument size limits
refresh_overview_cache() {
local tmpfile="/tmp/secubox/crowdsec-overview-tmp.$$.json"
local decisions_file="/tmp/secubox/decisions.$$.json"
local alerts_file="/tmp/secubox/alerts.$$.json"
# Service status
local cs_running=0
pgrep crowdsec >/dev/null 2>&1 && cs_running=1
local cs_status="stopped"
[ "$cs_running" = "1" ] && cs_status="running"
local bouncer_running=0
pgrep -f "crowdsec-firewall-bouncer" >/dev/null 2>&1 && bouncer_running=1
local bouncer_status="stopped"
[ "$bouncer_running" = "1" ] && bouncer_status="running"
# Version
local version="unknown"
[ -x "$CSCLI" ] && version=$("$CSCLI" version 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1)
[ -z "$version" ] && version="unknown"
# Initialize counters
local decisions_count=0 local_decisions=0 capi_decisions=0
local alerts_count=0 bouncers_count=0 scenario_count=0
local dropped_packets=0 dropped_bytes=0 processed_packets=0 processed_bytes=0
local scenarios="" countries=""
local waf_bans_today=0
# Initialize files with empty arrays
echo "[]" > "$decisions_file"
echo "[]" > "$alerts_file"
if [ "$cs_running" = "1" ] && [ -x "$CSCLI" ]; then
# FETCH ONCE: metrics
local metrics_output
metrics_output=$(run_with_timeout 5 "$CSCLI" metrics 2>/dev/null || echo "")
# FETCH ONCE: decisions with limit - extract just decision objects
# cscli returns nested alerts with decisions arrays, we extract flat decisions
"$CSCLI" decisions list -o json --limit 10 2>/dev/null | \
jsonfilter -e '@[*].decisions[*]' 2>/dev/null | \
head -10 | \
awk 'BEGIN{printf "["} NR>1{printf ","} {print} END{printf "]\n"}' > "$decisions_file"
[ ! -s "$decisions_file" ] && echo "[]" > "$decisions_file"
# Alerts are too large for ubus JSON, just use empty array
# The important data is in decisions_raw and the counts above
echo "[]" > "$alerts_file"
# FETCH ONCE: bouncers (count only)
local bouncers_json
bouncers_json=$(run_with_timeout 3 "$CSCLI" bouncers list -o json 2>/dev/null || echo "[]")
# Parse decisions count
local_decisions=$(grep -c '"id":' "$decisions_file" 2>/dev/null)
[ -z "$local_decisions" ] && local_decisions=0
# Parse CAPI decisions from metrics
if [ -n "$metrics_output" ]; then
capi_decisions=$(echo "$metrics_output" | grep 'CAPI.*ban' | awk -F'|' '{sum += $5} END {print int(sum)}')
fi
[ -z "$capi_decisions" ] && capi_decisions=0
decisions_count=$((local_decisions + capi_decisions))
# Parse alerts count
alerts_count=$(grep -c '"id":' "$alerts_file" 2>/dev/null)
[ -z "$alerts_count" ] && alerts_count=0
# Parse bouncers count
if [ -n "$bouncers_json" ] && [ "$bouncers_json" != "[]" ]; then
bouncers_count=$(echo "$bouncers_json" | grep -c '"name":' 2>/dev/null)
[ -z "$bouncers_count" ] && bouncers_count=0
fi
# Parse bouncer stats from metrics
if [ -n "$metrics_output" ]; then
local totals
totals=$(echo "$metrics_output" | grep -E '^\|.*Total' | head -1 | sed 's/|//g')
if [ -n "$totals" ]; then
dropped_bytes=$(echo "$totals" | awk '{v=$3; gsub(/k$/,"",v); gsub(/M$/,"",v); if(v~/\./){v=v*1000}; print v}')
dropped_packets=$(echo "$totals" | awk '{print $4}')
processed_bytes=$(echo "$totals" | awk '{v=$5; gsub(/k$/,"",v); gsub(/M$/,"",v); if(v~/\./){v=v*1000}; if(v=="-")v=0; print v}')
processed_packets=$(echo "$totals" | awk '{v=$6; gsub(/k$/,"",v); gsub(/M$/,"",v); if(v~/\./){v=v*1000}; if(v=="-")v=0; print v}')
fi
fi
# Parse scenarios from metrics
if [ -n "$metrics_output" ]; then
scenarios=$(echo "$metrics_output" | \
grep -E '^\| [a-z].*\| CAPI' | \
sed 's/|//g;s/^[ ]*//;s/[ ]*$//' | \
awk '{print $4, $1}' | sort -rn | head -5 | \
awk '{print "{\"scenario\":\"" $2 "\",\"count\":" $1 "}"}' | \
tr '\n' ',' | sed 's/,$//')
fi
# Parse countries from alerts file
countries=$(cat "$alerts_file" | \
jsonfilter -e '@[*].source.cn' 2>/dev/null | \
grep -v '^$' | sort | uniq -c | sort -rn | head -10 | \
awk '{print "{\"country\":\"" $2 "\",\"count\":" $1 "}"}' | \
tr '\n' ',' | sed 's/,$//')
# Scenario count from files
local sc1=$(ls -1 /etc/crowdsec/scenarios/*.yaml 2>/dev/null | wc -l)
local sc2=$(ls -1 /srv/crowdsec/hub/scenarios/*/*.yaml 2>/dev/null | wc -l)
[ -z "$sc1" ] && sc1=0
[ -z "$sc2" ] && sc2=0
scenario_count=$((sc1 + sc2))
# WAF bans count from decisions file
waf_bans_today=$(grep -c "mitmproxy-waf" "$decisions_file" 2>/dev/null)
[ -z "$waf_bans_today" ] && waf_bans_today=0
fi
# GeoIP status
local geoip_enabled=0
local data_path
data_path=$(grep "db_path:" /etc/crowdsec/config.yaml 2>/dev/null | awk '{print $2}' | xargs dirname 2>/dev/null)
[ -z "$data_path" ] && data_path="/srv/crowdsec/data"
[ -f "${data_path}/GeoLite2-City.mmdb" ] && geoip_enabled=1
[ -f "${data_path}/GeoLite2-ASN.mmdb" ] && geoip_enabled=1
[ -f "/var/lib/crowdsec/data/GeoLite2-City.mmdb" ] && geoip_enabled=1
# Acquisition count
local acquisition_count=0
if [ -d "/etc/crowdsec/acquis.d" ]; then
acquisition_count=$(ls -1 /etc/crowdsec/acquis.d/*.yaml 2>/dev/null | wc -l)
[ -z "$acquisition_count" ] && acquisition_count=0
fi
[ -f "/etc/crowdsec/acquis.yaml" ] && acquisition_count=$((acquisition_count + 1))
# LAPI status
local lapi_ok=0
local lapi_port=""
lapi_port=$(grep -oE ':[0-9]+/?$' /etc/crowdsec/local_api_credentials.yaml 2>/dev/null | tr -d ':/')
[ -z "$lapi_port" ] && lapi_port=$(grep 'listen_uri' /etc/crowdsec/config.yaml 2>/dev/null | grep -oE ':[0-9]+$' | tr -d ':')
[ -z "$lapi_port" ] && lapi_port=8080
local lapi_port_hex
lapi_port_hex=$(printf '%04X' "$lapi_port")
if [ "$cs_running" = "1" ] && grep -qi ":${lapi_port_hex} " /proc/net/tcp 2>/dev/null; then
lapi_ok=1
fi
local lapi_status="unavailable"
[ "$lapi_ok" = "1" ] && lapi_status="available"
# CAPI status
local capi_enrolled=0
[ -f /etc/crowdsec/online_api_credentials.yaml ] && capi_enrolled=1
# WAF stats
local waf_autoban_enabled=0
local waf_threats_today=0
local waf_sensitivity="moderate"
# Check if mitmproxy autoban is enabled
waf_autoban_enabled=$(uci -q get mitmproxy.autoban.enabled 2>/dev/null || echo 0)
waf_sensitivity=$(uci -q get mitmproxy.autoban.sensitivity 2>/dev/null || echo "moderate")
# Count WAF-originated bans in CrowdSec (reason contains "mitmproxy-waf")
if [ "$cs_running" = "1" ] && [ -x "$CSCLI" ]; then
waf_bans_today=$(run_cscli decisions list -o json 2>/dev/null | \
grep -c "mitmproxy-waf" 2>/dev/null || echo 0)
fi
# Count threats from mitmproxy log today
local threats_log="/srv/mitmproxy-in/threats.log"
if [ -f "$threats_log" ]; then
local today
@ -2449,26 +2518,69 @@ get_overview() {
waf_threats_today=$(grep -c "\"timestamp\": \"$today" "$threats_log" 2>/dev/null || echo 0)
fi
# Count processed autobans
local autoban_processed=0
local autoban_log="/srv/mitmproxy-in/autoban-processed.log"
if [ -f "$autoban_log" ]; then
autoban_processed=$(wc -l < "$autoban_log" 2>/dev/null || echo 0)
fi
json_add_boolean "waf_autoban_enabled" "$waf_autoban_enabled"
json_add_string "waf_sensitivity" "$waf_sensitivity"
json_add_int "waf_bans_today" "${waf_bans_today:-0}"
json_add_int "waf_threats_today" "${waf_threats_today:-0}"
json_add_int "waf_autoban_total" "${autoban_processed:-0}"
local cache_timestamp
cache_timestamp=$(date +%s)
json_dump
# Build logs array
local logs_json="[]"
if [ -f /var/log/crowdsec.log ]; then
logs_json=$(tail -n 30 /var/log/crowdsec.log 2>/dev/null | \
awk '{gsub(/"/,"\\\"",$0); print "\"" $0 "\""}' | \
tr '\n' ',' | sed 's/,$//' | sed 's/^/[/;s/$/]/')
fi
# Build JSON manually to avoid jshn argument size limits
cat > "$tmpfile" <<EOF
{
"crowdsec":"$cs_status",
"bouncer":"$bouncer_status",
"version":"$version",
"total_decisions":$decisions_count,
"local_decisions":$local_decisions,
"capi_decisions":$capi_decisions,
"alerts_24h":$alerts_count,
"bouncer_count":$bouncers_count,
"active_bans":$local_decisions,
"dropped_packets":"${dropped_packets:-0}",
"dropped_bytes":"${dropped_bytes:-0}",
"processed_packets":"${processed_packets:-0}",
"processed_bytes":"${processed_bytes:-0}",
"geoip_enabled":$([ "$geoip_enabled" = "1" ] && echo true || echo false),
"acquisition_count":$acquisition_count,
"scenario_count":$scenario_count,
"top_scenarios_raw":"[$scenarios]",
"top_countries_raw":"[$countries]",
"decisions_raw":$(cat "$decisions_file"),
"alerts_raw":$(cat "$alerts_file"),
"logs":$logs_json,
"lapi_status":"$lapi_status",
"capi_enrolled":$([ "$capi_enrolled" = "1" ] && echo true || echo false),
"waf_autoban_enabled":$([ "$waf_autoban_enabled" = "1" ] && echo true || echo false),
"waf_sensitivity":"$waf_sensitivity",
"waf_bans_today":$waf_bans_today,
"waf_threats_today":$waf_threats_today,
"waf_autoban_total":$autoban_processed,
"cache_timestamp":$cache_timestamp
}
EOF
# Atomic move
mv -f "$tmpfile" "$CROWDSEC_OVERVIEW_CACHE"
# Cleanup temp files
rm -f "$decisions_file" "$alerts_file"
}
# Main dispatcher
case "$1" in
list)
echo '{"get_overview":{},"decisions":{},"alerts":{"limit":"number"},"metrics":{},"bouncers":{},"machines":{},"hub":{},"status":{},"status_cached":{},"ban":{"ip":"string","duration":"string","reason":"string"},"unban":{"ip":"string"},"stats":{},"secubox_logs":{},"collect_debug":{},"waf_status":{},"metrics_config":{},"configure_metrics":{"enable":"string"},"collections":{},"install_collection":{"collection":"string"},"remove_collection":{"collection":"string"},"update_hub":{},"register_bouncer":{"bouncer_name":"string"},"delete_bouncer":{"bouncer_name":"string"},"firewall_bouncer_status":{},"control_firewall_bouncer":{"action":"string"},"firewall_bouncer_config":{},"update_firewall_bouncer_config":{"key":"string","value":"string"},"nftables_stats":{},"check_wizard_needed":{},"wizard_state":{},"repair_lapi":{},"repair_capi":{},"reset_wizard":{},"console_status":{},"console_enroll":{"key":"string","name":"string"},"console_disable":{},"service_control":{"action":"string"},"configure_acquisition":{"syslog_enabled":"string","firewall_enabled":"string","ssh_enabled":"string","http_enabled":"string","syslog_path":"string"},"acquisition_config":{},"acquisition_metrics":{},"health_check":{},"capi_metrics":{},"hub_available":{},"install_hub_item":{"item_type":"string","item_name":"string"},"remove_hub_item":{"item_type":"string","item_name":"string"},"get_settings":{},"save_settings":{"enrollment_key":"string","machine_name":"string","auto_enroll":"string"}}'
echo '{"get_overview":{},"decisions":{},"alerts":{"limit":"number"},"metrics":{},"bouncers":{},"machines":{},"hub":{},"status":{},"status_cached":{},"refresh_cache":{},"ban":{"ip":"string","duration":"string","reason":"string"},"unban":{"ip":"string"},"stats":{},"secubox_logs":{},"collect_debug":{},"waf_status":{},"metrics_config":{},"configure_metrics":{"enable":"string"},"collections":{},"install_collection":{"collection":"string"},"remove_collection":{"collection":"string"},"update_hub":{},"register_bouncer":{"bouncer_name":"string"},"delete_bouncer":{"bouncer_name":"string"},"firewall_bouncer_status":{},"control_firewall_bouncer":{"action":"string"},"firewall_bouncer_config":{},"update_firewall_bouncer_config":{"key":"string","value":"string"},"nftables_stats":{},"check_wizard_needed":{},"wizard_state":{},"repair_lapi":{},"repair_capi":{},"reset_wizard":{},"console_status":{},"console_enroll":{"key":"string","name":"string"},"console_disable":{},"service_control":{"action":"string"},"configure_acquisition":{"syslog_enabled":"string","firewall_enabled":"string","ssh_enabled":"string","http_enabled":"string","syslog_path":"string"},"acquisition_config":{},"acquisition_metrics":{},"health_check":{},"capi_metrics":{},"hub_available":{},"install_hub_item":{"item_type":"string","item_name":"string"},"remove_hub_item":{"item_type":"string","item_name":"string"},"get_settings":{},"save_settings":{"enrollment_key":"string","machine_name":"string","auto_enroll":"string"}}'
;;
call)
case "$2" in
@ -2498,6 +2610,10 @@ case "$1" in
status_cached)
get_cached_status
;;
refresh_cache)
refresh_overview_cache
echo '{"success": true}'
;;
ban)
read -r input
ip=$(echo "$input" | jsonfilter -e '@.ip' 2>/dev/null)

9
package/secubox/luci-app-mitmproxy/htdocs/luci-static/resources/view/mitmproxy/status.js
View File

@ -76,11 +76,18 @@ function severityIcon(sev) {
return view.extend({
load: function() {
// Load status and alerts first (fast)
// Bans can be slow due to CrowdSec CAPI, so set a shorter timeout
return Promise.all([
callStatus().catch(function() { return {}; }),
callAlerts().catch(function() { return { alerts: [] }; }),
callSubdomainMetrics().catch(function() { return { metrics: { subdomains: {} } }; }),
callBans().catch(function() { return { total: 0, mitmproxy_autoban: 0, crowdsec: 0, bans: [] }; })
Promise.race([
callBans(),
new Promise(function(_, reject) {
setTimeout(function() { reject(new Error('timeout')); }, 10000);
})
]).catch(function() { return { total: 0, mitmproxy_autoban: 0, crowdsec: 0, bans: [] }; })
]);
},

9
package/secubox/luci-app-mitmproxy/root/usr/libexec/rpcd/luci.mitmproxy
View File

@ -649,18 +649,21 @@ sync_routes() {
}
get_bans() {
# Get CrowdSec decisions as JSON and output directly
# Get CrowdSec decisions as JSON - limit to avoid timeout
# CAPI blocklists can have thousands of entries, so we only show local decisions
local bans_json="[]"
local total=0
local autoban=0
local crowdsec_count=0
if command -v cscli >/dev/null 2>&1; then
bans_json=$(cscli decisions list -o json 2>/dev/null)
# Get local decisions only (WAF auto-bans) - these are what users care about
# Using --limit to prevent huge output from CAPI blocklists
bans_json=$(cscli decisions list -o json --limit 100 2>/dev/null)
if [ -z "$bans_json" ] || [ "$bans_json" = "null" ]; then
bans_json="[]"
else
# Count using grep on the raw JSON - patterns match with/without spaces
# Count using grep on the raw JSON
total=$(echo "$bans_json" | grep -c '"id":' 2>/dev/null) || total=0
autoban=$(echo "$bans_json" | grep -c '"origin":.*"cscli"' 2>/dev/null) || autoban=0
crowdsec_count=$(echo "$bans_json" | grep -c '"origin":.*"crowdsec"' 2>/dev/null) || crowdsec_count=0

43
package/secubox/secubox-app-streamlit-control/files/usr/share/streamlit-control/lib/ubus_client.py
View File

@ -298,3 +298,46 @@ class UbusClient:
def streamlit_status(self, app_id: str) -> Dict:
"""Get Streamlit app status"""
return self.call("luci.streamlit-forge", "status", {"id": app_id}) or {}
def streamlit_templates(self) -> List[Dict]:
"""Get available templates"""
result = self.call("luci.streamlit-forge", "templates")
return result.get("templates", []) if result else []
def streamlit_create(self, name: str, template: str = "basic") -> Dict:
"""Create new Streamlit app"""
return self.call("luci.streamlit-forge", "create", {
"name": name,
"template": template
}) or {}
def streamlit_start(self, name: str) -> Dict:
"""Start Streamlit app"""
return self.call("luci.streamlit-forge", "start", {"name": name}) or {}
def streamlit_stop(self, name: str) -> Dict:
"""Stop Streamlit app"""
return self.call("luci.streamlit-forge", "stop", {"name": name}) or {}
def streamlit_restart(self, name: str) -> Dict:
"""Restart Streamlit app"""
return self.call("luci.streamlit-forge", "restart", {"name": name}) or {}
def streamlit_delete(self, name: str) -> Dict:
"""Delete Streamlit app"""
return self.call("luci.streamlit-forge", "delete", {"name": name}) or {}
def streamlit_expose(self, name: str, domain: str) -> Dict:
"""Expose Streamlit app with HAProxy vhost"""
return self.call("luci.streamlit-forge", "expose", {
"name": name,
"domain": domain
}) or {}
def streamlit_hide(self, name: str) -> Dict:
"""Hide Streamlit app (remove HAProxy vhost)"""
return self.call("luci.streamlit-forge", "hide", {"name": name}) or {}
def streamlit_info(self, name: str) -> Dict:
"""Get detailed app info"""
return self.call("luci.streamlit-forge", "info", {"name": name}) or {}

213
package/secubox/secubox-app-streamlit-control/files/usr/share/streamlit-control/pages/3_📊_Streamlit.py
View File

@ -1,11 +1,12 @@
"""
Streamlit Apps Manager - Phase 3
Manage Streamlit Forge applications with auto-refresh
Streamlit Apps Manager - Phase 4
Deploy, manage, and expose Streamlit Forge applications
"""
import streamlit as st
import sys
import os
import re
sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
@ -18,7 +19,7 @@ ubus = require_auth()
st.sidebar.markdown("## 🎛️ SecuBox Control")
show_user_menu()
page_header("Streamlit Apps", "Manage Streamlit Forge applications", "📊")
page_header("Streamlit Apps", "Deploy and manage Streamlit Forge applications", "📊")
# Permission check
has_write = can_write()
@ -27,18 +28,86 @@ if not has_write:
# Auto-refresh
auto_refresh_toggle("streamlit_apps", intervals=[10, 30, 60])
# ==========================================
# One-Click Deploy Section (like metablogizer)
# ==========================================
if has_write:
with st.expander(" **Create New App**", expanded=False):
st.caption("Create a new Streamlit app from template or upload")
col1, col2, col3 = st.columns([2, 2, 2])
with col1:
app_name = st.text_input(
"App Name",
placeholder="myapp",
key="create_app_name",
help="Lowercase letters, numbers, underscores only"
)
with col2:
# Get available templates
templates = ubus.streamlit_templates()
template_names = [t.get("name", t) if isinstance(t, dict) else t for t in templates]
if not template_names:
template_names = ["basic", "dashboard", "data-viewer"]
template = st.selectbox(
"Template",
options=template_names,
key="create_template",
help="Choose a starter template"
)
with col3:
expose_domain = st.text_input(
"Domain (optional)",
placeholder="myapp.gk2.secubox.in",
key="create_domain",
help="Auto-expose with HAProxy + SSL"
)
# Create button
if st.button("🚀 Create App", type="primary", key="create_btn"):
if not app_name:
st.error("App name is required")
elif not re.match(r'^[a-z0-9_]+$', app_name):
st.error("Name must be lowercase letters, numbers, and underscores only")
else:
with st.spinner(f"Creating {app_name}..."):
result = ubus.streamlit_create(app_name, template)
if result.get("success"):
st.success(f"App '{app_name}' created!")
# Auto-expose if domain provided
if expose_domain:
with st.spinner(f"Exposing at {expose_domain}..."):
expose_result = ubus.streamlit_expose(app_name, expose_domain)
if expose_result.get("success"):
st.success(f"Exposed at https://{expose_domain}")
else:
st.warning(f"Created but expose failed: {expose_result.get('error', 'Unknown')}")
st.rerun()
else:
st.error(f"Failed: {result.get('error', 'Unknown error')}")
st.markdown("---")
# ==========================================
# Apps List
# ==========================================
# Fetch apps
with st.spinner("Loading apps..."):
apps = ubus.streamlit_list()
if not apps:
st.info("No Streamlit apps configured.")
if has_write:
st.markdown("**Create apps using CLI:**")
st.code("slforge create myapp", language="bash")
st.markdown("Use **Create New App** above to get started!")
else:
# Stats
running = sum(1 for app in apps if app.get("status") == "running")
@ -54,23 +123,32 @@ else:
st.markdown("---")
# Filter
search = st.text_input("Filter apps", placeholder="Search by name...", key="app_search")
if search:
search_lower = search.lower()
apps = [a for a in apps if search_lower in a.get("name", "").lower()]
for idx, app in enumerate(apps):
app_id = app.get("id", "") or f"app_{idx}"
app_id = app.get("id", "") or app.get("name", "") or f"app_{idx}"
name = app.get("name", "unknown")
port = app.get("port", "")
status = app.get("status", "stopped")
url = app.get("url", "")
domain = app.get("domain", "")
enabled = app.get("enabled", "0")
# Create unique key combining index and app_id
key_base = f"{idx}_{app_id}"
# Create unique key
key_base = f"{idx}_{name}"
is_running = status == "running"
col1, col2, col3, col4 = st.columns([3, 1, 1, 2])
col1, col2, col3, col4, col5 = st.columns([3, 1, 1, 1, 2])
with col1:
st.markdown(f"**{name}**")
if port:
st.caption(f"Port: {port}")
if domain:
st.caption(f"🌐 {domain}")
with col2:
if is_running:
@ -79,54 +157,113 @@ else:
st.markdown(badge("stopped"), unsafe_allow_html=True)
with col3:
if is_running and url:
st.link_button("🔗 Open", url)
elif is_running and port:
st.link_button("🔗 Open", f"http://192.168.255.1:{port}")
if domain:
st.markdown(badge("ssl_ok", "Exposed"), unsafe_allow_html=True)
else:
st.markdown(badge("private", "Private"), unsafe_allow_html=True)
with col4:
if is_running and port:
st.link_button("🔗", f"http://192.168.255.1:{port}", help="Open app")
elif is_running and domain:
st.link_button("🔗", f"https://{domain}", help="Open app")
with col5:
if has_write:
c1, c2, c3 = st.columns(3)
c1, c2, c3, c4 = st.columns(4)
with c1:
if is_running:
if st.button("⏹️", key=f"stop_{key_base}", help="Stop"):
with st.spinner(f"Stopping {name}..."):
ubus.call("luci.streamlit-forge", "stop", {"id": app_id})
ubus.streamlit_stop(name)
st.rerun()
else:
if st.button("▶️", key=f"start_{key_base}", help="Start"):
with st.spinner(f"Starting {name}..."):
ubus.call("luci.streamlit-forge", "start", {"id": app_id})
ubus.streamlit_start(name)
st.rerun()
with c2:
if st.button("🔄", key=f"restart_{key_base}", help="Restart"):
with st.spinner(f"Restarting {name}..."):
ubus.call("luci.streamlit-forge", "stop", {"id": app_id})
import time
time.sleep(1)
ubus.call("luci.streamlit-forge", "start", {"id": app_id})
ubus.streamlit_restart(name)
st.rerun()
with c3:
if domain:
if st.button("🔒", key=f"hide_{key_base}", help="Hide"):
st.session_state[f"hide_{name}"] = True
else:
if st.button("🌐", key=f"expose_{key_base}", help="Expose"):
st.session_state[f"expose_{name}"] = True
with c4:
if st.button("🗑️", key=f"del_{key_base}", help="Delete"):
st.session_state[f"confirm_delete_{app_id}"] = True
# Delete confirmation
if st.session_state.get(f"confirm_delete_{app_id}"):
st.warning(f"Delete {name}? This cannot be undone.")
col_a, col_b = st.columns(2)
with col_a:
if st.button("Cancel", key=f"cancel_del_{key_base}"):
st.session_state[f"confirm_delete_{app_id}"] = False
st.rerun()
with col_b:
if st.button("Confirm Delete", key=f"confirm_del_{key_base}", type="primary"):
with st.spinner(f"Deleting {name}..."):
ubus.call("luci.streamlit-forge", "delete", {"id": app_id})
st.session_state[f"confirm_delete_{app_id}"] = False
st.rerun()
st.session_state[f"confirm_delete_{name}"] = True
else:
st.caption("View only")
# ==========================================
# Modal Dialogs
# ==========================================
# Expose Modal
if st.session_state.get(f"expose_{name}"):
with st.container():
st.markdown(f"##### 🌐 Expose: {name}")
new_domain = st.text_input(
"Domain",
value=f"{name}.gk2.secubox.in",
key=f"expose_domain_{key_base}"
)
col_a, col_b = st.columns(2)
with col_a:
if st.button("Cancel", key=f"expose_cancel_{key_base}"):
st.session_state[f"expose_{name}"] = False
st.rerun()
with col_b:
if st.button("Expose", key=f"expose_confirm_{key_base}", type="primary"):
with st.spinner(f"Exposing at {new_domain}..."):
result = ubus.streamlit_expose(name, new_domain)
st.session_state[f"expose_{name}"] = False
if result.get("success"):
st.success(f"Exposed at https://{new_domain}")
else:
st.error(f"Failed: {result.get('error', 'Unknown')}")
st.rerun()
# Hide Modal
if st.session_state.get(f"hide_{name}"):
st.warning(f"Remove public exposure for {name}?")
col_a, col_b = st.columns(2)
with col_a:
if st.button("Cancel", key=f"hide_cancel_{key_base}"):
st.session_state[f"hide_{name}"] = False
st.rerun()
with col_b:
if st.button("Hide", key=f"hide_confirm_{key_base}", type="primary"):
with st.spinner(f"Hiding {name}..."):
result = ubus.streamlit_hide(name)
st.session_state[f"hide_{name}"] = False
if result.get("success"):
st.success("App is now private")
else:
st.error(f"Failed: {result.get('error', 'Unknown')}")
st.rerun()
# Delete confirmation
if st.session_state.get(f"confirm_delete_{name}"):
st.error(f"⚠️ Delete {name}? This cannot be undone.")
col_a, col_b = st.columns(2)
with col_a:
if st.button("Cancel", key=f"cancel_del_{key_base}"):
st.session_state[f"confirm_delete_{name}"] = False
st.rerun()
with col_b:
if st.button("Delete", key=f"confirm_del_{key_base}", type="primary"):
with st.spinner(f"Deleting {name}..."):
ubus.streamlit_delete(name)
st.session_state[f"confirm_delete_{name}"] = False
st.rerun()
st.markdown("---")
# Footer
st.caption(f"Total apps: {len(apps)}")

250
package/secubox/secubox-app-streamlit-control/files/usr/share/streamlit-control/pages/6_🛡️_Security.py
View File

@ -1,6 +1,6 @@
"""
Security Dashboard - Phase 3
WAF, CrowdSec, Firewall with auto-refresh
Security Dashboard - Phase 4
WAF, CrowdSec, Firewall with correct data display
"""
import streamlit as st
@ -29,26 +29,44 @@ with st.spinner("Loading security status..."):
mitmproxy = ubus.mitmproxy_status()
crowdsec = ubus.crowdsec_status()
# Parse CrowdSec status correctly
# The crowdsec_status() returns various formats depending on the RPCD handler
# ==========================================
# Parse mitmproxy WAF status
# ==========================================
waf_running = mitmproxy.get("running", False)
waf_enabled = mitmproxy.get("enabled", False)
waf_threats = mitmproxy.get("threats_today", 0)
waf_autobans = mitmproxy.get("autobans_today", 0)
waf_autobans_total = mitmproxy.get("autobans_total", 0)
waf_autobans_pending = mitmproxy.get("autobans_pending", 0)
waf_autoban_enabled = mitmproxy.get("autoban_enabled", False)
waf_sensitivity = mitmproxy.get("autoban_sensitivity", "moderate")
waf_web_port = mitmproxy.get("web_port", 8088)
waf_proxy_port = mitmproxy.get("proxy_port", 8888)
waf_mode = mitmproxy.get("mode", "regular")
# ==========================================
# Parse CrowdSec status
# ==========================================
# Handle various response formats
cs_state = crowdsec.get("crowdsec", crowdsec.get("status", "unknown"))
if isinstance(cs_state, str):
cs_running = cs_state.lower() in ("running", "active", "ok")
elif isinstance(cs_state, bool):
cs_running = cs_state
else:
cs_running = bool(cs_state)
cs_running = False
# Get stats from crowdsec response
cs_decisions = crowdsec.get("active_decisions", crowdsec.get("decisions_count", 0))
cs_alerts = crowdsec.get("alerts_today", crowdsec.get("alerts", 0))
cs_bouncers = crowdsec.get("bouncers", crowdsec.get("bouncer_count", 0))
cs_bouncer = crowdsec.get("bouncer", "unknown")
cs_bouncer_running = cs_bouncer.lower() == "running" if isinstance(cs_bouncer, str) else False
cs_decisions = crowdsec.get("total_decisions", crowdsec.get("active_decisions", crowdsec.get("local_decisions", 0)))
cs_alerts = crowdsec.get("alerts_24h", crowdsec.get("alerts", 0))
cs_bouncers = crowdsec.get("bouncer_count", 0)
cs_version = crowdsec.get("version", "unknown")
cs_geoip = crowdsec.get("geoip_enabled", False)
# WAF stats
waf_running = mitmproxy.get("running", False)
waf_threats = mitmproxy.get("threats_today", 0)
waf_blocked = mitmproxy.get("blocked_today", 0)
waf_port = mitmproxy.get("port", 22222)
# Status cards row
# ==========================================
# Status Overview
# ==========================================
st.markdown("### 📊 Status Overview")
col1, col2, col3, col4 = st.columns(4)
@ -56,7 +74,7 @@ with col1:
status_card(
"WAF (mitmproxy)",
"Running" if waf_running else "Stopped",
f"Port {waf_port}",
f"Mode: {waf_mode}",
"🛡️",
"#10b981" if waf_running else "#ef4444"
)
@ -64,8 +82,8 @@ with col1:
with col2:
status_card(
"Threats Today",
f"{waf_threats:,}" if waf_threats else "0",
f"{waf_blocked:,} blocked" if waf_blocked else "0 blocked",
f"{waf_threats:,}" if isinstance(waf_threats, int) else str(waf_threats),
f"{waf_autobans:,} auto-bans" if isinstance(waf_autobans, int) else "0 auto-bans",
"⚠️",
"#f59e0b" if waf_threats > 0 else "#10b981"
)
@ -81,62 +99,112 @@ with col3:
with col4:
status_card(
"Firewall",
"Active",
"nftables",
"Bouncer",
"Running" if cs_bouncer_running else "Stopped",
f"{cs_bouncers} registered",
"🔥",
"#10b981"
"#10b981" if cs_bouncer_running else "#ef4444"
)
st.markdown("---")
# Tabs for detailed views
tab1, tab2, tab3 = st.tabs(["🛡️ WAF Threats", "🚫 CrowdSec", "📈 Stats"])
# ==========================================
# Detailed Tabs
# ==========================================
tab1, tab2, tab3, tab4 = st.tabs(["🛡️ WAF Status", "📋 WAF Alerts", "🚫 CrowdSec", "📈 Stats"])
with tab1:
st.markdown("### Recent WAF Threats")
st.markdown("### WAF Configuration")
threats = ubus.mitmproxy_threats(limit=30)
col1, col2 = st.columns(2)
if threats:
# Summary
st.markdown(f"Showing {len(threats)} most recent threats")
with col1:
st.markdown("#### Service")
st.markdown(f"- **Status**: {'🟢 Running' if waf_running else '🔴 Stopped'}")
st.markdown(f"- **Mode**: {waf_mode}")
st.markdown(f"- **Proxy Port**: {waf_proxy_port}")
st.markdown(f"- **Web UI Port**: {waf_web_port}")
# Headers
col1, col2, col3, col4, col5 = st.columns([2, 3, 2, 1, 1])
with col1:
st.markdown("**Source IP**")
with col2:
st.markdown("**URL/Path**")
with col3:
st.markdown("**Category**")
with col4:
st.markdown("**Severity**")
with col5:
if waf_running:
st.link_button("🔗 Open Web UI", f"http://192.168.255.1:{waf_web_port}")
with col2:
st.markdown("#### Auto-Ban")
st.markdown(f"- **Enabled**: {'✅ Yes' if waf_autoban_enabled else '❌ No'}")
st.markdown(f"- **Sensitivity**: {waf_sensitivity}")
st.markdown(f"- **Total Bans**: {waf_autobans_total:,}")
st.markdown(f"- **Pending**: {waf_autobans_pending}")
st.markdown("---")
# HAProxy Integration
haproxy_router = mitmproxy.get("haproxy_router_enabled", False)
haproxy_port = mitmproxy.get("haproxy_listen_port", 22222)
st.markdown("#### HAProxy Integration")
if haproxy_router:
st.success(f"✅ HAProxy inspection enabled on port {haproxy_port}")
else:
st.info("HAProxy inspection is disabled")
with tab2:
st.markdown("### Recent WAF Alerts")
# Fetch alerts
alerts = ubus.mitmproxy_threats(limit=50)
if alerts:
st.markdown(f"Showing {len(alerts)} recent threats")
# Table headers
cols = st.columns([2, 3, 2, 2, 1, 1])
with cols[0]:
st.markdown("**Time**")
with cols[1]:
st.markdown("**Source IP**")
with cols[2]:
st.markdown("**Host**")
with cols[3]:
st.markdown("**Type**")
with cols[4]:
st.markdown("**Severity**")
with cols[5]:
st.markdown("**Country**")
st.markdown("---")
for idx, threat in enumerate(threats):
col1, col2, col3, col4, col5 = st.columns([2, 3, 2, 1, 1])
for idx, alert in enumerate(alerts[:30]):
# Parse alert fields
timestamp = alert.get("timestamp", "")
if timestamp and "T" in timestamp:
time_part = timestamp.split("T")[1].split(".")[0] if "T" in timestamp else timestamp[:8]
else:
time_part = str(timestamp)[:8]
with col1:
ip = threat.get("ip", threat.get("source_ip", "unknown"))
st.write(ip)
source_ip = alert.get("source_ip", alert.get("ip", "-"))
host = alert.get("host", "-")
alert_type = alert.get("type", alert.get("pattern", alert.get("category", "-")))
severity = alert.get("severity", "low").lower()
country = alert.get("country", "-")
with col2:
url = threat.get("url", threat.get("path", threat.get("request", "")))
# Truncate long URLs
if len(url) > 50:
url = url[:47] + "..."
st.write(url)
cols = st.columns([2, 3, 2, 2, 1, 1])
with col3:
category = threat.get("category", threat.get("type", "unknown"))
st.write(category)
with cols[0]:
st.caption(time_part)
with col4:
severity = threat.get("severity", "low").lower()
with cols[1]:
st.code(source_ip, language=None)
with cols[2]:
# Truncate long hosts
if len(host) > 20:
host = host[:17] + "..."
st.caption(host)
with cols[3]:
st.caption(alert_type)
with cols[4]:
if severity == "critical":
st.markdown(badge("error", "CRIT"), unsafe_allow_html=True)
elif severity == "high":
@ -146,80 +214,82 @@ with tab1:
else:
st.markdown(badge("success", "LOW"), unsafe_allow_html=True)
with col5:
timestamp = threat.get("timestamp", threat.get("time", ""))
# Show just time portion if available
if timestamp and " " in str(timestamp):
timestamp = str(timestamp).split(" ")[-1]
st.caption(timestamp[:8] if timestamp else "-")
with cols[5]:
st.caption(country)
else:
st.success("✅ No recent threats detected")
st.caption("The WAF is protecting your services. Check back later for threat activity.")
st.caption("The WAF is protecting your services.")
with tab2:
with tab3:
st.markdown("### CrowdSec Security")
# CrowdSec status details
col1, col2 = st.columns(2)
with col1:
st.markdown("#### Engine Status")
st.markdown(f"- **Status**: {cs_state}")
st.markdown(f"- **Active Decisions**: {cs_decisions}")
st.markdown(f"- **Alerts Today**: {cs_alerts}")
st.markdown(f"- **Bouncers**: {cs_bouncers}")
st.markdown(f"- **CrowdSec**: {'🟢 Running' if cs_running else '🔴 Stopped'}")
st.markdown(f"- **Bouncer**: {'🟢 Running' if cs_bouncer_running else '🔴 Stopped'}")
st.markdown(f"- **Version**: {cs_version}")
st.markdown(f"- **GeoIP**: {'✅ Enabled' if cs_geoip else '❌ Disabled'}")
with col2:
st.markdown("#### Version Info")
version = crowdsec.get("version", crowdsec.get("crowdsec_version", "N/A"))
st.markdown(f"- **Version**: {version}")
lapi = crowdsec.get("lapi_status", crowdsec.get("lapi", "N/A"))
st.markdown(f"- **LAPI**: {lapi}")
st.markdown("#### Statistics")
st.markdown(f"- **Active Decisions**: {cs_decisions}")
st.markdown(f"- **Alerts (24h)**: {cs_alerts}")
st.markdown(f"- **Bouncers**: {cs_bouncers}")
st.markdown("---")
st.markdown("#### Active Decisions (Bans)")
# Active decisions
st.markdown("#### Active Bans")
decisions = ubus.crowdsec_decisions(limit=30)
if decisions:
for decision in decisions:
for decision in decisions[:20]:
col1, col2, col3, col4 = st.columns([2, 3, 2, 1])
with col1:
value = decision.get("value", decision.get("ip", "unknown"))
st.write(f"🚫 {value}")
ip = decision.get("value", decision.get("ip", "unknown"))
st.code(ip, language=None)
with col2:
reason = decision.get("reason", decision.get("scenario", ""))
st.write(reason)
if len(reason) > 40:
reason = reason[:37] + "..."
st.caption(reason)
with col3:
origin = decision.get("origin", decision.get("source", ""))
st.caption(origin)
origin = decision.get("origin", decision.get("source", "unknown"))
if origin == "cscli":
st.markdown(badge("warning", "WAF"), unsafe_allow_html=True)
elif origin == "crowdsec":
st.markdown(badge("info", "CAPI"), unsafe_allow_html=True)
else:
st.caption(origin)
with col4:
duration = decision.get("duration", decision.get("remaining", ""))
st.caption(duration)
else:
st.success("✅ No active bans")
st.caption("All traffic is currently allowed through the firewall.")
with tab3:
with tab4:
st.markdown("### Security Statistics")
# Quick stats from available data
col1, col2 = st.columns(2)
with col1:
st.markdown("#### WAF Summary")
st.metric("Threats Today", waf_threats)
st.metric("Blocked Requests", waf_blocked)
st.metric("Status", "🟢 Active" if waf_running else "🔴 Inactive")
st.metric("Threats Today", f"{waf_threats:,}" if isinstance(waf_threats, int) else waf_threats)
st.metric("Auto-Bans Today", f"{waf_autobans:,}" if isinstance(waf_autobans, int) else waf_autobans)
st.metric("Total Auto-Bans", f"{waf_autobans_total:,}" if isinstance(waf_autobans_total, int) else waf_autobans_total)
st.metric("Pending Bans", f"{waf_autobans_pending:,}" if isinstance(waf_autobans_pending, int) else waf_autobans_pending)
with col2:
st.markdown("#### CrowdSec Summary")
st.metric("Active Bans", cs_decisions)
st.metric("Alerts Today", cs_alerts)
st.metric("Active Decisions", cs_decisions)
st.metric("Alerts (24h)", cs_alerts)
st.metric("Bouncers", cs_bouncers)
st.metric("Status", "🟢 Active" if cs_running else "🔴 Inactive")
st.markdown("---")