- Remove docker/bind-server from ARM (not available)
- Use simpler package set for ARM targets
- Fix rockchip profile name
- Keep x86-64 with full package set
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- New build-secubox-vm.yml for ready-to-use SecuBox VM images
- Uses OpenWrt 24.10.5 (latest stable release)
- Builds VMDK, VDI, QCOW2 formats for all VM platforms
- Includes all SecuBox LuCI packages pre-installed
- Docker support enabled (dockerd, docker-compose)
- Virtio drivers and QEMU guest tools for KVM/Proxmox
- Configurable rootfs size (512MB-4GB)
- Manual dispatch + automatic on version tags
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
UI:
- Clean card grid with colored stat values
- Services status bar (HAProxy, WAF, CrowdSec) with glowing dots
- Two-panel layout for WAF/Security and Connections
- Live clock with pulsing indicator
- Proper KissTheme.wrap() integration
Performance:
- Double-buffer cache at /tmp/secubox/metrics-cache.json
- 30s TTL with async background refresh
- Cron job for periodic cache updates
- Instant RPCD response (no computation on request)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added LuCI Metrics Dashboard to HISTORY.md
- Documented WAF hot-reload discovery
- Updated WIP.md with completed work
- Noted HAProxy health check fix and test site cleanup
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- New heatmap.js component with SVG world map and country centroids
- Colored dots show threat distribution: orange (local), cyan (CAPI), red (WAF)
- Dot size scales logarithmically with threat count (4-20px)
- Hover tooltips show country code and count
- Added geo_local_raw and geo_capi_raw fields to RPCD backend
- CAPI geo extraction from decisions with GeoIP metadata
- CSS styling for heatmap container, dots, and legend
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move Web Interface section to top for visibility
- Always show Open Lyrion Web UI button with dynamic URL
- Display URL text next to button
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- New secubox-app-smtp-relay package with centralized SMTP config
- Shared library with send_mail(), send_html_mail(), send_text_mail()
- CLI: smtp-relayctl with status/test/send/configure/admin commands
- RPCD: 5 methods for LuCI integration
- LuCI settings page with mode selection and test button
- Modes: external (SMTP server), local (auto-detect mailserver), direct
- Migrated reporter and bandwidth-manager to use shared library
- Backwards-compatible fallback to legacy per-app config
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added LAN passive flow analysis to HISTORY.md
- Updated WIP.md with completed DPI work
- Noted mitmproxy-out removal and detection fix
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- 2D joystick controls true CSS 3D perspective (rotateX/rotateY)
- Color cycle toggle: 🎨 button enables/disables spectrum animation
- Default colorset changed to RGB with cycling OFF
- Depth slider for zoom, pixel ring for cell size
- CSS perspective: 1200px for 3D depth effect
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- secubox-app-maltego: Transform Distribution Server in LXC
- Python-based transform execution engine
- REST API compatible with Maltego desktop client
- Custom transform support via /srv/maltego/transforms/
- secubox-app-sherlock: Username hunting across social networks
- Sherlock + Holehe integration for username/email OSINT
- maigret, theHarvester, socialscan also installed
- REST API with async task execution
Both tools exposed via HAProxy at:
- https://maltego.gk2.secubox.in/
- https://sherlock.gk2.secubox.in/
Streamlit OSINT dashboard deployed at:
- https://osint.gk2.secubox.in/
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Install python3 for wrapper script
- Use nzbhydra2wrapperPy3.py instead of native binary
- Download generic release (not linux-specific)
- Handle already-installed case
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- WIP.md: Added Config Vault and System Hardware Report to completed items
- WIP.md: Updated Next Up section (removed completed Session Replay)
- HISTORY.md: Added entry 102 for System Hardware Report
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New packages:
- secubox-app-config-vault: Git-based config versioning CLI (configvaultctl)
- luci-app-config-vault: KISS-themed dashboard with status rings
Features:
- 9 configuration modules (users, network, services, security, etc.)
- Auto-commit and auto-push to private Gitea repository
- Export/import clone tarballs for device provisioning
- Commit history browser with restore capability
Also adds System Hardware Report to secubox-app-reporter:
- CPU/Memory/Disk/Temperature gauges with animations
- Environmental impact card (power/kWh/CO₂ estimates)
- Health recommendations based on system metrics
- Debug log viewer with severity highlighting
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- HISTORY.md: Added LuCI dashboard and RPCD methods to entry #100
- WIP.md: Updated with LuCI frontend details
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Problem: get_overview RPC was timing out (30s+) due to 12+ sequential
cscli calls with CAPI data, causing "TypeError: can't assign to property
'countries' on 5" in LuCI.
Solution:
- Pre-cached architecture with /tmp/secubox/crowdsec-overview.json
- get_overview() returns cached data instantly (0.08s)
- refresh_overview_cache() runs via cron every minute
- Reduced cscli calls from 12 to 4 (metrics, decisions, alerts, bouncers)
- Extract flat decisions array using jsonfilter
- Manual JSON building to avoid jshn argument size limits
- Add /etc/cron.d/crowdsec-dashboard for periodic refresh
Also includes:
- Streamlit Control: Deploy functionality like metablogizer
- Streamlit Control: Enhanced Security page with WAF/CrowdSec data
- mitmproxy LuCI: Add timeout race to prevent page hang
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Custom ASCII art banner with SecuBox branding
- Shows helpful info: CLI help, dashboard URL
- Installed to /etc/banner on device
- Added to conffiles for upgrade preservation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- PeerTube port conflict resolved (9001 → 9002)
- Lyrion moved to port 9000
- Fixed PeerTube database hostname config
- Updated mitmproxy routes for both services
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix get_next_port() to check both uhttpd and metablogizer configs
- Add check-ports command to scan for duplicate port assignments
- Add fix-ports command to auto-assign new ports to duplicates
- Update WIP.md with 2026-03-10 changes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- WIP.md: Add health check panel and admin routing entries
- HISTORY.md: Add entries #79-80 for health check and WAF routing
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add get_service_health RPCD method to check all HAProxy routes
- Integrate /usr/sbin/service-health-check for backend HTTP probing
- Add health panel in services.js with up/down stats and health %
- Display down services list with tooltips showing IP:port
- Add refresh button for manual health check trigger
- Update ACL with get_service_health read permission
- 5-minute cache for health data with force-refresh option
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- 4-layer architecture visualization (Core, AI, MirrorNet, Certification)
- 22+ features with dependency tracking (dependsOn/usedBy)
- 80+ components with status indicators
- Interactive filters: layer, status, category with localStorage persistence
- Feature cards: click to expand and see full dependencies
- Live RPCD data refresh (60s auto-refresh)
- Standalone HTML page for public access (/dev-status.html)
- ES5 compatible for older browsers
- Milestone timeline to v1.0
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Complete module inventory (185 packages across 10 domains)
- 4-layer architecture documentation (Core, AI, MirrorNet, Certification)
- All backend packages and LuCI apps with status indicators
- Production deployment statistics (C3BOX gk2)
- Roadmap to v1.0 with milestones
- CLI quick reference and directory structure
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
