- Consider sync OK when CAPI blocklists are active (capi_elements > 0)
even if local decisions = 0
- Add capi_elements_count to health response
- Fixes false "Out of sync" warning when using community blocklists
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move UCI defaults script for auto-registration to cs-firewall-bouncer
- Remove redundant secubox-app-crowdsec-bouncer wrapper package
- Update luci-app-crowdsec-dashboard reference to new package name
- Increment PKG_RELEASE to 3
The defaults script handles:
- Automatic bouncer registration with CrowdSec LAPI
- Interface detection for LAN/WAN
- API key generation and UCI config update
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rename crowdsec-firewall-bouncer to secubox-app-cs-firewall-bouncer
- Rename secubox-auth-logger to secubox-app-auth-logger
- Delete secubox-crowdsec-setup (merged into other packages)
- Fix circular dependencies in luci-app-secubox-crowdsec
- Fix dependency chain in secubox-app-crowdsec-bouncer
- Add consolidated get_overview API to crowdsec-dashboard
- Improve crowdsec-dashboard overview performance
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The new get_overview RPC method was missing from the ACL file,
causing "Access denied" errors in the frontend.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Consolidate multiple dashboard API calls into a single get_overview RPC
method to reduce network overhead and improve page load performance.
The frontend now transforms the consolidated response to maintain
compatibility with existing view logic. Also increases poll interval
from 30s to 60s.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix typo seccubox_logs -> secubox_logs
- Get country data from alerts (source.cn) instead of decisions
- Display CrowdSec logs instead of non-existent secubox.log
- Rename "SecuBox Log Tail" to "CrowdSec Logs"
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
CrowdSec decisions don't contain country data. GeoIP enricher adds
country info to alerts (source.cn or source.country field).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move Debug Console from Client Guardian to System Hub
- Add Auto-Zoning Rules dedicated view in Client Guardian
- Add public pages for Bug Bounty and Crowdfunding (no ACL)
- Fix auth-logger to only detect real login attempts
- Add private IP whitelist for CrowdSec (RFC1918 ranges)
- Update navigation menus across all apps
- Bump secubox-auth-logger to v1.2.2
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Local Protection Mode banner when CAPI unavailable (LAPI still works)
- Save enrollment key to UCI config for future repairs
- Improve text contrast in wizard (better readability)
- Simplify LAPI repair function based on official OpenWrt approach
- Never delete CAPI credentials to avoid rate-limiting
- Add get_settings/save_settings RPC methods
- Bump version to 0.7.0-r27
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add automatic restart after successful console enrollment
- Update wizard UI to inform user about validation on app.crowdsec.net
- Service must restart after enrollment is validated on CrowdSec Console
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Service restarts during bouncer registration and service start can
cause XHR connections to abort. Treat these as success since the
operation likely completed.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New wizard approach:
- Automatic health check on load (LAPI, CAPI, Bouncer, nftables, collections)
- Single configuration page with all options visible
- Only repairs what's broken
- No hub update without CAPI connection
- Single "Apply Configuration" button at the end
- Progress bar during apply
- Summary of what was done at completion
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Treat XHR abort as success when CrowdSec restarts after acquisition config
- Auto-advance to Step 5 after brief delay
- Bump to 0.7.0-r21
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- repair_lapi() now removes stale online_api_credentials.yaml and retries
- New repair_capi() function for dedicated CAPI repair
- console_enroll() handles CAPI credential cleanup before retry
- Added repairCapi API method in frontend
- Bump luci-app-crowdsec-dashboard to 0.7.0-r20
- Add openwrt-luci-bf.yaml scenario for LuCI brute force detection
- Add secubox-auth-acquis.yaml acquisition config
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The serviceWarning variable was null when CrowdSec is running, and
LuCI's E() function rendered it as literal "null" text. Fixed by
using empty fragment when no warning needed.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The refreshView() call was aborting the pending configureAcquisition
XHR request by triggering new API calls. Now only updates the button
state without a full view refresh.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
CrowdSec on OpenWrt doesn't support "source: command" acquisition.
Changed to file-based acquisition reading /var/log/messages.
Also configures busybox syslog to write to file automatically.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When SSH logging is enabled in the wizard, automatically:
- Set dropbear.@dropbear[0].verbose=1 to log auth failures
- Restart dropbear to apply changes
This ensures CrowdSec can detect SSH brute force attempts.
Without verbose mode, Dropbear doesn't log failed auth to syslog.
Also enable uhttpd syslog when HTTP logging is enabled.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Scan ALL nftables sets (CAPI, cscli, etc.) instead of just base set
- Display blocked IPs count by origin (Community vs Local)
- Show sample of blocked IPs with Unban button
- Add ipv4_capi_count, ipv4_cscli_count, ipv4_total_count to API response
- Support for 14,000+ community blocklist IPs
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add health_check API with LAPI/CAPI/Console status verification
- Add capi_metrics API for community blocklist statistics
- Add hub_available, install_hub_item, remove_hub_item APIs
- Add System Health panel to overview with visual status indicators
- Add CAPI Blocklist section showing community vs local decisions
- Add Installed Collections card with version display
- Fix settings.js syntax error (missing comma)
- Fix metrics.js null display in acquisition statistics
- Update ACL file with new RPC method permissions
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New features:
- New RPCD method: acquisition_metrics for detailed stats
- Realtime metrics display with 10-second polling
- Visual stat cards: lines read, parsed, unparsed, buckets
- Parse rate progress bar with color coding
- Active acquisition sources badges
- Rate calculation (events/sec) between polls
- Live update indicator with timestamp
API changes:
- Added getAcquisitionMetrics() to API layer
- Added acquisition_metrics to ACL permissions
Bumped version to 0.7.0-17
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Portal (luci-app-secubox-portal):
- Fix service status showing 0/9 by checking if init scripts exist
- Only count installed services in status display
- Use pgrep fallback when init script status fails
nDPId Dashboard (luci-app-ndpid):
- Add default /etc/config/ndpid configuration
- Add /etc/init.d/ndpid-compat init script
- Enable compat service in postinst for app detection
- Fix Makefile to install init script and config
CrowdSec Dashboard:
- Add CLAUDE.md with OpenWrt-specific guidelines (pgrep without -x)
- CSS fixes for hiding LuCI left menu in all views
- LAPI repair improvements with retry logic
New Packages:
- secubox-app-crowdsec: OpenWrt-native CrowdSec package
- secubox-app-netifyd: Netifyd DPI integration
- luci-app-secubox: Core SecuBox hub
- luci-theme-secubox: Custom theme
Removed:
- luci-app-secubox-crowdsec (replaced by crowdsec-dashboard)
- secubox-crowdsec-setup (functionality moved to dashboard)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Stop CrowdSec before repair for clean state
- Create all required directories with proper permissions
- Regenerate local_api_credentials.yaml if missing
- Wait for LAPI port 8080 with retries before machine registration
- Use 30s timeout for repair operations
- Add retry logic for final LAPI verification
- Better error reporting with detailed steps
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Complete rewrite of Media Flow dashboard with modern dark theme
- Add inline CSS similar to nDPId dashboard style
- Add stats grid with flow count, stream count, service status
- Add clean cards for active streams display
- Add SecuBox header to CrowdSec overview page
- Fix sidebar visibility in CrowdSec pages
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add recovery/reset mode to CrowdSec wizard for bouncer registration issues
- Handle existing bouncer detection with database-level cleanup fallback
- Fix Media Flow pgrep -x issue and add start/stop service ACL permissions
- Fix duplicate nav bar in CrowdSec wizard with aggressive CSS hiding
- Add shared SecuBox header component for consistent navigation
- Fix all portal app links to match actual menu.d paths
- Add UI switcher between SecuBox Portal and standard LuCI
- Hide OpenWrt header and sidebar in SecuBox mode
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create nav.js for Client Guardian with SecuBox themed tabs
- Create nav.js for CrowdSec dashboard with themed navigation
- Update all Client Guardian views to use CgNav.renderTabs()
- Update all CrowdSec views to use CsNav.renderTabs()
- Update Client Guardian menu.json paths from /client-guardian/ to /guardian/
- Hide default LuCI tabs via CSS injection for both dashboards
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add console_status, console_enroll, console_disable RPCD methods
- Insert Console enrollment as Step 2 in the 7-step wizard
- Add API declarations and ACL permissions for console operations
- Enable share_manual_decisions, share_tainted, share_context by default on enrollment
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add repair_lapi() RPCD method to auto-fix LAPI configuration issues:
- Creates /srv/crowdsec/data directory if missing
- Fixes data_dir and db_path in config.yaml
- Re-registers localhost machine if needed
- Restarts CrowdSec and verifies LAPI is working
- Fix register_bouncer() to handle existing bouncers:
- Deletes existing bouncer before re-registering
- Gets fresh API key on re-registration
- Fix update_firewall_bouncer_config() UCI path:
- Changed from crowdsec.bouncer.$key to crowdsec.@bouncer[0].$key
- Added api_key to allowed parameters
- Rewrite metrics.js with SecuBox cyber-card theming:
- Use Theme.init() for proper theme initialization
- Replace cs-* classes with cyber-* classes
- Add CSS variable fallbacks for light/dark theme support
- Fix hub data parsing for proper component counts
- Add theme require to wizard.js
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Changed form sections from type 'secubox' to match actual UCI config
- General/Dashboard/Module/Notification sections now use type 'core'
- Alert Thresholds section now uses type 'diagnostics'
- Security Settings section now uses type 'security'
- Advanced Settings section uses type 'core'
- Fixes "This section contains no values yet" errors
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- cscli metrics sometimes outputs empty string keys ("": {...})
- This causes RPC parsing errors in LuCI
- Added sed filter to replace empty keys with "unknown"
- Fixes "No related RPC reply" error in metrics view
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add parseScenario() to format scenario names
- Add getCountryFlag() to display country flag emojis
- Add formatRelativeTime() for relative timestamps
- Fix decisions data flattening in handleUnban, handleBulkUnban, submitBan, and polling
- Fix getDashboardData to properly flatten alerts->decisions structure
- Fix context error in overview renderDecisionsTable (this vs self)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix invisible checkboxes in Step 3 collections:
- Add explicit inline styles to checkbox inputs
- Set width: 18px, height: 18px with cursor: pointer
- Add 'for' attribute to label for better click handling
- Replace null rendering with empty element E([])
- Fixes "null" text appearing on screen
Issue: Collection items not selectable, checkboxes invisible
Cause: Checkboxes may be hidden by browser default styles
Solution: Add explicit inline styles and proper label association
Frontend Changes:
- htdocs/luci-static/resources/view/crowdsec-dashboard/wizard.js
- Add inline styles to checkbox inputs
- Add 'for' attribute linking label to checkbox
- Replace ': null' with ': E([])' to avoid "null" text
Checkboxes now have:
- Explicit dimensions (18x18px)
- Proper cursor styling
- Label association via 'for' attribute
- No more "null" text rendering
Version: 0.6.0-7
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix Next button remaining disabled despite correct status:
- Change renderStep1 to read from data parameter instead of wizardData
- Read status.crowdsec and status.lapi_status from passed data
- Ensures button state reflects actual API response
Issue: Next button not clickable even with LAPI available
Cause: renderStep1 reading from stale wizardData instead of fresh data
Solution: Read from data parameter passed by render()
Frontend Changes:
- htdocs/luci-static/resources/view/crowdsec-dashboard/wizard.js
- renderStep1: Read from data.status instead of this.wizardData
- Extract crowdsecRunning and lapiAvailable from data parameter
Version: 0.6.0-5
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix missing navigation buttons in wizard:
- Add explicit CSS loading in render() method
- Use L.resource() to load wizard.css
- Inject <link> tag into document head
- Ensures wizard styling is applied
Issue: Navigation buttons (Cancel, Next) not visible
Cause: wizard.css was not being loaded
Solution: Add CSS file loading in render method
Frontend Changes:
- htdocs/luci-static/resources/view/crowdsec-dashboard/wizard.js
- Add CSS link injection in render()
- Load crowdsec-dashboard/wizard.css via L.resource()
Version: 0.6.0-4
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix wizard Next button being disabled issue:
- Add lapi_status field to get_status() RPC method
- Check LAPI availability using 'cscli lapi status'
- Returns 'available' or 'unavailable' status
- Enables wizard to proceed when LAPI is accessible
Backend Changes:
- root/usr/libexec/rpcd/luci.crowdsec-dashboard
- Add LAPI status check before json_dump
- Run 'cscli lapi status' to verify Local API accessibility
Issue: Wizard showed LAPI as UNAVAILABLE even when working
Cause: Missing lapi_status field in status RPC response
Solution: Add LAPI availability check to backend
Version: 0.6.0-3
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix file permissions for wizard.js and wizard.css:
- Change from 600 (root-only) to 644 (world-readable)
- Allows web server to serve JavaScript and CSS files
- Resolves HTTP 403 Forbidden error when loading wizard
Files Fixed:
- htdocs/luci-static/resources/view/crowdsec-dashboard/wizard.js
- htdocs/luci-static/resources/crowdsec-dashboard/wizard.css
Version: 0.6.0-2
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Added missing RPCD ACL permissions for the new firewall bouncer
management methods to resolve "Access denied" errors.
ACL Changes:
- Added read permissions:
* firewall_bouncer_status - Get service and nftables status
* firewall_bouncer_config - Read UCI configuration
* nftables_stats - Get blocked IPs and rules statistics
- Added write permissions:
* control_firewall_bouncer - Start/stop/restart/enable/disable service
* update_firewall_bouncer_config - Modify UCI settings
These permissions allow the bouncers page to fully manage the firewall
bouncer service through the LuCI web interface.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Enhanced CrowdSec Dashboard bouncers page with comprehensive firewall
bouncer management capabilities.
New Features:
- Dedicated Firewall Bouncer management card with 3 status panels:
* Service Status: Running/stopped, boot start enabled/disabled, configured status
* Blocked IPs: Real-time IPv4/IPv6 blocked IP counts with View Details modal
* nftables Status: IPv4/IPv6 table active status
- Service Control Buttons:
* Start/Stop service (contextual based on current state)
* Restart service
* Enable/Disable boot start (contextual)
* Configuration viewer
- Real-time Updates:
* Auto-refresh every 10 seconds via polling
* Manual refresh button
* Live status badge updates
- nftables Details Modal:
* Lists all blocked IPv4 addresses (scrollable)
* Lists all blocked IPv6 addresses (scrollable)
* Shows IPv4/IPv6 rules count
* Formatted with monospace font
- Configuration Viewer Modal:
* Displays all UCI configuration settings
* Shows enabled/disabled status
* Shows IPv4/IPv6 support
* Shows API URL, update frequency, deny action
* Shows deny logging and log prefix
* Shows configured network interfaces
* Handles unconfigured state with installation prompt
UI Enhancements:
- Responsive grid layout for status cards
- Color-coded status indicators (green=active, red=stopped, gray=disabled, yellow=warning)
- Material design badges for all status indicators
- Visual feedback for all operations with notifications
- Loading spinners for async operations
- Professional styling consistent with SecuBox theme
Integration:
- Utilizes new API methods: getFirewallBouncerStatus, controlFirewallBouncer,
getFirewallBouncerConfig, getNftablesStats
- Error handling with user-friendly notifications
- Proper promise chaining and async/await patterns
Technical Details:
- Added renderFirewallBouncerCard() method (125 lines)
- Added handleFirewallBouncerControl() method for service actions
- Added handleFirewallBouncerRefresh() for manual/auto refresh
- Added showNftablesDetails() modal for blocked IPs
- Added showFirewallBouncerConfig() modal for UCI settings
- Enhanced load() to fetch firewall bouncer data
- Updated polling to refresh firewall bouncer status
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
