gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,574 Commits 4 Branches 295 Tags 345 MiB
349b20a750
Commit Graph

4 Commits

Author SHA1 Message Date
CyberMind-FR
d92b3360ea feat(repo): Add unified repo-deploy.sh and multi-arch support 
- Add repo-deploy.sh script for staging and deploying packages
- Replicate _all.ipk packages to all 6 architectures automatically
- Add "Refresh Indexes" button to LuCI dashboard for local deployments
- Add RPCD refresh method to regenerate Packages indexes on-device
- Support architectures: aarch64_cortex-a72, aarch64_cortex-a53,
  aarch64_generic, x86_64, mips_24kc, mipsel_24kc

Usage:
  ./secubox-tools/repo-deploy.sh stage --clean
  ./secubox-tools/repo-deploy.sh deploy root@192.168.255.1

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-03-19 07:48:59 +01:00
CyberMind-FR
c69ae43961 feat(interceptor,ddos): Add Insider WAF pillar and DDoS hardening profile 
InterceptoR Insider WAF (6th pillar):
- RPCD: get_insider_waf_status() tracking LAN client threats
- Dashboard: 🔒 Insider WAF card with threat stats
- CrowdSec scenarios for insider threats:
  - C2 beacon, exfiltration, DNS tunneling, lateral movement
  - Cryptominer, IoT botnet, suspicious TLDs, high volume

DDoS Protection Hardening:
- Config Advisor: 8 DDoS checks (SYN cookies, conntrack, RP filter,
  ICMP rate, CrowdSec http-dos, HAProxy maxconn, mitmproxy WAF, Vortex)
- ANSSI rules: New "ddos" category with remediation steps
- Documentation: DOCS/DDOS-PROTECTION.md with full guide

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-12 10:46:16 +01:00
CyberMind-FR
714313633b fix(config-advisor): BusyBox ash compatibility fixes 
- Replace bash arrays with POSIX loops in scoring.sh
- Replace bc with shell arithmetic (bc not available on OpenWrt)
- Wrap RPCD handlers in functions for local keyword compatibility
- Fix process substitution < <() to use pipe instead

Tested on router: CLI and RPCD working, score calculation correct.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-06 06:08:28 +01:00
CyberMind-FR
0f4649c1e0 feat(config-advisor): Add ANSSI CSPN compliance checking packages 
secubox-config-advisor:
- 7 check categories (network, firewall, auth, encryption, services, logging, updates)
- 25+ security rules with severity-weighted scoring (0-100, grade A-F)
- Auto-remediation for 7 checks with dry-run mode
- LocalAI integration for AI-powered suggestions
- config-advisorctl CLI with 20+ commands

luci-app-config-advisor:
- Dashboard with score circle, grade, risk level, compliance rate
- Compliance view by category with pass/fail/warn badges
- Remediation view with apply/preview buttons
- Settings for framework, weights, categories, LocalAI

Part of v1.0.0 ANSSI CSPN certification roadmap.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-06 05:56:17 +01:00