secubox-openwrt

Author	SHA1	Message	Date
CyberMind-FR	e58f479cd4	feat(waf): Update WAF scenarios with 2024-2025 CVEs and OWASP threats Add detection patterns for latest actively exploited vulnerabilities: - CVE-2025-55182 (React2Shell, CVSS 10.0) - CVE-2025-8110 (Gogs RCE), CVE-2025-53770 (SharePoint) - CVE-2025-52691 (SmarterMail), CVE-2025-40551 (SolarWinds) - CVE-2024-47575 (FortiManager), CVE-2024-21887 (Ivanti) - CVE-2024-3400, CVE-2024-0012, CVE-2024-9474 (PAN-OS) New attack categories based on OWASP Top 10 2025: - HTTP Request Smuggling (TE.CL/CL.TE conflicts) - AI/LLM Prompt Injection (ChatML, instruction markers) - WAF Bypass techniques (Unicode normalization, double encoding) - Supply Chain attacks (CI/CD poisoning, dependency confusion) - Extended SSTI (Jinja2, Freemarker, Velocity, Thymeleaf) - API Abuse (BOLA/IDOR, mass assignment) CrowdSec scenarios split into 11 separate files for reliability. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-12 05:02:57 +01:00
CyberMind-FR	0e5965dd6c	fix(client-guardian): Restore original menu path	2026-02-10 20:07:22 +01:00
CyberMind-FR	0a3b1dfc6e	feat(secubox-core): Add double-buffer status cache and fix LED blocking - Remove mmc0 LED from heartbeat loop (was causing LED freeze) - Implement background status_collector_loop() with staggered intervals - Add 10 cache files at /tmp/secubox/*.json for instant status reads - Add status_cached RPCD methods to 6 packages: - luci.crowdsec-dashboard - luci.mitmproxy - luci.secubox-netifyd - luci.client-guardian - luci.mac-guardian - luci.network-anomaly Dashboards and APIs now read pre-computed JSON cache instead of spawning subprocesses, eliminating blocking during concurrent requests. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-06 16:34:35 +01:00
CyberMind-FR	c5e22fd08d	refactor(nav): Unify navigation component with auto-theme initialization SecuNav.renderTabs() now automatically initializes theme and loads CSS, eliminating boilerplate from views. Added renderCompactTabs() for nested modules and renderBreadcrumb() for back-navigation. Updated module navs: cdn-cache, client-guardian, crowdsec-dashboard, media-flow, mqtt-bridge, system-hub. Removed ~1000 lines of duplicate CSS. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-05 03:42:32 +01:00
CyberMind-FR	304ac7b9a1	feat: P2P App Store, Remote Access & Mesh Media packages P2P App Store Emancipation: - secubox-p2p: Package distribution via mesh peers (CGI API, RPCD, CLI) - packages.js: LuCI view with LOCAL/PEER badges, fetch/install actions - devstatus.js: Dev Status widget with Gitea commits, v1.0 progress tracking - secubox-feed: sync-content command for auto-installing content packages - ACL fix for P2P feed RPCD methods Remote Access: - secubox-app-rustdesk: Native hbbs/hbbr relay server from GitHub releases - secubox-app-guacamole: LXC Debian container with guacd + Tomcat (partial) Content Distribution: - secubox-content-pkg: Auto-package Metablogizer/Streamlit as IPKs - Auto-publish hooks in metablogizerctl and streamlitctl Mesh Media: - secubox-app-ksmbd: In-kernel SMB3 server with ksmbdctl CLI - Pre-configured shares for Jellyfin, Lyrion, Backup UI Consistency: - client-guardian: Ported to sh-page-header chip layout - auth-guardian: Ported to sh-page-header chip layout Fixes: - services.js: RPC expect unwrapping bug fix - metablogizer: Chunked upload for uhttpd 64KB limit Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-05 00:33:53 +01:00
CyberMind-FR	14af23774a	fix(client-guardian): Safe defaults + emergency clear + safety limits BREAKING: Default policy changed from quarantine to open - Disabled by default (was enabled) - Default policy: open (was quarantine - blocked new devices!) - Auto-zoning: disabled by default - Auto-parking zone: lan_private (was guest) - Night block schedule: disabled by default - Threat auto-ban: disabled by default Safety mechanisms added: - MAX_BLOCKED_DEVICES limit (10) prevents mass blocking - check_safety_limit() function validates before blocking - clear_all_cg_rules() emergency function via RPCD - safety_status RPCD method to check current state UI improvements: - Added warnings for restrictive policies - Reordered options (safe options first) - Clearer descriptions of consequences Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-30 19:46:26 +01:00
CyberMind-FR	5b55ab3ef9	feat: Dashboard reorganization and auth security fixes - Move Debug Console from Client Guardian to System Hub - Add Auto-Zoning Rules dedicated view in Client Guardian - Add public pages for Bug Bounty and Crowdfunding (no ACL) - Fix auth-logger to only detect real login attempts - Add private IP whitelist for CrowdSec (RFC1918 ranges) - Update navigation menus across all apps - Bump secubox-auth-logger to v1.2.2 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-14 09:32:14 +01:00
CyberMind-FR	7df952c2a7	feat: Add SecuBox portal header to Client Guardian, Media Flow, and Netdata views Adds the unified SecuBox portal header navigation to: - Client Guardian: overview, clients, zones, logs, alerts, parental, settings - Media Flow: dashboard - Netdata Dashboard: dashboard, settings This hides the LuCI sidebar and provides consistent SecuBox navigation across all dashboards when accessed from the SecuBox Portal. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-09 15:33:14 +01:00
CyberMind-FR	ed52af6ab9	feat(theming): Add custom navigation tabs to Client Guardian and CrowdSec dashboards - Create nav.js for Client Guardian with SecuBox themed tabs - Create nav.js for CrowdSec dashboard with themed navigation - Update all Client Guardian views to use CgNav.renderTabs() - Update all CrowdSec views to use CsNav.renderTabs() - Update Client Guardian menu.json paths from /client-guardian/ to /guardian/ - Hide default LuCI tabs via CSS injection for both dashboards Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-09 13:44:11 +01:00
CyberMind-FR	4dc1a6b74c	feat: Add WAN zone to default Client Guardian config	2026-01-08 17:01:46 +01:00
CyberMind-FR	c162235268	chore: Bump luci-app-client-guardian to 0.4.0-5	2026-01-08 17:00:45 +01:00
CyberMind-FR	f5c80869df	feat: Add WAN/Internet zone to all Client Guardian profiles (v0.6.0-r33) - Added "wan" zone to all network profiles (family_home, small_business, etc.) - Zone provides internet access without local network access - Allows users to easily grant internet-only access to clients Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-08 17:00:13 +01:00
CyberMind-FR	1788dcf6d2	chore: Bump luci-app-client-guardian to 0.4.0-4	2026-01-08 16:54:49 +01:00
CyberMind-FR	d8f5fcd6e4	fix: Client Guardian remove_client_rules now uses section names (v0.6.0-r32) - Fix duplicate firewall rules issue by using section names instead of indices - UCI section deletion now properly handles all rules for a MAC address - Prevents index shifting problems when deleting multiple rules Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-08 16:54:23 +01:00
CyberMind-FR	9c7bbe513c	chore: Bump luci-app-client-guardian to 0.4.0-3	2026-01-08 16:30:09 +01:00
CyberMind-FR	179224296a	fix: Client Guardian zone changes now properly apply firewall rules (v0.6.0-r31) - Remove duplicate apply_client_rules function (second definition was overriding first) - Improve zone-based firewall rule application: - Proper MAC address normalization (uppercase) - Clean rule names without colons (CG_BLOCK_AABBCCDD) - Quarantine zone blocks WAN but allows DNS/DHCP - Zone settings (internet_access, local_access) properly applied - Firewall reload is now synchronous for immediate effect - Improve remove_client_rules to find and delete all CG_ prefixed rules - Add debug logging for troubleshooting Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-08 16:25:10 +01:00
CyberMind-FR	b7fb268f71	feat: Fix Client Guardian RPC, redesign Netifyd devices UI (v0.6.0-r26) - Fix Client Guardian JS files: replace invalid 'require X as Y' syntax with direct RPC declarations (LuCI doesn't support as alias) - Add factory default profile to Client Guardian profiles.json - Redesign Netifyd devices page with modern card-based UI: - Device type detection with emoji icons - Gradient summary cards for stats - Responsive grid layout - Traffic distribution bars - Real-time refresh with pulse animation - Fix Netifyd RPC calls: use correct luci.secubox-netifyd object name - Add WAN access control feature to secubox-admin Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-08 13:52:45 +01:00
CyberMind-FR	b610239551	ok	2026-01-08 09:08:46 +01:00
CyberMind-FR	47975483c5	feat: Add wizard integration to Client Guardian (v0.6.0-r25) - Add wizard.js view for setup wizard integration - Profile-based configuration (family, iot, secure, business templates) - Apply zone settings from wizard profiles - Integration with SecuBox Admin wizard system 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-08 08:48:22 +01:00
CyberMind-FR	0564de0811	feat: Remove captive portal and add auto-zoning to Client Guardian (v0.6.0-r24) Major enhancements to Client Guardian: Removed Captive Portal: - Deleted portal.js and captive.js views - Removed portal configuration from UCI - Removed portal RPC methods (get_portal, update_portal, list_sessions, authorize_client, deauthorize_client) - Cleaned menu and ACL definitions - Updated default policy from 'captive' to 'quarantine' Added Auto-Zoning System: - Implemented get_vendor_from_mac() for OUI lookups - Added apply_auto_zoning() with rule-based zone assignment - Support for vendor, hostname pattern, and MAC prefix matching - 8 pre-configured auto-zoning rules (IoT devices, mobile, guests) - Auto-parking zone for unmatched clients - GridSection UI for managing auto-zoning rules Threat Intelligence Integration: - Added threat_policy UCI section - Auto-ban/quarantine based on threat score thresholds - Threat indicators on client displays - Integration with Security Threats Dashboard Dashboard Improvements: - Fixed boolean conversion (UCI "true"/"false" to JSON 0/1) - Fixed RPC expect parameter issues causing empty arrays - Added real-time polling with configurable intervals - Removed all window.location.reload() calls - Smooth DOM updates without page flickers Settings Enhancements: - Added reactiveness section (auto-refresh toggle, interval) - Added threat intelligence settings - Removed captive portal settings section - Updated policy descriptions 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-08 08:44:39 +01:00
CyberMind-FR	e7c9411d79	feat: Release v0.8.2 - Admin Control Center, Documentation Mirror & Docker Automation This release adds major new features for SecuBox management and deployment: ## New Features ### 1. LuCI Admin Control Center (luci-app-secubox-admin) - Unified admin dashboard for managing all SecuBox appstore plugins - Control Panel: Real-time stats, system health, alerts, quick actions - Apps Manager: Browse catalog, install/remove apps with search & filtering - App Settings: Per-app configuration, start/stop controls - System Health: Live monitoring (CPU, RAM, disk) with auto-refresh - System Logs: Centralized log viewer with download capability - Fully integrated with existing RPCD backend (luci.secubox) - Mobile-responsive design with polished UI components ### 2. Documentation Mirror in SecuBox Bonus - Integrated complete development documentation into luci-app-secubox-bonus - 64+ documentation files now available offline at /luci-static/secubox/docs/ - Beautiful landing page (index-main.html) with 4 sections: - Development guides & references - Live module demos - Tutorials & blog posts - Marketing campaign pages - Accessible locally on router without internet connection ### 3. Automated Docker Plugin Installation - Enhanced secubox-appstore CLI with full Docker automation - One-click installation from web UI now fully automated: - Auto-detects Docker runtime from catalog - Discovers and executes control scripts (ctl install) - Pulls Docker images automatically - Creates directories and configures UCI - Enables init services - No manual CLI steps required for Docker apps - Works for all Docker apps: AdGuard Home, Mail-in-a-Box, Nextcloud, etc. ### 4. Mail-in-a-Box Plugin - New Docker-based email server plugin (secubox-app-mailinabox) - Complete package with: - UCI configuration (8 port mappings, feature flags) - Control script (mailinaboxctl) with install/check/update/status/logs - Procd init script with auto-restart - Catalog manifest (category: hosting, maturity: beta) - Network mode: host (required for mail server) - Persistent storage: mail, SSL, data, DNS volumes ## Improvements ### Build System - Updated local-build.sh to include luci-app- packages from package/secubox/ - Now automatically discovers and builds luci-app-secubox-admin and similar packages - Fixed Makefile include paths for feed structure ### Package Releases - Incremented PKG_RELEASE for all 31 SecuBox packages - Ensures clean upgrade path from previous versions ### Catalog Updates - Mail-in-a-Box entry moved from "productivity" to "hosting" category - Status changed to "beta" reflecting community Docker image maturity - Storage requirement increased: 1024MB → 2048MB - Added port 25 accessibility note ## Files Changed ### New Packages (2) - package/secubox/luci-app-secubox-admin/ (12 files) - package/secubox/secubox-app-mailinabox/ (4 files) ### Enhanced Packages (1) - package/secubox/luci-app-secubox-bonus/ (65 new docs files) ### Modified Core (3) - package/secubox/secubox-core/root/usr/sbin/secubox-appstore - package/secubox/secubox-core/root/usr/share/secubox/catalog.json - secubox-tools/local-build.sh ### All Makefiles (31 packages) - Incremented PKG_RELEASE for clean upgrade path ## Technical Details Admin Control Center Architecture: - Frontend: 5 views (dashboard, apps, settings, health, logs) - API: Wrapper around luci.secubox RPCD methods - Components: Reusable UI library (cards, badges, alerts, loaders) - Styling: Common + admin-specific CSS with responsive design - Auto-refresh: Polling for live updates (5-30s intervals) Docker Automation Flow: ``` Web UI → RPCD → secubox-appstore CLI → opkg install → ctl install → docker pull → directories → UCI config → init enable → ✓ Ready ``` Access Points:* - Admin Control: http://router/cgi-bin/luci/admin/secubox/admin/ - Documentation: http://router/luci-static/secubox/index-main.html - Demos: http://router/luci-static/secubox/demo-*.html 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-04 08:29:31 +01:00
CyberMind-FR	4325197e35	fix(packages): add PKG_ARCH:=all and resolve build conflicts - Add PKG_ARCH:=all to all 29 SecuBox packages for architecture independence - Fix secubox-core: remove /var directory creation (conflicts with OpenWRT symlink) - Fix luci-app-secubox: remove PKG_FILE_MODES causing build errors - Refactor luci-app-network-tweaks: migrate files/ to root/ structure - Set correct permissions on fix-permissions.sh (755) Fixes: - secubox-core now builds successfully (no /var conflict) - luci-app-secubox installs without file conflicts - All packages properly marked as architecture-independent 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-02 07:45:37 +01:00
CyberMind-FR	31a87c5d7a	feat(structure): reorganize luci-app packages into package/secubox/ + appstore migration Major structural reorganization and feature additions: ## Folder Reorganization - Move 17 luci-app-* packages to package/secubox/ (except luci-app-secubox core hub) - Update all tooling to support new structure: - secubox-tools/quick-deploy.sh: search both locations - secubox-tools/validate-modules.sh: validate both directories - secubox-tools/fix-permissions.sh: fix permissions in both locations - .github/workflows/test-validate.yml: build from both paths - Update README.md links to new package/secubox/ paths ## AppStore Migration (Complete) - Add catalog entries for all remaining luci-app packages: - network-tweaks.json: Network optimization tools - secubox-bonus.json: Documentation & demos hub - Total: 24 apps in AppStore catalog (22 existing + 2 new) - New category: 'documentation' for docs/demos/tutorials ## VHost Manager v2.0 Enhancements - Add profile activation system for Internal Services and Redirects - Implement createVHost() API wrapper for template-based deployment - Fix Virtual Hosts view rendering with proper LuCI patterns - Fix RPCD backend shell script errors (remove invalid local declarations) - Extend backend validation for nginx return directives (redirect support) - Add section_id parameter for named VHost profiles - Add Remove button to Redirects page for feature parity - Update README to v2.0 with comprehensive feature documentation ## Network Tweaks Dashboard - Close button added to component details modal Files changed: 340+ (336 renames with preserved git history) Packages affected: 19 luci-app, 2 secubox-app, 1 theme, 4 tools 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-01 14:59:38 +01:00

23 Commits