- Add usign dependency for package signing
- Sign Packages files after generation in repo-sync
- Generate signing keys automatically if not present
- Remove duplicate ACL file (now only in luci-app-repo)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Auto-create repo directories on install
- Detect device architecture and configure customfeeds.conf
- Add prerm script to cleanup on uninstall
- Points opkg to local repo at 192.168.255.1:8888
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- WAF blocked now counts mitmproxy scenario decisions (1031 blocks)
- Removed waf_threats field (redundant with waf_blocked)
- Fixed dashboard to show 3 WAF stats: Bans, Alerts, Blocked
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
UI:
- Clean card grid with colored stat values
- Services status bar (HAProxy, WAF, CrowdSec) with glowing dots
- Two-panel layout for WAF/Security and Connections
- Live clock with pulsing indicator
- Proper KissTheme.wrap() integration
Performance:
- Double-buffer cache at /tmp/secubox/metrics-cache.json
- 30s TTL with async background refresh
- Cron job for periodic cache updates
- Instant RPCD response (no computation on request)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
mitmproxy's haproxy_router.py addon already implements hot-reload:
- Checks routes file mtime on every request
- Auto-reloads when file changes
Removed unnecessary mitmproxy restart after adding routes.
Just ensure file permissions are correct (644) for hot-reload to work.
This makes publishing faster and avoids service disruption.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add mitmproxy restart after _add_mitmproxy_route() to load new routes
- mitmproxy loads routes at startup only, so restart is required
- Run restart in background to avoid blocking publish command
Also fixed on router:
- Disabled health check for mitmproxy_inspector backend
- HAProxy health check fails because mitmproxy returns 404 for
requests without valid Host header
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Changed vhost backend from direct metablog_* to mitmproxy_inspector
- Added original_backend tracking for mitmproxy route resolution
- Changed server address from 192.168.255.1 to 127.0.0.1
- Added _add_mitmproxy_route helper for route registration
- Fixed both cmd_publish() and _emancipate_haproxy() functions
This ensures all newly published sites go through WAF inspection
rather than bypassing security checks.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- RPCD handler returns immediately with job_id (~0.04s)
- Background script uses file output to avoid pipe inheritance issues
- LuCI JS polls job_status every 2s until completion
- Uses setsid for proper process detachment
- jsonfilter for reliable parameter parsing
Fixes "Failed to publish" error caused by ubus timeout during
40+ second publish operations.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- dropletctl: Remove pipe to grep that blocked on background children
- metablogizerctl: Background HAProxy generate/reload (~90s with 95 certs)
- dpi-lan-collector: Pre-compute flow counts in single pass instead of
spawning grep per client (eliminates broken pipe errors)
Publish time reduced from ~2 min to ~35 seconds.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add headless UCI option to use mitmdump instead of mitmweb
- Enable headless by default for WAF (mitmproxy-in) instance
- Increase default memory limit from 256MB to 2GB
- Fix LXC config generation to always recreate on service start
- Fix rootfs check path (/usr/local/bin not /usr/bin)
- Use exec in startup script for proper foreground execution
Headless mode runs mitmdump (CLI) instead of mitmweb (web UI),
saving ~3.3GB RAM while maintaining full WAF functionality.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- New heatmap.js component with SVG world map and country centroids
- Colored dots show threat distribution: orange (local), cyan (CAPI), red (WAF)
- Dot size scales logarithmically with threat count (4-20px)
- Hover tooltips show country code and count
- Added geo_local_raw and geo_capi_raw fields to RPCD backend
- CAPI geo extraction from decisions with GeoIP metadata
- CSS styling for heatmap container, dots, and legend
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Changed waf_bans_today to count all mitmproxy-* scenarios instead of
only mitmproxy-waf (which doesn't exist). Now correctly counts
mitmproxy-scanner, mitmproxy-botscan, etc.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Make refresh_cache async to prevent rpcd watchdog kills
- Fix JSON escaping for top_scenarios/countries arrays
- Show decisions as "Active Bans" when alerts_raw is empty
- Display ban expiry time instead of creation time
- Update cron to run cache refresh in background
Fixes LuCI crashes caused by 16s blocking refresh calls.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- alerts_24h now uses local_decisions count instead of empty file
- top_scenarios_raw now extracts from decisions JSON (was parsing CAPI metrics)
- top_countries_raw now correctly parses IsoCode from alerts GeoIP metadata
- Double-buffer caching via cron job already in place
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rewrite smtp-relay/settings.js with proper KISS theme styling
- Rewrite secubox-users/overview.js with proper KISS theme styling
- Use KissTheme.wrap() for consistent dark theme rendering
- Add stat cards with colored values matching mailserver reference
- Add proper form styling with inline CSS variables
- Add NZB tools (SABnzbd, NZBHydra) to KISS menu Downloads
- Add webtorrent to portal tree Downloads category
- Fix portal tree webtorrent pattern
KISS = Keep It Simple Sexy
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The updateUI function was incorrectly disabling the Rescan button when
Lyrion was running. Rescan should only be enabled when running.
- Split forEach into separate button handlers
- Start button: disabled when running (correct)
- Rescan button: disabled when NOT running (fixed)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Optimize exposure RPCD: O(n) single-pass awk parsing for vhost_list
and ssl_list (fixes XHR timeout on 200+ vhosts)
- Fix portal tree URLs: Use get_menu_path() to read actual LuCI menu
paths from JSON instead of hardcoded paths
- Add Downloads category to portal tree (torrent, droplet patterns)
- Add new apps to System category (config-vault, reporter, smtp-relay,
rtty, dpi-dual, metacatalog)
- Enhance KISS theme menu: Add Downloads, Monitoring categories
- Fix Lyrion URL: Use HTTPS vhost instead of dynamic port URL
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move Web Interface section to top for visibility
- Always show Open Lyrion Web UI button with dynamic URL
- Display URL text next to button
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove KissTheme dependency, use direct RPC calls
- Dark theme colors (#12121a, #1a1a24, #00d4aa, #00a0ff)
- Update common.css with matching dark styles
- Simplified DOM rendering with inline styles
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove KissTheme dependency, use standard LuCI with inline styles
- Dark theme matching SecuBox palette (#12121a, #1a1a24, #00d4aa, #00a0ff)
- Simplified view with direct DOM rendering instead of form.Map
- Cards grid layout for status, WiFi interfaces, DHCP, config
- Inline Trust/Block action buttons with proper styling
- Responsive tables for clients and alerts
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change menu path from /admin/secubox/security/threat-analyst to
/admin/services/threat-analyst for proper placement
- Rewrite dashboard.css with dark theme colors matching SecuBox palette
(#12121a, #1a1a24, #0a0a12 backgrounds; #00d4aa, #00a0ff accents)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
WAF Dashboard:
- Use cached bans from cron (waf-stats-update) instead of slow cscli
- Fixes "Failed to load bans" timeout issue
DPI Dual-Stream:
- Add LAN Flow Analysis card showing active clients, destinations, protocols
- LAN passive flow analysis was working but not displayed
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update lastUpdate to 2026-03-16
- Update layer progress: core 98%, ai 95%, mirrornet 90%, certification 75%
- Mark milestones v0.18, v0.19, v1.0 as completed
- Add v1.1 Extended Mesh as in-progress
- Update stats: 190 packages, 243 vhosts, 174 WAF routes, 1850 commits
- Update feature status: AI security, AI memory, mesh network to production
- Update config-management to production with config-vault
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- New secubox-app-smtp-relay package with centralized SMTP config
- Shared library with send_mail(), send_html_mail(), send_text_mail()
- CLI: smtp-relayctl with status/test/send/configure/admin commands
- RPCD: 5 methods for LuCI integration
- LuCI settings page with mode selection and test button
- Modes: external (SMTP server), local (auto-detect mailserver), direct
- Migrated reporter and bandwidth-manager to use shared library
- Backwards-compatible fallback to legacy per-app config
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Changed pgrep to detect mitmproxy-in container only
- mitmproxy-out removed from deployment (not needed for WAF)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove unused application field concatenation causing "TCPnull" display
- Sort protocols by flow count instead of non-existent bytes field
- Simplify protocol card to show protocol name and flow count only
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
BusyBox sh doesn't support 'local' outside of functions.
Remove all 'local' keywords and fix orphaned variable declarations.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rewrite client/destination collection using awk instead of pipe/while
(BusyBox shell subshell limitations with variable scope)
- Use conntrack for flow counting per client
- Use pgrep -f for process detection (truncated process names)
- Compatible with nDPId instead of netifyd
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Real-time passive flow monitoring on br-lan for network analysis:
- dpi-lan-collector service watches netifyd flows in real-time
- Tracks active clients, external destinations, and protocols
- Per-client bandwidth and flow statistics
- Protocol/application detection via nDPI
- Zero latency impact - pure passive observation
LuCI integration:
- New "LAN Flows" dashboard view with real-time updates
- RPCD methods: get_lan_status, get_lan_clients, get_lan_destinations, get_lan_protocols
- Settings panel for LAN analysis configuration
CLI commands:
- dpi-dualctl lan - show summary
- dpi-dualctl clients - list active LAN clients
- dpi-dualctl destinations - external destinations
- dpi-dualctl protocols - detected protocols/apps
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add settings.js LuCI view for full UCI configuration
- Add widget.js embeddable component for other dashboards
- Add comprehensive README.md with architecture diagram
- Add luci-app-dpi-dual entry to SecuBox catalog
- Update menu.d to include Settings tab
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- secubox-app-maltego: Transform Distribution Server in LXC
- Python-based transform execution engine
- REST API compatible with Maltego desktop client
- Custom transform support via /srv/maltego/transforms/
- secubox-app-sherlock: Username hunting across social networks
- Sherlock + Holehe integration for username/email OSINT
- maigret, theHarvester, socialscan also installed
- REST API with async task execution
Both tools exposed via HAProxy at:
- https://maltego.gk2.secubox.in/
- https://sherlock.gk2.secubox.in/
Streamlit OSINT dashboard deployed at:
- https://osint.gk2.secubox.in/
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
qBittorrent (secubox-app-qbittorrent):
- Full-featured BitTorrent client with web UI
- Container IP: 192.168.255.42:8090
- qbittorrent-nox from Debian repos
- API commands: add, list, status
WebTorrent (secubox-app-webtorrent):
- Browser-based torrent streaming via WebRTC
- Container IP: 192.168.255.43:8095
- Node.js server with webtorrent library
- Stream video files directly in browser
- Beautiful dark theme web UI
Both use Debian LXC containers (no Docker/Podman)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
