secubox-openwrt

gandalf/secubox-openwrt

Fork 0

Commit Graph

Author	SHA1	Message	Date
CyberMind-FR	c69ae43961	feat(interceptor,ddos): Add Insider WAF pillar and DDoS hardening profile InterceptoR Insider WAF (6th pillar): - RPCD: get_insider_waf_status() tracking LAN client threats - Dashboard: 🔒 Insider WAF card with threat stats - CrowdSec scenarios for insider threats: - C2 beacon, exfiltration, DNS tunneling, lateral movement - Cryptominer, IoT botnet, suspicious TLDs, high volume DDoS Protection Hardening: - Config Advisor: 8 DDoS checks (SYN cookies, conntrack, RP filter, ICMP rate, CrowdSec http-dos, HAProxy maxconn, mitmproxy WAF, Vortex) - ANSSI rules: New "ddos" category with remediation steps - Documentation: DOCS/DDOS-PROTECTION.md with full guide Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-12 10:46:16 +01:00
CyberMind-FR	714313633b	fix(config-advisor): BusyBox ash compatibility fixes - Replace bash arrays with POSIX loops in scoring.sh - Replace bc with shell arithmetic (bc not available on OpenWrt) - Wrap RPCD handlers in functions for local keyword compatibility - Fix process substitution < <() to use pipe instead Tested on router: CLI and RPCD working, score calculation correct. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-06 06:08:28 +01:00
CyberMind-FR	0f4649c1e0	feat(config-advisor): Add ANSSI CSPN compliance checking packages secubox-config-advisor: - 7 check categories (network, firewall, auth, encryption, services, logging, updates) - 25+ security rules with severity-weighted scoring (0-100, grade A-F) - Auto-remediation for 7 checks with dry-run mode - LocalAI integration for AI-powered suggestions - config-advisorctl CLI with 20+ commands luci-app-config-advisor: - Dashboard with score circle, grade, risk level, compliance rate - Compliance view by category with pass/fail/warn badges - Remediation view with apply/preview buttons - Settings for framework, weights, categories, LocalAI Part of v1.0.0 ANSSI CSPN certification roadmap. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-06 05:56:17 +01:00

Author

SHA1

Message

Date

CyberMind-FR

c69ae43961

feat(interceptor,ddos): Add Insider WAF pillar and DDoS hardening profile

InterceptoR Insider WAF (6th pillar):
- RPCD: get_insider_waf_status() tracking LAN client threats
- Dashboard: 🔒 Insider WAF card with threat stats
- CrowdSec scenarios for insider threats:
  - C2 beacon, exfiltration, DNS tunneling, lateral movement
  - Cryptominer, IoT botnet, suspicious TLDs, high volume

DDoS Protection Hardening:
- Config Advisor: 8 DDoS checks (SYN cookies, conntrack, RP filter,
  ICMP rate, CrowdSec http-dos, HAProxy maxconn, mitmproxy WAF, Vortex)
- ANSSI rules: New "ddos" category with remediation steps
- Documentation: DOCS/DDOS-PROTECTION.md with full guide

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-12 10:46:16 +01:00

CyberMind-FR

714313633b

fix(config-advisor): BusyBox ash compatibility fixes

- Replace bash arrays with POSIX loops in scoring.sh
- Replace bc with shell arithmetic (bc not available on OpenWrt)
- Wrap RPCD handlers in functions for local keyword compatibility
- Fix process substitution < <() to use pipe instead

Tested on router: CLI and RPCD working, score calculation correct.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-06 06:08:28 +01:00

CyberMind-FR

0f4649c1e0

feat(config-advisor): Add ANSSI CSPN compliance checking packages

secubox-config-advisor:
- 7 check categories (network, firewall, auth, encryption, services, logging, updates)
- 25+ security rules with severity-weighted scoring (0-100, grade A-F)
- Auto-remediation for 7 checks with dry-run mode
- LocalAI integration for AI-powered suggestions
- config-advisorctl CLI with 20+ commands

luci-app-config-advisor:
- Dashboard with score circle, grade, risk level, compliance rate
- Compliance view by category with pass/fail/warn badges
- Remediation view with apply/preview buttons
- Settings for framework, weights, categories, LocalAI

Part of v1.0.0 ANSSI CSPN certification roadmap.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-06 05:56:17 +01:00

3 Commits