secubox-openwrt

gandalf/secubox-openwrt

Fork 0

Commit Graph

Author	SHA1	Message	Date
CyberMind-FR	1bbd345cee	refactor(luci): Mass KissTheme UI rework across all LuCI apps Convert 90+ LuCI view files from legacy cbi-button-* classes to KissTheme kiss-btn-* classes for consistent dark theme styling. Pattern conversions applied: - cbi-button-positive → kiss-btn-green - cbi-button-negative/remove → kiss-btn-red - cbi-button-apply → kiss-btn-cyan - cbi-button-action → kiss-btn-blue - cbi-button (plain) → kiss-btn Also replaced hardcoded colors (#080, #c00, #888, etc.) with CSS variables (--kiss-green, --kiss-red, --kiss-muted, etc.) for proper dark theme compatibility. Apps updated include: ai-gateway, auth-guardian, bandwidth-manager, cloner, config-advisor, crowdsec-dashboard, dns-provider, exposure, glances, haproxy, hexojs, iot-guard, jellyfin, ksm-manager, mac-guardian, magicmirror2, master-link, meshname-dns, metablogizer, metabolizer, mqtt-bridge, netdata-dashboard, picobrew, routes-status, secubox-admin, secubox-mirror, secubox-p2p, secubox-security-threats, service-registry, simplex, streamlit, system-hub, tor-shield, traffic-shaper, vhost-manager, vortex-dns, vortex-firewall, webradio, wireguard-dashboard, zigbee2mqtt, zkp, and more. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-03-12 11:09:34 +01:00
CyberMind-FR	56d45fe7c2	feat(waf): Add sensitivity-based auto-ban system with CrowdSec integration WAF Auto-ban Features: - Three sensitivity levels: aggressive, moderate, permissive - Aggressive: Immediate ban on first critical threat - Moderate: Ban after 3 attempts in 5 minutes (default) - Permissive: Ban after 5 attempts in 1 hour - Attempt tracking with configurable thresholds Critical threats (immediate in aggressive/moderate): - CVE exploits, SQL injection, Command injection - XXE, Log4Shell, SSTI attacks CrowdSec Integration: - Auto-ban requests written to /srv/mitmproxy/autoban-requests.log - Cron job processes bans every minute via mitmproxyctl - Bans sent to CrowdSec for network-wide enforcement New Commands: - mitmproxyctl process-autoban: Process pending bans - mitmproxyctl reload-autoban: Reload config after UCI changes CrowdSec Dashboard: - Added ban button to alerts page - Modal confirmation with 24h ban duration - Real-time banned IP tracking Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-02 13:40:52 +01:00

Author

SHA1

Message

Date

CyberMind-FR

1bbd345cee

refactor(luci): Mass KissTheme UI rework across all LuCI apps

Convert 90+ LuCI view files from legacy cbi-button-* classes to
KissTheme kiss-btn-* classes for consistent dark theme styling.

Pattern conversions applied:
- cbi-button-positive → kiss-btn-green
- cbi-button-negative/remove → kiss-btn-red
- cbi-button-apply → kiss-btn-cyan
- cbi-button-action → kiss-btn-blue
- cbi-button (plain) → kiss-btn

Also replaced hardcoded colors (#080, #c00, #888, etc.) with
CSS variables (--kiss-green, --kiss-red, --kiss-muted, etc.)
for proper dark theme compatibility.

Apps updated include: ai-gateway, auth-guardian, bandwidth-manager,
cloner, config-advisor, crowdsec-dashboard, dns-provider, exposure,
glances, haproxy, hexojs, iot-guard, jellyfin, ksm-manager,
mac-guardian, magicmirror2, master-link, meshname-dns, metablogizer,
metabolizer, mqtt-bridge, netdata-dashboard, picobrew, routes-status,
secubox-admin, secubox-mirror, secubox-p2p, secubox-security-threats,
service-registry, simplex, streamlit, system-hub, tor-shield,
traffic-shaper, vhost-manager, vortex-dns, vortex-firewall,
webradio, wireguard-dashboard, zigbee2mqtt, zkp, and more.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-03-12 11:09:34 +01:00

CyberMind-FR

56d45fe7c2

feat(waf): Add sensitivity-based auto-ban system with CrowdSec integration

WAF Auto-ban Features:
- Three sensitivity levels: aggressive, moderate, permissive
- Aggressive: Immediate ban on first critical threat
- Moderate: Ban after 3 attempts in 5 minutes (default)
- Permissive: Ban after 5 attempts in 1 hour
- Attempt tracking with configurable thresholds

Critical threats (immediate in aggressive/moderate):
- CVE exploits, SQL injection, Command injection
- XXE, Log4Shell, SSTI attacks

CrowdSec Integration:
- Auto-ban requests written to /srv/mitmproxy/autoban-requests.log
- Cron job processes bans every minute via mitmproxyctl
- Bans sent to CrowdSec for network-wide enforcement

New Commands:
- mitmproxyctl process-autoban: Process pending bans
- mitmproxyctl reload-autoban: Reload config after UCI changes

CrowdSec Dashboard:
- Added ban button to alerts page
- Modal confirmation with 24h ban duration
- Real-time banned IP tracking

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-02 13:40:52 +01:00

2 Commits