gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
952 Commits 4 Branches 293 Tags 320 MiB
ae26317815
Commit Graph

5 Commits

Author SHA1 Message Date
CyberMind-FR
14af23774a fix(client-guardian): Safe defaults + emergency clear + safety limits 
BREAKING: Default policy changed from quarantine to open
- Disabled by default (was enabled)
- Default policy: open (was quarantine - blocked new devices!)
- Auto-zoning: disabled by default
- Auto-parking zone: lan_private (was guest)
- Night block schedule: disabled by default
- Threat auto-ban: disabled by default

Safety mechanisms added:
- MAX_BLOCKED_DEVICES limit (10) prevents mass blocking
- check_safety_limit() function validates before blocking
- clear_all_cg_rules() emergency function via RPCD
- safety_status RPCD method to check current state

UI improvements:
- Added warnings for restrictive policies
- Reordered options (safe options first)
- Clearer descriptions of consequences

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-30 19:46:26 +01:00
CyberMind-FR
5b55ab3ef9 feat: Dashboard reorganization and auth security fixes 
- Move Debug Console from Client Guardian to System Hub
- Add Auto-Zoning Rules dedicated view in Client Guardian
- Add public pages for Bug Bounty and Crowdfunding (no ACL)
- Fix auth-logger to only detect real login attempts
- Add private IP whitelist for CrowdSec (RFC1918 ranges)
- Update navigation menus across all apps
- Bump secubox-auth-logger to v1.2.2

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-14 09:32:14 +01:00
CyberMind-FR
4dc1a6b74c feat: Add WAN zone to default Client Guardian config 2026-01-08 17:01:46 +01:00
CyberMind-FR
0564de0811 feat: Remove captive portal and add auto-zoning to Client Guardian (v0.6.0-r24) 
Major enhancements to Client Guardian:

**Removed Captive Portal:**
- Deleted portal.js and captive.js views
- Removed portal configuration from UCI
- Removed portal RPC methods (get_portal, update_portal, list_sessions, authorize_client, deauthorize_client)
- Cleaned menu and ACL definitions
- Updated default policy from 'captive' to 'quarantine'

**Added Auto-Zoning System:**
- Implemented get_vendor_from_mac() for OUI lookups
- Added apply_auto_zoning() with rule-based zone assignment
- Support for vendor, hostname pattern, and MAC prefix matching
- 8 pre-configured auto-zoning rules (IoT devices, mobile, guests)
- Auto-parking zone for unmatched clients
- GridSection UI for managing auto-zoning rules

**Threat Intelligence Integration:**
- Added threat_policy UCI section
- Auto-ban/quarantine based on threat score thresholds
- Threat indicators on client displays
- Integration with Security Threats Dashboard

**Dashboard Improvements:**
- Fixed boolean conversion (UCI "true"/"false" to JSON 0/1)
- Fixed RPC expect parameter issues causing empty arrays
- Added real-time polling with configurable intervals
- Removed all window.location.reload() calls
- Smooth DOM updates without page flickers

**Settings Enhancements:**
- Added reactiveness section (auto-refresh toggle, interval)
- Added threat intelligence settings
- Removed captive portal settings section
- Updated policy descriptions

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-08 08:44:39 +01:00
CyberMind-FR
31a87c5d7a feat(structure): reorganize luci-app packages into package/secubox/ + appstore migration 
Major structural reorganization and feature additions:

## Folder Reorganization
- Move 17 luci-app-* packages to package/secubox/ (except luci-app-secubox core hub)
- Update all tooling to support new structure:
  - secubox-tools/quick-deploy.sh: search both locations
  - secubox-tools/validate-modules.sh: validate both directories
  - secubox-tools/fix-permissions.sh: fix permissions in both locations
  - .github/workflows/test-validate.yml: build from both paths
- Update README.md links to new package/secubox/ paths

## AppStore Migration (Complete)
- Add catalog entries for all remaining luci-app packages:
  - network-tweaks.json: Network optimization tools
  - secubox-bonus.json: Documentation & demos hub
- Total: 24 apps in AppStore catalog (22 existing + 2 new)
- New category: 'documentation' for docs/demos/tutorials

## VHost Manager v2.0 Enhancements
- Add profile activation system for Internal Services and Redirects
- Implement createVHost() API wrapper for template-based deployment
- Fix Virtual Hosts view rendering with proper LuCI patterns
- Fix RPCD backend shell script errors (remove invalid local declarations)
- Extend backend validation for nginx return directives (redirect support)
- Add section_id parameter for named VHost profiles
- Add Remove button to Redirects page for feature parity
- Update README to v2.0 with comprehensive feature documentation

## Network Tweaks Dashboard
- Close button added to component details modal

Files changed: 340+ (336 renames with preserved git history)
Packages affected: 19 luci-app, 2 secubox-app, 1 theme, 4 tools

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-01 14:59:38 +01:00