e58f479cd4
feat(waf): Update WAF scenarios with 2024-2025 CVEs and OWASP threats
...
Add detection patterns for latest actively exploited vulnerabilities:
- CVE-2025-55182 (React2Shell, CVSS 10.0)
- CVE-2025-8110 (Gogs RCE), CVE-2025-53770 (SharePoint)
- CVE-2025-52691 (SmarterMail), CVE-2025-40551 (SolarWinds)
- CVE-2024-47575 (FortiManager), CVE-2024-21887 (Ivanti)
- CVE-2024-3400, CVE-2024-0012, CVE-2024-9474 (PAN-OS)
New attack categories based on OWASP Top 10 2025:
- HTTP Request Smuggling (TE.CL/CL.TE conflicts)
- AI/LLM Prompt Injection (ChatML, instruction markers)
- WAF Bypass techniques (Unicode normalization, double encoding)
- Supply Chain attacks (CI/CD poisoning, dependency confusion)
- Extended SSTI (Jinja2, Freemarker, Velocity, Thymeleaf)
- API Abuse (BOLA/IDOR, mass assignment)
CrowdSec scenarios split into 11 separate files for reliability.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-12 05:02:57 +01:00
bede51d80c
fix(mailserver): Enable submission/smtps/pop3s ports
...
- Add fix-ports command to enable ports 587, 465, 995
- Install dovecot-pop3d package for POP3S support
- Add submission/smtps services to Postfix master.cf
- Uncomment pop3s/imaps SSL listeners in Dovecot
- Add Fix Ports button to LuCI Quick Actions
- Include dovecot-pop3d in initial container setup
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 06:20:21 +01:00
71315c9c3b
feat(mailserver): Add password reset UI for mail users
...
- Add Reset Password button to user table
- Add showResetPasswordModal with password confirmation
- Add callUserPasswd RPC declaration
- Fix RPCD handler to read JSON from stdin or $3
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 06:13:41 +01:00
44493ebfe3
feat: Add CVE Triage Agent and Vortex DNS, fix webmail login
...
New Packages:
- secubox-cve-triage: AI-powered CVE analysis and vulnerability management
- NVD API integration for CVE data
- CrowdSec CVE alert correlation
- LocalAI-powered impact analysis
- Approval workflow for patch recommendations
- Multi-source monitoring (opkg, LXC, Docker)
- luci-app-cve-triage: Dashboard with alerts, pending queue, risk score
- secubox-vortex-dns: Meshed multi-dynamic subdomain delegation
- Master/slave hierarchical DNS delegation
- Wildcard domain management
- First Peek auto-registration
- Gossip-based exposure config sync
- Submastering for nested hierarchies
Fixes:
- Webmail 401 login: config.docker.inc.php was overriding IMAP host
to ssl://mail.secubox.in:993 which Docker couldn't reach
- Fixed mailctl webmail configure to use socat proxy (172.17.0.1:10143)
Documentation:
- Added LXC cgroup:mixed fix to FAQ-TROUBLESHOOTING.md
- Updated CLAUDE.md to include FAQ consultation at startup
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 12:19:54 +01:00
04d61baa6f
fix(rpcd): Remove local keyword from backup/mailserver handlers
...
POSIX shell doesn't allow 'local' outside functions.
Fixed for busybox/ash compatibility.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 10:48:25 +01:00
ded107e408
feat(luci-app-mailserver): Add unified mail server dashboard
...
All-in-one LuCI interface for:
- Mail server status and control
- User/alias management with modals
- Port status monitoring
- DNS/SSL setup actions
- Webmail configuration
- Mesh backup integration
RPCD handler with 17 methods for full mail management.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 10:43:55 +01:00
