gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
349 Commits 4 Branches 293 Tags 320 MiB
be3a367e18
Commit Graph

7 Commits

Author SHA1 Message Date
CyberMind-FR
8d5e4275f6 fix: CrowdSec CAPI registration and enable threat intelligence 
CrowdSec Central API (CAPI) Fixed:
- Removed code that disabled online_client on install
- Added proper CAPI registration in crowdsec.defaults
- Registration now works (previous 403 errors were transient)
- Graceful fallback if CAPI registration fails

CAPI Features Now Working:
- Threat intelligence sharing enabled
- Pulling community blocklist (14,997+ IPs)
- Hub updates working without 403 errors
- SSH bruteforce: 12,388 bans from CAPI
- Generic scans: 1,176 bans from CAPI
- SSH exploits: 1,433 bans from CAPI

Registration Flow:
1. Create /etc/machine-id if missing
2. Register local API machine
3. Register with Central API (CAPI)
4. On CAPI failure, create minimal credentials file
5. Update hub index
6. Install default collections

Benefits of CAPI Integration:
- Real-time threat intelligence from global network
- Community-contributed IP blocklists
- Automatic updates for detection scenarios
- Signal sharing to help protect others
- Enhanced protection without manual IP list management

NetIfyd Dashboard Improvements:
- Added data caching for smoother updates
- Application aggregation function
- Fallback stats when data temporarily unavailable
- Better handling of undefined values

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-06 18:33:23 +01:00
CyberMind-FR
2168d76f96 fix: CrowdSec defaults - disable CAPI & improve setup robustness 
Package Installation Improvements:
- Automatically create /etc/machine-id from UUID if missing
- Disable Central API (CAPI) by default in config.yaml
- Create minimal online_api_credentials.yaml to prevent errors
- Add fallback curl download for hub index (works around 403 errors)
- Make all setup commands non-fatal with || true

CAPI Status:
- Disabled by default due to HTTP 403 errors from api.crowdsec.net
- Custom User-Agent (crowdsec/v1.7.4-openwrt-*) appears blocked
- Can be manually enabled with: cscli console enroll <key>
- Local-only mode provides full SSH brute-force protection

Hub Updates:
- Manual curl download works (HTTP 200)
- cscli hub update fails (HTTP 403)
- Weekly auto-update via curl in defaults script

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-06 16:49:45 +01:00
CyberMind-FR
0402282d8b chore(secubox): rename netifyd package 2026-01-06 09:54:41 +01:00
CyberMind-FR
e7c9411d79 feat: Release v0.8.2 - Admin Control Center, Documentation Mirror & Docker Automation 
This release adds major new features for SecuBox management and deployment:

## New Features

### 1. LuCI Admin Control Center (luci-app-secubox-admin)
- Unified admin dashboard for managing all SecuBox appstore plugins
- **Control Panel**: Real-time stats, system health, alerts, quick actions
- **Apps Manager**: Browse catalog, install/remove apps with search & filtering
- **App Settings**: Per-app configuration, start/stop controls
- **System Health**: Live monitoring (CPU, RAM, disk) with auto-refresh
- **System Logs**: Centralized log viewer with download capability
- Fully integrated with existing RPCD backend (luci.secubox)
- Mobile-responsive design with polished UI components

### 2. Documentation Mirror in SecuBox Bonus
- Integrated complete development documentation into luci-app-secubox-bonus
- 64+ documentation files now available offline at /luci-static/secubox/docs/
- Beautiful landing page (index-main.html) with 4 sections:
  - Development guides & references
  - Live module demos
  - Tutorials & blog posts
  - Marketing campaign pages
- Accessible locally on router without internet connection

### 3. Automated Docker Plugin Installation
- Enhanced secubox-appstore CLI with full Docker automation
- One-click installation from web UI now fully automated:
  - Auto-detects Docker runtime from catalog
  - Discovers and executes control scripts (*ctl install)
  - Pulls Docker images automatically
  - Creates directories and configures UCI
  - Enables init services
- No manual CLI steps required for Docker apps
- Works for all Docker apps: AdGuard Home, Mail-in-a-Box, Nextcloud, etc.

### 4. Mail-in-a-Box Plugin
- New Docker-based email server plugin (secubox-app-mailinabox)
- Complete package with:
  - UCI configuration (8 port mappings, feature flags)
  - Control script (mailinaboxctl) with install/check/update/status/logs
  - Procd init script with auto-restart
  - Catalog manifest (category: hosting, maturity: beta)
- Network mode: host (required for mail server)
- Persistent storage: mail, SSL, data, DNS volumes

## Improvements

### Build System
- Updated local-build.sh to include luci-app-* packages from package/secubox/
- Now automatically discovers and builds luci-app-secubox-admin and similar packages
- Fixed Makefile include paths for feed structure

### Package Releases
- Incremented PKG_RELEASE for all 31 SecuBox packages
- Ensures clean upgrade path from previous versions

### Catalog Updates
- Mail-in-a-Box entry moved from "productivity" to "hosting" category
- Status changed to "beta" reflecting community Docker image maturity
- Storage requirement increased: 1024MB → 2048MB
- Added port 25 accessibility note

## Files Changed

### New Packages (2)
- package/secubox/luci-app-secubox-admin/ (12 files)
- package/secubox/secubox-app-mailinabox/ (4 files)

### Enhanced Packages (1)
- package/secubox/luci-app-secubox-bonus/ (65 new docs files)

### Modified Core (3)
- package/secubox/secubox-core/root/usr/sbin/secubox-appstore
- package/secubox/secubox-core/root/usr/share/secubox/catalog.json
- secubox-tools/local-build.sh

### All Makefiles (31 packages)
- Incremented PKG_RELEASE for clean upgrade path

## Technical Details

**Admin Control Center Architecture:**
- Frontend: 5 views (dashboard, apps, settings, health, logs)
- API: Wrapper around luci.secubox RPCD methods
- Components: Reusable UI library (cards, badges, alerts, loaders)
- Styling: Common + admin-specific CSS with responsive design
- Auto-refresh: Polling for live updates (5-30s intervals)

**Docker Automation Flow:**
```
Web UI → RPCD → secubox-appstore CLI → opkg install → *ctl install →
docker pull → directories → UCI config → init enable → ✓ Ready
```

**Access Points:**
- Admin Control: http://router/cgi-bin/luci/admin/secubox/admin/
- Documentation: http://router/luci-static/secubox/index-main.html
- Demos: http://router/luci-static/secubox/demo-*.html

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-04 08:29:31 +01:00
CyberMind-FR
4325197e35 fix(packages): add PKG_ARCH:=all and resolve build conflicts 
- Add PKG_ARCH:=all to all 29 SecuBox packages for architecture independence
- Fix secubox-core: remove /var directory creation (conflicts with OpenWRT symlink)
- Fix luci-app-secubox: remove PKG_FILE_MODES causing build errors
- Refactor luci-app-network-tweaks: migrate files/ to root/ structure
- Set correct permissions on fix-permissions.sh (755)

Fixes:
- secubox-core now builds successfully (no /var conflict)
- luci-app-secubox installs without file conflicts
- All packages properly marked as architecture-independent

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-02 07:45:37 +01:00
CyberMind-FR
280dd91798 release: bump secubox hub to 0.6.1-0 2025-12-30 14:42:45 +01:00
CyberMind-FR
029b1796d4 feat(crowdsec): add secubox-app daemon 2025-12-30 13:00:59 +01:00