gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,498 Commits 4 Branches 293 Tags 320 MiB
f424ec72c1
Commit Graph

6 Commits

Author SHA1 Message Date
CyberMind-FR
58ba852564 fix(luci): Fix dpi-dual menu and simplify lyrion UI 
- Fix dpi-dual "firstchildview" error (changed to "firstchild")
- Simplify luci-app-lyrion: overview.js 276→150 lines
- Simplify luci-app-lyrion: settings.js 78→32 lines
- Simplify luci-app-lyrion: RPCD 300→90 lines
- Combined status + library stats into single RPC call
- Removed unused methods (update, logs, get_config, save_config)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-03-15 17:03:13 +01:00
CyberMind-FR
ccccd3d93b feat(dpi-dual): Add WAF auto-ban tuning system 
- UCI config: Add scoring section with event weights, sensitivity presets,
  whitelist, and decay options
- dpi-correlator: Load scoring weights from UCI, apply sensitivity
  multipliers, check whitelist before auto-ban, periodic reputation decay
- CLI: New 'tune', 'whitelist', 'decay' commands for runtime configuration
- RPCD: 6 new methods - get_tuning, set_tuning, whitelist_add/remove/list,
  reset_reputation
- ACL: Added permissions for new tuning methods

Sensitivity presets:
- low (0.7x) - fewer false positives
- medium (1.0x) - balanced (default)
- high (1.3x) - aggressive detection

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-03-15 15:37:55 +01:00
CyberMind-FR
f39440ab16 feat(dpi): Add LAN passive flow analysis (no MITM, no cache) 
Real-time passive flow monitoring on br-lan for network analysis:
- dpi-lan-collector service watches netifyd flows in real-time
- Tracks active clients, external destinations, and protocols
- Per-client bandwidth and flow statistics
- Protocol/application detection via nDPI
- Zero latency impact - pure passive observation

LuCI integration:
- New "LAN Flows" dashboard view with real-time updates
- RPCD methods: get_lan_status, get_lan_clients, get_lan_destinations, get_lan_protocols
- Settings panel for LAN analysis configuration

CLI commands:
- dpi-dualctl lan - show summary
- dpi-dualctl clients - list active LAN clients
- dpi-dualctl destinations - external destinations
- dpi-dualctl protocols - detected protocols/apps

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-03-15 12:37:57 +01:00
CyberMind-FR
b767f4dc30 feat(dpi): Phase 4 - Integration, documentation and widget 
- Add settings.js LuCI view for full UCI configuration
- Add widget.js embeddable component for other dashboards
- Add comprehensive README.md with architecture diagram
- Add luci-app-dpi-dual entry to SecuBox catalog
- Update menu.d to include Settings tab

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-03-15 12:31:47 +01:00
CyberMind-FR
7ff9ee3805 feat(dpi): Phase 3 - Correlation engine + timeline view 
Correlation Library (correlation-lib.sh):
- IP reputation tracking with configurable decay
- Full context gathering from MITM, DPI, WAF streams
- CrowdSec decision checking and notification
- Correlation entry builder with rich context

Enhanced Correlator (dpi-correlator v2):
- Watches WAF alerts, CrowdSec decisions, DPI flows
- Auto-ban for high-reputation IPs (threshold: 80)
- Notification queue for high-severity threats
- CLI: correlate, reputation, context, search, stats

LuCI Timeline View:
- Correlation timeline with colored event cards
- IP context modal showing MITM requests + WAF alerts
- Quick ban button with CrowdSec integration
- Search by IP functionality
- Stats: total, high-threat, banned, unique IPs

RPCD Methods (8 new):
- get_correlation_stats, get_ip_context, get_ip_reputation
- get_timeline, search_correlations, ban_ip, set_auto_ban

UCI Config: auto_ban, auto_ban_threshold, notifications

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-03-15 12:27:20 +01:00
CyberMind-FR
a24beaf316 feat(dpi): Phase 2 - MITM double buffer + LuCI dashboard 
MITM Double Buffer (dpi_buffer.py):
- Compiled regex patterns for 6 threat categories
- Scanner detection (sqlmap, nikto, nmap, etc.)
- Optional blocking mode for high-score threats
- Request replay queue for forensic analysis
- Rate limiting detection
- Stats: buffer entries, threat distribution, top hosts

LuCI Dashboard (luci-app-dpi-dual):
- RPCD handler with 10 methods
- KISS-themed overview with stream status cards
- LED indicators for MITM/TAP/Correlation
- Threats table with score and blocked status
- Protocol distribution from netifyd
- Manual IP correlation trigger

Streamlit Control Panel:
- Added DPI Dual card with flows/threats/blocked metrics

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-03-15 12:21:50 +01:00