gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
514 Commits 4 Branches 293 Tags 320 MiB
fd7caeb8c3
Commit Graph

6 Commits

Author SHA1 Message Date
CyberMind-FR
5b55ab3ef9 feat: Dashboard reorganization and auth security fixes 
- Move Debug Console from Client Guardian to System Hub
- Add Auto-Zoning Rules dedicated view in Client Guardian
- Add public pages for Bug Bounty and Crowdfunding (no ACL)
- Fix auth-logger to only detect real login attempts
- Add private IP whitelist for CrowdSec (RFC1918 ranges)
- Update navigation menus across all apps
- Bump secubox-auth-logger to v1.2.2

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-14 09:32:14 +01:00
CyberMind-FR
b5567ff747 fix(secubox-auth-logger): Simplify log format for CrowdSec parsing 
- v1.2.1: Remove timestamp generation (ucode time functions unavailable)
- Use simple format: secubox-auth[1]: authentication failure for...
- Update parser to use raw line parsing with custom label type
- Change acquisition from type:syslog to type:secubox-auth

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-13 15:55:30 +01:00
CyberMind-FR
2053cfb614 fix(crowdsec): Patch dispatcher for auth logging and fix firewall interfaces 
- secubox-auth-logger v1.2.0: Patch LuCI ucode dispatcher.uc to log
  authentication failures server-side instead of relying on JS hooks
- crowdsec-firewall-bouncer: Add helper function for UCI list reading
  and default to eth1, br-lan, br-wan interfaces to ensure WAN traffic
  is checked against the blocklist
- Update postrm to properly restore dispatcher backup on uninstall

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-13 15:50:55 +01:00
CyberMind-FR
22b344225c feat(secubox-auth-logger): Add LuCI auth failure detection 
- Add CGI hook to capture client IP during failed auth attempts
- Add JavaScript hook to intercept ubus session.login failures
- Add rpcd plugin for ubus-based auth logging
- Update CrowdSec parser for case-insensitive matching
- Inject JS hook into LuCI theme headers on install

This enables CrowdSec to detect and block brute-force attacks
on the LuCI web interface, which previously only logged
successful authentications.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-13 15:07:40 +01:00
CyberMind-FR
c2ea22bcab fix: CAPI registration with stale credentials cleanup 
- repair_lapi() now removes stale online_api_credentials.yaml and retries
- New repair_capi() function for dedicated CAPI repair
- console_enroll() handles CAPI credential cleanup before retry
- Added repairCapi API method in frontend
- Bump luci-app-crowdsec-dashboard to 0.7.0-r20
- Add openwrt-luci-bf.yaml scenario for LuCI brute force detection
- Add secubox-auth-acquis.yaml acquisition config

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-13 11:16:58 +01:00
CyberMind-FR
3b84c8a047 feat(secubox-auth-logger): Add auth failure monitoring for CrowdSec 
- Create secubox-auth-logger package to monitor SSH/LuCI auth failures
- auth-monitor.sh watches logread for failed password attempts
- Supports OpenSSH, Dropbear, and uhttpd/LuCI authentication
- Logs failures to syslog with secubox-auth tag for CrowdSec parsing
- Fix wizard.js syntax error with computed property names
- Remove broken Dropbear verbose config (2024.86 doesn't support -v)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-13 09:35:20 +01:00