# Copyright (C) 2024 CyberMind.fr # Licensed under Apache-2.0 include $(TOPDIR)/rules.mk PKG_NAME:=secubox-app-auth-logger PKG_VERSION:=1.2.2 PKG_RELEASE:=1 PKG_ARCH:=all PKG_LICENSE:=Apache-2.0 PKG_MAINTAINER:=CyberMind include $(INCLUDE_DIR)/package.mk define Package/secubox-app-auth-logger SECTION:=secubox CATEGORY:=SecuBox TITLE:=Authentication Failure Logger for CrowdSec DEPENDS:=rpcd +uhttpd PKGARCH:=all PROVIDES:=secubox-auth-logger endef define Package/secubox-app-auth-logger/description Logs authentication failures from LuCI/rpcd and Dropbear SSH for CrowdSec detection. Includes: - SSH failure monitoring (OpenSSH/Dropbear) - LuCI web interface auth failure logging via CGI hook - JavaScript hook to intercept login failures - CrowdSec parser and bruteforce scenario endef define Build/Compile endef define Package/secubox-app-auth-logger/install # Auth monitor script $(INSTALL_DIR) $(1)/usr/lib/secubox $(INSTALL_BIN) ./files/auth-monitor.sh $(1)/usr/lib/secubox/ # Init script $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/secubox-app-auth-logger.init $(1)/etc/init.d/secubox-app-auth-logger # RPCD plugin for auth logging via ubus $(INSTALL_DIR) $(1)/usr/libexec/rpcd $(INSTALL_BIN) ./files/secubox.auth-logger $(1)/usr/libexec/rpcd/ # ACL for rpcd permissions $(INSTALL_DIR) $(1)/usr/share/rpcd/acl.d $(INSTALL_DATA) ./files/luci-secubox-auth.acl.json $(1)/usr/share/rpcd/acl.d/ # CGI hook for getting client IP during auth $(INSTALL_DIR) $(1)/www/cgi-bin $(INSTALL_BIN) ./files/auth-hook.cgi $(1)/www/cgi-bin/secubox-auth-hook # JavaScript hook for LuCI login interception $(INSTALL_DIR) $(1)/www/luci-static/resources/secubox $(INSTALL_DATA) ./files/secubox-auth-hook.js $(1)/www/luci-static/resources/secubox/ # CrowdSec parser $(INSTALL_DIR) $(1)/etc/crowdsec/parsers/s01-parse $(INSTALL_DATA) ./files/openwrt-luci-auth.yaml $(1)/etc/crowdsec/parsers/s01-parse/ # CrowdSec scenario $(INSTALL_DIR) $(1)/etc/crowdsec/scenarios $(INSTALL_DATA) ./files/openwrt-luci-bf.yaml $(1)/etc/crowdsec/scenarios/ # CrowdSec acquisition config $(INSTALL_DIR) $(1)/etc/crowdsec/acquis.d $(INSTALL_DATA) ./files/secubox-auth-acquis.yaml $(1)/etc/crowdsec/acquis.d/ # UCI defaults for first boot setup $(INSTALL_DIR) $(1)/etc/uci-defaults $(INSTALL_BIN) ./files/99-secubox-app-auth-logger $(1)/etc/uci-defaults/ endef define Package/secubox-app-auth-logger/postinst #!/bin/sh [ -n "$${IPKG_INSTROOT}" ] || { # Restart rpcd to load new plugin /etc/init.d/rpcd restart 2>/dev/null # Enable and start auth monitor /etc/init.d/secubox-app-auth-logger enable /etc/init.d/secubox-app-auth-logger start # Run uci-defaults to inject JS hook /etc/uci-defaults/99-secubox-app-auth-logger 2>/dev/null || true echo "SecuBox Auth Logger installed - LuCI login failures now logged for CrowdSec" } exit 0 endef define Package/secubox-app-auth-logger/postrm #!/bin/sh [ -n "$${IPKG_INSTROOT}" ] || { # Restore dispatcher from backup DISPATCHER="/usr/share/ucode/luci/dispatcher.uc" if [ -f "$${DISPATCHER}.bak" ]; then mv "$${DISPATCHER}.bak" "$$DISPATCHER" echo "Restored LuCI dispatcher from backup" fi # Remove JS hook from modern LuCI theme headers for header in /usr/share/ucode/luci/template/themes/*/header.ut; do [ -f "$$header" ] && sed -i '/secubox-auth-hook/d' "$$header" 2>/dev/null || true done # Remove JS hook from legacy LuCI theme headers for header in /usr/lib/lua/luci/view/themes/*/header.htm; do [ -f "$$header" ] && sed -i '/secubox-auth-hook/d' "$$header" 2>/dev/null || true done # Remove JS hook from sysauth if [ -f /usr/lib/lua/luci/view/sysauth.htm ]; then sed -i '/secubox-auth-hook/d' /usr/lib/lua/luci/view/sysauth.htm 2>/dev/null || true fi # Restart uhttpd to apply changes /etc/init.d/uhttpd restart 2>/dev/null || true } exit 0 endef $(eval $(call BuildPackage,secubox-app-auth-logger))