CyberMind-FR
c69ae43961
InterceptoR Insider WAF (6th pillar):
- RPCD: get_insider_waf_status() tracking LAN client threats
- Dashboard: 🔒 Insider WAF card with threat stats
- CrowdSec scenarios for insider threats:
- C2 beacon, exfiltration, DNS tunneling, lateral movement
- Cryptominer, IoT botnet, suspicious TLDs, high volume
DDoS Protection Hardening:
- Config Advisor: 8 DDoS checks (SYN cookies, conntrack, RP filter,
ICMP rate, CrowdSec http-dos, HAProxy maxconn, mitmproxy WAF, Vortex)
- ANSSI rules: New "ddos" category with remediation steps
- Documentation: DOCS/DDOS-PROTECTION.md with full guide
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| files | ||
| Makefile | ||
| README.md | ||
CrowdSec Custom Scenarios for SecuBox
Custom CrowdSec configurations for SecuBox web interface and service protection.
Installation
opkg install secubox-app-crowdsec-custom
Included Scenarios
- HTTP authentication bruteforce detection
- Path scanning / enumeration detection
- LuCI / uhttpd auth failure monitoring
- Nginx reverse proxy monitoring
- HAProxy backend protection and auth monitoring
- Gitea web, SSH, and API bruteforce detection
- Streamlit app flooding and auth protection
- Webapp generic auth bruteforce protection
- Whitelist enrichment for trusted networks
What It Ships
- Parsers under
/etc/crowdsec/parsers/ - Scenarios under
/etc/crowdsec/scenarios/ - Acquisition configs under
/etc/crowdsec/acquis.d/ - Whitelist enrichment profiles
Dependencies
crowdseccrowdsec-firewall-bouncer
License
Apache-2.0