gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
22b344225c
secubox-openwrt/package/secubox/secubox-auth-logger/files/99-secubox-auth-logger
CyberMind-FR 22b344225c feat(secubox-auth-logger): Add LuCI auth failure detection 
- Add CGI hook to capture client IP during failed auth attempts
- Add JavaScript hook to intercept ubus session.login failures
- Add rpcd plugin for ubus-based auth logging
- Update CrowdSec parser for case-insensitive matching
- Inject JS hook into LuCI theme headers on install

This enables CrowdSec to detect and block brute-force attacks
on the LuCI web interface, which previously only logged
successful authentications.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-13 15:07:40 +01:00

76 lines
2.8 KiB
Bash
Raw Blame History

#!/bin/sh
# SecuBox Auth Logger - Post-install configuration
# Enables verbose logging for uhttpd and configures CrowdSec
# Copyright (C) 2024 CyberMind.fr
# Note: Dropbear 2024.86 does NOT support -v flag
# Auth monitoring relies on parsing existing syslog messages
# The auth-monitor.sh script watches logread for auth failures
# Enable uhttpd syslog for LuCI login monitoring
if [ -f /etc/config/uhttpd ]; then
uci set uhttpd.main.syslog='1'
uci commit uhttpd
/etc/init.d/uhttpd restart 2>/dev/null
fi
# Create auth log file for secubox-auth-logger
touch /var/log/secubox-auth.log
chmod 644 /var/log/secubox-auth.log
# Inject JS hook into LuCI login page
# Try multiple locations for different LuCI versions/themes
inject_js_hook() {
local hook_script='<script src="/luci-static/resources/secubox/secubox-auth-hook.js"></script>'
local hook_marker="secubox-auth-hook"
# Method 1: Bootstrap theme header (LuCI 19.x+)
if [ -f /usr/lib/lua/luci/view/themes/bootstrap/header.htm ]; then
if ! grep -q "$hook_marker" /usr/lib/lua/luci/view/themes/bootstrap/header.htm 2>/dev/null; then
sed -i "s|</head>|$hook_script\n</head>|" /usr/lib/lua/luci/view/themes/bootstrap/header.htm 2>/dev/null
fi
fi
# Method 2: Material theme header
if [ -f /usr/lib/lua/luci/view/themes/material/header.htm ]; then
if ! grep -q "$hook_marker" /usr/lib/lua/luci/view/themes/material/header.htm 2>/dev/null; then
sed -i "s|</head>|$hook_script\n</head>|" /usr/lib/lua/luci/view/themes/material/header.htm 2>/dev/null
fi
fi
# Method 3: OpenWrt theme header
if [ -f /usr/lib/lua/luci/view/themes/openwrt/header.htm ]; then
if ! grep -q "$hook_marker" /usr/lib/lua/luci/view/themes/openwrt/header.htm 2>/dev/null; then
sed -i "s|</head>|$hook_script\n</head>|" /usr/lib/lua/luci/view/themes/openwrt/header.htm 2>/dev/null
fi
fi
# Method 4: Base sysauth view (fallback for login page)
if [ -f /usr/lib/lua/luci/view/sysauth.htm ]; then
if ! grep -q "$hook_marker" /usr/lib/lua/luci/view/sysauth.htm 2>/dev/null; then
sed -i "s|</head>|$hook_script\n</head>|" /usr/lib/lua/luci/view/sysauth.htm 2>/dev/null
fi
fi
# Method 5: LuCI2 / luci-mod-admin-full footer
if [ -f /www/luci-static/resources/footer.htm ]; then
if ! grep -q "$hook_marker" /www/luci-static/resources/footer.htm 2>/dev/null; then
echo "$hook_script" >> /www/luci-static/resources/footer.htm 2>/dev/null
fi
fi
}
inject_js_hook
# Restart rpcd to load new ubus object
if [ -x /etc/init.d/rpcd ]; then
/etc/init.d/rpcd restart 2>/dev/null
fi
# Restart CrowdSec to pick up new acquisition/parser/scenario
if [ -x /etc/init.d/crowdsec ]; then
/etc/init.d/crowdsec restart 2>/dev/null
fi
exit 0
Reference in New Issue View Git Blame Copy Permalink