gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3b84c8a047
secubox-openwrt/package/secubox/secubox-auth-logger/Makefile
CyberMind-FR 3b84c8a047 feat(secubox-auth-logger): Add auth failure monitoring for CrowdSec 
- Create secubox-auth-logger package to monitor SSH/LuCI auth failures
- auth-monitor.sh watches logread for failed password attempts
- Supports OpenSSH, Dropbear, and uhttpd/LuCI authentication
- Logs failures to syslog with secubox-auth tag for CrowdSec parsing
- Fix wizard.js syntax error with computed property names
- Remove broken Dropbear verbose config (2024.86 doesn't support -v)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-13 09:35:20 +01:00

53 lines
1.4 KiB
Makefile
Raw Blame History

# Copyright (C) 2024 CyberMind.fr
# Licensed under Apache-2.0
include $(TOPDIR)/rules.mk
PKG_NAME:=secubox-auth-logger
PKG_VERSION:=1.0.0
PKG_RELEASE:=1
PKG_ARCH:=all
PKG_LICENSE:=Apache-2.0
PKG_MAINTAINER:=CyberMind <contact@cybermind.fr>
include $(INCLUDE_DIR)/package.mk
define Package/secubox-auth-logger
SECTION:=secubox
CATEGORY:=SecuBox
TITLE:=Authentication Failure Logger for CrowdSec
DEPENDS:=+rpcd +uhttpd
PKGARCH:=all
endef
define Package/secubox-auth-logger/description
Logs authentication failures from LuCI/rpcd and Dropbear SSH
for CrowdSec detection. Patches rpcd to emit auth failure logs
to syslog in a format CrowdSec can parse.
endef
define Build/Compile
endef
define Package/secubox-auth-logger/install
$(INSTALL_DIR) $(1)/usr/lib/secubox
$(INSTALL_BIN) ./files/auth-monitor.sh $(1)/usr/lib/secubox/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/secubox-auth-logger.init $(1)/etc/init.d/secubox-auth-logger
$(INSTALL_DIR) $(1)/etc/crowdsec/parsers/s01-parse
$(INSTALL_DATA) ./files/openwrt-luci-auth.yaml $(1)/etc/crowdsec/parsers/s01-parse/
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files/99-secubox-auth-logger $(1)/etc/uci-defaults/
endef
define Package/secubox-auth-logger/postinst
#!/bin/sh
[ -n "$${IPKG_INSTROOT}" ] || {
/etc/init.d/secubox-auth-logger enable
/etc/init.d/secubox-auth-logger start
}
exit 0
endef
$(eval $(call BuildPackage,secubox-auth-logger))
Reference in New Issue View Git Blame Copy Permalink