gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3b84c8a047
secubox-openwrt/package/secubox/secubox-auth-logger/files/openwrt-luci-auth.yaml
CyberMind-FR 3b84c8a047 feat(secubox-auth-logger): Add auth failure monitoring for CrowdSec 
- Create secubox-auth-logger package to monitor SSH/LuCI auth failures
- auth-monitor.sh watches logread for failed password attempts
- Supports OpenSSH, Dropbear, and uhttpd/LuCI authentication
- Logs failures to syslog with secubox-auth tag for CrowdSec parsing
- Fix wizard.js syntax error with computed property names
- Remove broken Dropbear verbose config (2024.86 doesn't support -v)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-13 09:35:20 +01:00

21 lines
687 B
YAML
Raw Blame History

# CrowdSec Parser for SecuBox Auth Logger
# Parses authentication failures from LuCI/uhttpd and Dropbear
# Format: secubox-auth: Authentication failure for <user> from <ip> via <service>
name: secubox/openwrt-luci-auth
description: "Parse SecuBox auth failure logs for LuCI and SSH"
filter: "evt.Parsed.program == 'secubox-auth'"
onsuccess: next_stage
nodes:
- grok:
pattern: "Authentication failure for %{USERNAME:user} from %{IP:source_ip} via %{WORD:service}"
apply_on: message
statics:
- meta: log_type
value: auth_failure
- meta: service
expression: evt.Parsed.service
- meta: source_ip
expression: evt.Parsed.source_ip
Reference in New Issue View Git Blame Copy Permalink