gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
50bd0c872e
secubox-openwrt/package/secubox/secubox-app-crowdsec
History
CyberMind-FR 8d5e4275f6 fix: CrowdSec CAPI registration and enable threat intelligence 
CrowdSec Central API (CAPI) Fixed:
- Removed code that disabled online_client on install
- Added proper CAPI registration in crowdsec.defaults
- Registration now works (previous 403 errors were transient)
- Graceful fallback if CAPI registration fails

CAPI Features Now Working:
- Threat intelligence sharing enabled
- Pulling community blocklist (14,997+ IPs)
- Hub updates working without 403 errors
- SSH bruteforce: 12,388 bans from CAPI
- Generic scans: 1,176 bans from CAPI
- SSH exploits: 1,433 bans from CAPI

Registration Flow:
1. Create /etc/machine-id if missing
2. Register local API machine
3. Register with Central API (CAPI)
4. On CAPI failure, create minimal credentials file
5. Update hub index
6. Install default collections

Benefits of CAPI Integration:
- Real-time threat intelligence from global network
- Community-contributed IP blocklists
- Automatic updates for detection scenarios
- Signal sharing to help protect others
- Enhanced protection without manual IP list management

NetIfyd Dashboard Improvements:
- Added data caching for smoother updates
- Application aggregation function
- Fallback stats when data temporarily unavailable
- Better handling of undefined values

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-06 18:33:23 +01:00
..
files fix: CrowdSec CAPI registration and enable threat intelligence 2026-01-06 18:33:23 +01:00
patches chore(secubox): rename netifyd package 2026-01-06 09:54:41 +01:00
Makefile chore(secubox): rename netifyd package 2026-01-06 09:54:41 +01:00
README.md feat(crowdsec): add secubox-app daemon 2025-12-30 13:00:59 +01:00

README.md

SecuBox App - CrowdSec

Version

  • Package: secubox-app-crowdsec
  • CrowdSec Core: v1.7.4
  • Release: 1
  • Last Updated: December 30, 2024

Description

CrowdSec is an open-source, lightweight security engine that detects and responds to malicious behaviors. This SecuBox package provides CrowdSec for OpenWrt routers.

Key Features (v1.7.4)

  • WAF capability with DropRequest helper for request blocking
  • Refactored syslog acquisition using RestartableStreamer
  • Optional pure-go SQLite driver for better compatibility
  • Enhanced logging configuration with syslog media support
  • Configurable usage metrics export (api.server.disable_usage_metrics_export)
  • Fixed LAPI metrics cardinality issues with Prometheus
  • Data race prevention in Docker acquisition
  • Database query optimization for decision streams

Package Contents

  • Makefile: OpenWrt package definition for CrowdSec v1.7.4
  • files/: Configuration and init scripts
    • crowdsec.initd: Init script for service management
    • crowdsec.config: UCI configuration
    • crowdsec.defaults: Default configuration (uci-defaults)
  • patches/: Patches for OpenWrt compatibility
    • 001-fix_config_data_dir.patch: Fix data directory path for OpenWrt

Installation

# From SecuBox build environment
cd /home/reepost/CyberMindStudio/_files/secubox-openwrt
make package/secubox/secubox-app-crowdsec/compile V=s

# Install on router
opkg install crowdsec_1.7.4-1_*.ipk

Configuration

CrowdSec configuration files are located at:

  • Main config: /etc/crowdsec/config.yaml
  • Acquisition: /etc/crowdsec/acquis.yaml
  • Profiles: /etc/crowdsec/profiles.yaml
  • Local API: /etc/crowdsec/local_api_credentials.yaml

Data directory: /srv/crowdsec/data/

Service Management

# Start CrowdSec
/etc/init.d/crowdsec start

# Stop CrowdSec
/etc/init.d/crowdsec stop

# Restart CrowdSec
/etc/init.d/crowdsec restart

# Check status
/etc/init.d/crowdsec status

CLI Usage

CrowdSec CLI is available via cscli:

# Check version
cscli version

# List decisions
cscli decisions list

# View alerts
cscli alerts list

# Manage collections
cscli collections list
cscli collections install crowdsecurity/nginx

# Manage bouncers
cscli bouncers list
cscli bouncers add firewall-bouncer

Integration with SecuBox

This package integrates with:

  • luci-app-crowdsec-dashboard v0.5.0+
  • SecuBox Theme System
  • SecuBox Logging (secubox-log)

Dependencies

  • Go compiler (build-time)
  • SQLite3
  • OpenWrt base system

References

Changelog

v1.7.4-1 (2024-12-30)

  • Updated from v1.6.2 to v1.7.4
  • Added WAF/AppSec support
  • Improved syslog acquisition
  • Enhanced metrics export configuration
  • Fixed Prometheus cardinality issues

v1.6.2-1 (Previous)

  • Initial SecuBox integration
  • Basic OpenWrt compatibility patches

License

MIT License

Maintainer

CyberMind.fr - Gandalf gandalf@gk2.net