CyberMind-FR
7ff9ee3805
Correlation Library (correlation-lib.sh): - IP reputation tracking with configurable decay - Full context gathering from MITM, DPI, WAF streams - CrowdSec decision checking and notification - Correlation entry builder with rich context Enhanced Correlator (dpi-correlator v2): - Watches WAF alerts, CrowdSec decisions, DPI flows - Auto-ban for high-reputation IPs (threshold: 80) - Notification queue for high-severity threats - CLI: correlate, reputation, context, search, stats LuCI Timeline View: - Correlation timeline with colored event cards - IP context modal showing MITM requests + WAF alerts - Quick ban button with CrowdSec integration - Search by IP functionality - Stats: total, high-threat, banned, unique IPs RPCD Methods (8 new): - get_correlation_stats, get_ip_context, get_ip_reputation - get_timeline, search_correlations, ban_ip, set_auto_ban UCI Config: auto_ban, auto_ban_threshold, notifications Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
53 lines
1.5 KiB
Makefile
53 lines
1.5 KiB
Makefile
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=secubox-dpi-dual
|
|
PKG_VERSION:=1.0.0
|
|
PKG_RELEASE:=1
|
|
|
|
PKG_MAINTAINER:=SecuBox <secubox@gk2.net>
|
|
PKG_LICENSE:=GPL-3.0
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
define Package/secubox-dpi-dual
|
|
SECTION:=secubox
|
|
CATEGORY:=SecuBox
|
|
SUBMENU:=Security
|
|
TITLE:=Dual-Stream DPI (MITM + Passive TAP)
|
|
DEPENDS:=+netifyd +iproute2-tc +jsonfilter +coreutils-stat
|
|
PKGARCH:=all
|
|
endef
|
|
|
|
define Package/secubox-dpi-dual/description
|
|
Dual-stream Deep Packet Inspection architecture:
|
|
- Stream 1 (MITM): HAProxy + mitmproxy with double buffer
|
|
- Stream 2 (TAP): tc mirred + netifyd passive analysis
|
|
- Correlation engine for unified threat analytics
|
|
endef
|
|
|
|
define Package/secubox-dpi-dual/conffiles
|
|
/etc/config/dpi-dual
|
|
endef
|
|
|
|
define Package/secubox-dpi-dual/install
|
|
$(INSTALL_DIR) $(1)/etc/config
|
|
$(INSTALL_CONF) ./files/etc/config/dpi-dual $(1)/etc/config/
|
|
|
|
$(INSTALL_DIR) $(1)/etc/init.d
|
|
$(INSTALL_BIN) ./files/etc/init.d/dpi-dual $(1)/etc/init.d/
|
|
|
|
$(INSTALL_DIR) $(1)/usr/sbin
|
|
$(INSTALL_BIN) ./files/usr/sbin/dpi-dualctl $(1)/usr/sbin/
|
|
$(INSTALL_BIN) ./files/usr/sbin/dpi-flow-collector $(1)/usr/sbin/
|
|
$(INSTALL_BIN) ./files/usr/sbin/dpi-correlator $(1)/usr/sbin/
|
|
|
|
$(INSTALL_DIR) $(1)/usr/lib/dpi-dual
|
|
$(INSTALL_BIN) ./files/usr/lib/dpi-dual/mirror-setup.sh $(1)/usr/lib/dpi-dual/
|
|
$(INSTALL_DATA) ./files/usr/lib/dpi-dual/correlation-lib.sh $(1)/usr/lib/dpi-dual/
|
|
|
|
$(INSTALL_DIR) $(1)/srv/mitmproxy/addons
|
|
$(INSTALL_DATA) ./files/srv/mitmproxy/addons/dpi_buffer.py $(1)/srv/mitmproxy/addons/
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,secubox-dpi-dual))
|