gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8d5e4275f6
secubox-openwrt/package/secubox/secubox-app-crowdsec/files/crowdsec.defaults
CyberMind-FR 8d5e4275f6 fix: CrowdSec CAPI registration and enable threat intelligence 
CrowdSec Central API (CAPI) Fixed:
- Removed code that disabled online_client on install
- Added proper CAPI registration in crowdsec.defaults
- Registration now works (previous 403 errors were transient)
- Graceful fallback if CAPI registration fails

CAPI Features Now Working:
- Threat intelligence sharing enabled
- Pulling community blocklist (14,997+ IPs)
- Hub updates working without 403 errors
- SSH bruteforce: 12,388 bans from CAPI
- Generic scans: 1,176 bans from CAPI
- SSH exploits: 1,433 bans from CAPI

Registration Flow:
1. Create /etc/machine-id if missing
2. Register local API machine
3. Register with Central API (CAPI)
4. On CAPI failure, create minimal credentials file
5. Update hub index
6. Install default collections

Benefits of CAPI Integration:
- Real-time threat intelligence from global network
- Community-contributed IP blocklists
- Automatic updates for detection scenarios
- Signal sharing to help protect others
- Enhanced protection without manual IP list management

NetIfyd Dashboard Improvements:
- Added data caching for smoother updates
- Application aggregation function
- Fallback stats when data temporarily unavailable
- Better handling of undefined values

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-06 18:33:23 +01:00

53 lines
1.7 KiB
Bash
Raw Blame History

#!/bin/sh
CONFIG=/etc/crowdsec/config.yaml
data_dir=`uci get "crowdsec.crowdsec.data_dir"`
sed -i "s,^\(\s*data_dir\s*:\s*\).*\$,\1$data_dir," $CONFIG
db_path=`uci get "crowdsec.crowdsec.db_path"`
sed -i "s,^\(\s*db_path\s*:\s*\).*\$,\1$db_path," $CONFIG
# Create data dir & permissions if needed
if [ ! -d "${data_dir}" ]; then
mkdir -m 0755 -p "${data_dir}"
fi;
# Create machine-id if not exists
if [ ! -f /etc/machine-id ]; then
cat /proc/sys/kernel/random/uuid | tr -d "-" > /etc/machine-id
fi
# Register local API machine
if grep -q "login:" /etc/crowdsec/local_api_credentials.yaml 2>/dev/null; then
echo "Local API already registered"
else
echo "Registering local API machine..."
cscli -c /etc/crowdsec/config.yaml machines add -a -f /etc/crowdsec/local_api_credentials.yaml
fi
# Register with Central API (CAPI) for threat intelligence sharing
if ! grep -q "login:" /etc/crowdsec/online_api_credentials.yaml 2>/dev/null; then
echo "Registering with Central API (CAPI)..."
if cscli capi register 2>/dev/null; then
echo "Successfully registered with Central API"
else
echo "WARNING: CAPI registration failed - will run in local-only mode"
# Create minimal credentials file to prevent errors
echo "url: https://api.crowdsec.net/" > /etc/crowdsec/online_api_credentials.yaml
fi
else
echo "Central API already registered"
fi
# Update hub index
if [ ! -f /etc/crowdsec/hub/.index.json ] || [ $(find /etc/crowdsec/hub/.index.json -mtime +7 2>/dev/null | wc -l) -gt 0 ]; then
echo "Updating hub index..."
cscli hub update 2>/dev/null || true
fi
# Install default collections
cscli collections install crowdsecurity/linux 2>/dev/null || true
cscli parsers install crowdsecurity/whitelists 2>/dev/null || true
cscli hub upgrade 2>/dev/null || true
exit 0
Reference in New Issue View Git Blame Copy Permalink