gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ae26317815
secubox-openwrt/package/secubox/luci-app-crowdsec-dashboard/htdocs/luci-static/resources/view/crowdsec-dashboard/alerts.js
CyberMind-FR 56d45fe7c2 feat(waf): Add sensitivity-based auto-ban system with CrowdSec integration 
WAF Auto-ban Features:
- Three sensitivity levels: aggressive, moderate, permissive
- Aggressive: Immediate ban on first critical threat
- Moderate: Ban after 3 attempts in 5 minutes (default)
- Permissive: Ban after 5 attempts in 1 hour
- Attempt tracking with configurable thresholds

Critical threats (immediate in aggressive/moderate):
- CVE exploits, SQL injection, Command injection
- XXE, Log4Shell, SSTI attacks

CrowdSec Integration:
- Auto-ban requests written to /srv/mitmproxy/autoban-requests.log
- Cron job processes bans every minute via mitmproxyctl
- Bans sent to CrowdSec for network-wide enforcement

New Commands:
- mitmproxyctl process-autoban: Process pending bans
- mitmproxyctl reload-autoban: Reload config after UCI changes

CrowdSec Dashboard:
- Added ban button to alerts page
- Modal confirmation with 24h ban duration
- Real-time banned IP tracking

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 13:40:52 +01:00

244 lines
7.4 KiB
JavaScript
Raw Blame History

'use strict';
'require view';
'require dom';
'require poll';
'require ui';
'require crowdsec-dashboard.api as api';
return view.extend({
alerts: [],
bannedIPs: new Set(),
load: function() {
var self = this;
var link = document.createElement('link');
link.rel = 'stylesheet';
link.href = L.resource('crowdsec-dashboard/dashboard.css');
document.head.appendChild(link);
// Load both alerts and current decisions to know which IPs are already banned
return Promise.all([
api.getAlerts(100).catch(function() { return []; }),
api.getDecisions().catch(function() { return []; })
]).then(function(results) {
var decisions = results[1];
// Track banned IPs
if (Array.isArray(decisions)) {
decisions.forEach(function(d) {
if (d.decisions) {
d.decisions.forEach(function(dec) {
if (dec.value) self.bannedIPs.add(dec.value);
});
} else if (d.value) {
self.bannedIPs.add(d.value);
}
});
}
return results[0];
});
},
render: function(data) {
var self = this;
this.alerts = Array.isArray(data) ? data : (data.alerts || []);
var view = E('div', { 'class': 'cs-view' }, [
E('div', { 'class': 'cs-header' }, [
E('div', { 'class': 'cs-title' }, 'CrowdSec Alerts'),
E('div', { 'class': 'cs-status' }, [
E('span', { 'class': 'cs-badge ' + (this.alerts.length > 0 ? 'warning' : 'success') },
this.alerts.length + ' alerts')
])
]),
this.renderNav('alerts'),
E('div', { 'class': 'cs-stats' }, this.renderStats()),
E('div', { 'class': 'cs-card' }, [
E('div', { 'class': 'cs-card-header' }, [
'Security Alerts',
E('input', {
'type': 'text', 'class': 'cs-input', 'id': 'alert-search',
'placeholder': 'Search...', 'style': 'width: 150px;',
'keyup': function() { self.filterAlerts(); }
})
]),
E('div', { 'class': 'cs-card-body', 'id': 'alerts-list' }, this.renderAlerts(this.alerts))
])
]);
poll.add(L.bind(this.pollData, this), 30);
return view;
},
renderNav: function(active) {
var tabs = [
{ id: 'overview', label: 'Overview' },
{ id: 'alerts', label: 'Alerts' },
{ id: 'decisions', label: 'Decisions' },
{ id: 'bouncers', label: 'Bouncers' },
{ id: 'settings', label: 'Settings' }
];
return E('div', { 'class': 'cs-nav' }, tabs.map(function(t) {
return E('a', {
'href': L.url('admin/secubox/security/crowdsec/' + t.id),
'class': active === t.id ? 'active' : ''
}, t.label);
}));
},
renderStats: function() {
var scenarios = {}, countries = {};
this.alerts.forEach(function(a) {
var s = a.scenario || 'unknown';
scenarios[s] = (scenarios[s] || 0) + 1;
var c = (a.source && (a.source.cn || a.source.country)) || 'Unknown';
countries[c] = (countries[c] || 0) + 1;
});
var topScenario = Object.entries(scenarios).sort(function(a, b) { return b[1] - a[1]; })[0];
return [
E('div', { 'class': 'cs-stat warning' }, [
E('div', { 'class': 'cs-stat-value' }, String(this.alerts.length)),
E('div', { 'class': 'cs-stat-label' }, 'Total Alerts')
]),
E('div', { 'class': 'cs-stat' }, [
E('div', { 'class': 'cs-stat-value' }, String(Object.keys(scenarios).length)),
E('div', { 'class': 'cs-stat-label' }, 'Scenarios')
]),
E('div', { 'class': 'cs-stat' }, [
E('div', { 'class': 'cs-stat-value' }, String(Object.keys(countries).length)),
E('div', { 'class': 'cs-stat-label' }, 'Countries')
]),
E('div', { 'class': 'cs-stat danger' }, [
E('div', { 'class': 'cs-stat-value' }, topScenario ? api.parseScenario(topScenario[0]).split(' ')[0] : '-'),
E('div', { 'class': 'cs-stat-label' }, 'Top Threat')
])
];
},
renderAlerts: function(alerts) {
var self = this;
if (!alerts.length) {
return E('div', { 'class': 'cs-empty' }, 'No alerts');
}
return E('table', { 'class': 'cs-table' }, [
E('thead', {}, E('tr', {}, [
E('th', {}, 'Time'),
E('th', {}, 'Source'),
E('th', {}, 'Country'),
E('th', {}, 'Scenario'),
E('th', {}, 'Events'),
E('th', { 'style': 'width: 80px;' }, 'Action')
])),
E('tbody', {}, alerts.slice(0, 50).map(function(a) {
var src = a.source || {};
var ip = src.ip || '';
var country = src.cn || src.country || '';
var isBanned = self.bannedIPs.has(ip);
return E('tr', {}, [
E('td', { 'class': 'cs-time' }, api.formatRelativeTime(a.created_at)),
E('td', {}, E('span', { 'class': 'cs-ip' }, ip || '-')),
E('td', {}, [
E('span', { 'class': 'cs-flag' }, api.getCountryFlag(country)),
' ', country
]),
E('td', {}, E('span', { 'class': 'cs-scenario' }, api.parseScenario(a.scenario))),
E('td', {}, String(a.events_count || 0)),
E('td', {}, ip ? self.renderBanButton(ip, a.scenario, isBanned) : '-')
]);
}))
]);
},
renderBanButton: function(ip, scenario, isBanned) {
var self = this;
if (isBanned) {
return E('button', {
'class': 'cbi-button cbi-button-neutral',
'style': 'padding: 2px 8px; font-size: 11px;',
'disabled': 'disabled',
'title': 'Already banned'
}, 'Banned');
}
return E('button', {
'class': 'cbi-button cbi-button-negative',
'style': 'padding: 2px 8px; font-size: 11px;',
'click': function(ev) {
ev.preventDefault();
self.banIP(ip, scenario);
},
'title': 'Ban this IP for 24 hours'
}, 'Ban');
},
banIP: function(ip, scenario) {
var self = this;
var reason = 'Manual ban from alert: ' + (scenario || 'unknown');
ui.showModal('Ban IP', [
E('p', {}, 'Ban ' + ip + ' for 24 hours?'),
E('p', { 'style': 'font-size: 12px; color: #666;' }, 'Reason: ' + reason),
E('div', { 'class': 'right' }, [
E('button', {
'class': 'cbi-button',
'click': ui.hideModal
}, 'Cancel'),
' ',
E('button', {
'class': 'cbi-button cbi-button-negative',
'click': function() {
ui.hideModal();
ui.showModal('Banning...', [
E('p', { 'class': 'spinning' }, 'Adding ban for ' + ip + '...')
]);
api.addBan(ip, '24h', reason).then(function(result) {
ui.hideModal();
if (result && result.success !== false) {
self.bannedIPs.add(ip);
ui.addNotification(null, E('p', {}, 'IP ' + ip + ' has been banned for 24 hours'), 'success');
// Refresh the alerts list
var el = document.getElementById('alerts-list');
if (el) dom.content(el, self.renderAlerts(self.alerts));
} else {
ui.addNotification(null, E('p', {}, 'Failed to ban IP: ' + (result.error || 'Unknown error')), 'error');
}
}).catch(function(err) {
ui.hideModal();
ui.addNotification(null, E('p', {}, 'Failed to ban IP: ' + err), 'error');
});
}
}, 'Ban')
])
]);
},
filterAlerts: function() {
var query = (document.getElementById('alert-search').value || '').toLowerCase();
var filtered = this.alerts.filter(function(a) {
if (!query) return true;
var src = a.source || {};
var fields = [src.ip, a.scenario, src.country, src.cn].join(' ').toLowerCase();
return fields.includes(query);
});
var el = document.getElementById('alerts-list');
if (el) dom.content(el, this.renderAlerts(filtered));
},
pollData: function() {
var self = this;
return api.getAlerts(100).then(function(data) {
self.alerts = Array.isArray(data) ? data : (data.alerts || []);
var el = document.getElementById('alerts-list');
if (el) dom.content(el, self.renderAlerts(self.alerts));
});
},
handleSaveApply: null,
handleSave: null,
handleReset: null
});
Reference in New Issue View Git Blame Copy Permalink