gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ae26317815
secubox-openwrt/package/secubox/luci-app-secubox-security-threats/root/etc/config/secubox_security_threats
CyberMind-FR b610239551 ok
2026-01-08 09:08:46 +01:00

60 lines
2.0 KiB
Plaintext
Raw Blame History

# SecuBox Security Threats Dashboard Configuration
# Auto-blocking rules and whitelist configuration
config global 'global'
option enabled '1'
option history_retention_days '7'
option refresh_interval '10'
option auto_block_enabled '1'
option log_threats '1'
# High-priority: Block malware indicators
config block_rule 'malware_high'
option name 'Block Malware Indicators'
option enabled '1'
option threat_types 'malware'
option risk_flags 'MALICIOUS_JA3,SUSPICIOUS_DGA_DOMAIN,SUSPICIOUS_ENTROPY,POSSIBLE_EXPLOIT'
option action 'ban'
option duration '24h'
option threshold '60'
option description 'Automatically block hosts with malware signatures (JA3, DGA domains, suspicious entropy)'
# Medium-priority: Block web attacks
config block_rule 'web_attacks'
option name 'Block Web Attacks'
option enabled '1'
option threat_types 'web_attack'
option risk_flags 'URL_POSSIBLE_SQL_INJECTION,URL_POSSIBLE_XSS,URL_POSSIBLE_RCE_INJECTION'
option action 'ban'
option duration '12h'
option threshold '40'
option description 'Block SQL injection, XSS, and RCE attempts'
# Low-priority: Block protocol threats (disabled by default)
config block_rule 'protocol_threats'
option name 'Block Unauthorized Protocols'
option enabled '0'
option threat_types 'protocol'
option risk_flags ''
option action 'ban'
option duration '4h'
option threshold '20'
option description 'Block unauthorized protocols like BitTorrent, Mining, Tor (disabled by default)'
# Network anomalies (disabled by default - may generate false positives)
config block_rule 'network_anomalies'
option name 'Block Network Anomalies'
option enabled '0'
option threat_types 'anomaly'
option risk_flags 'RISKY_ASN,RISKY_DOMAIN,DNS_SUSPICIOUS_TRAFFIC'
option action 'ban'
option duration '6h'
option threshold '50'
option description 'Block connections from risky ASNs/domains and suspicious DNS traffic'
# Example whitelist entry (commented out)
# config whitelist 'admin_workstation'
# option ip '192.168.1.100'
# option reason 'Admin workstation - never block'
# option added_at '2026-01-07T15:00:00Z'
Reference in New Issue View Git Blame Copy Permalink