gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ae26317815
secubox-openwrt/package/secubox/secubox-app-auth-logger/files/99-secubox-app-auth-logger
CyberMind-FR e62919eec7 refactor(packages): Rename and reorganize SecuBox packages 
- Rename crowdsec-firewall-bouncer to secubox-app-cs-firewall-bouncer
- Rename secubox-auth-logger to secubox-app-auth-logger
- Delete secubox-crowdsec-setup (merged into other packages)
- Fix circular dependencies in luci-app-secubox-crowdsec
- Fix dependency chain in secubox-app-crowdsec-bouncer
- Add consolidated get_overview API to crowdsec-dashboard
- Improve crowdsec-dashboard overview performance

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-15 10:42:52 +01:00

117 lines
4.7 KiB
Bash
Raw Blame History

#!/bin/sh
# SecuBox Auth Logger - Post-install configuration
# Patches LuCI dispatcher to log auth failures for CrowdSec
# Copyright (C) 2024 CyberMind.fr
LOG_FILE="/var/log/secubox-auth.log"
DISPATCHER="/usr/share/ucode/luci/dispatcher.uc"
JS_HOOK='<script src="/luci-static/resources/secubox/secubox-auth-hook.js"></script>'
HOOK_MARKER="secubox-auth-hook"
AUTH_LOG_MARKER="_secubox_auth_log"
# Enable uhttpd syslog for LuCI login monitoring
if [ -f /etc/config/uhttpd ]; then
uci set uhttpd.main.syslog='1'
uci commit uhttpd
/etc/init.d/uhttpd restart 2>/dev/null
fi
# Create auth log file for CrowdSec
touch "$LOG_FILE"
chmod 644 "$LOG_FILE"
# Patch the LuCI dispatcher to log authentication failures
# This is the reliable server-side solution that works with modern LuCI (ucode)
patch_dispatcher() {
if [ ! -f "$DISPATCHER" ]; then
echo "Warning: LuCI dispatcher not found at $DISPATCHER"
return 1
fi
# Check if already patched
if grep -q "$AUTH_LOG_MARKER" "$DISPATCHER" 2>/dev/null; then
echo "Dispatcher already patched for auth logging"
return 0
fi
# Find the line with "if (!session)" - this is where auth failures happen
# We insert logging code right after this condition
if grep -q "if (!session)" "$DISPATCHER"; then
# Create backup
cp "$DISPATCHER" "${DISPATCHER}.bak"
# Insert auth failure logging code after "if (!session) {"
# Simple format without timestamp - CrowdSec parser matches the message content
# Format: secubox-auth[pid]: authentication failure for <user> from <ip> via luci
sed -i 's/if (!session) {/if (!session) { let _secubox_auth_log = open("\/var\/log\/secubox-auth.log", "a"); if (_secubox_auth_log) { _secubox_auth_log.write("secubox-auth[1]: authentication failure for " + (user || "root") + " from " + (http.getenv("REMOTE_ADDR") || "unknown") + " via luci\\n"); _secubox_auth_log.close(); }/' "$DISPATCHER"
echo "Dispatcher patched for auth failure logging"
return 0
else
echo "Warning: Could not find auth check in dispatcher"
return 1
fi
}
# Inject JS hook into LuCI theme header (backup method)
# This provides client-side detection as a fallback
inject_js_hook() {
# Method 1: Modern LuCI (ucode templates) - openwrt2020 theme
if [ -f /usr/share/ucode/luci/template/themes/openwrt2020/header.ut ]; then
if ! grep -q "$HOOK_MARKER" /usr/share/ucode/luci/template/themes/openwrt2020/header.ut 2>/dev/null; then
sed -i "s|</head>|$JS_HOOK</head>|" /usr/share/ucode/luci/template/themes/openwrt2020/header.ut 2>/dev/null
fi
fi
# Method 2: Modern LuCI (ucode templates) - bootstrap theme
if [ -f /usr/share/ucode/luci/template/themes/bootstrap/header.ut ]; then
if ! grep -q "$HOOK_MARKER" /usr/share/ucode/luci/template/themes/bootstrap/header.ut 2>/dev/null; then
sed -i "s|</head>|$JS_HOOK</head>|" /usr/share/ucode/luci/template/themes/bootstrap/header.ut 2>/dev/null
fi
fi
# Method 3: Legacy LuCI (Lua templates) - bootstrap theme
if [ -f /usr/lib/lua/luci/view/themes/bootstrap/header.htm ]; then
if ! grep -q "$HOOK_MARKER" /usr/lib/lua/luci/view/themes/bootstrap/header.htm 2>/dev/null; then
sed -i "s|</head>|$JS_HOOK\n</head>|" /usr/lib/lua/luci/view/themes/bootstrap/header.htm 2>/dev/null
fi
fi
# Method 4: Legacy LuCI (Lua templates) - material theme
if [ -f /usr/lib/lua/luci/view/themes/material/header.htm ]; then
if ! grep -q "$HOOK_MARKER" /usr/lib/lua/luci/view/themes/material/header.htm 2>/dev/null; then
sed -i "s|</head>|$JS_HOOK\n</head>|" /usr/lib/lua/luci/view/themes/material/header.htm 2>/dev/null
fi
fi
# Method 5: Legacy LuCI (Lua templates) - openwrt theme
if [ -f /usr/lib/lua/luci/view/themes/openwrt/header.htm ]; then
if ! grep -q "$HOOK_MARKER" /usr/lib/lua/luci/view/themes/openwrt/header.htm 2>/dev/null; then
sed -i "s|</head>|$JS_HOOK\n</head>|" /usr/lib/lua/luci/view/themes/openwrt/header.htm 2>/dev/null
fi
fi
# Method 6: Legacy LuCI sysauth view (fallback)
if [ -f /usr/lib/lua/luci/view/sysauth.htm ]; then
if ! grep -q "$HOOK_MARKER" /usr/lib/lua/luci/view/sysauth.htm 2>/dev/null; then
sed -i "s|</head>|$JS_HOOK\n</head>|" /usr/lib/lua/luci/view/sysauth.htm 2>/dev/null
fi
fi
}
# Main installation
patch_dispatcher
inject_js_hook
# Restart rpcd to load new ubus object
if [ -x /etc/init.d/rpcd ]; then
/etc/init.d/rpcd restart 2>/dev/null
fi
# Restart CrowdSec to pick up new acquisition/parser/scenario
if [ -x /etc/init.d/crowdsec ]; then
/etc/init.d/crowdsec restart 2>/dev/null
fi
exit 0
Reference in New Issue View Git Blame Copy Permalink