gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ae26317815
secubox-openwrt/package/secubox/secubox-dns-guard/files/etc/config/dns-guard
CyberMind-FR 0e0749ed08 feat: Add threat-analyst, dns-guard, mcp-server and DNS provider DynDNS 
New packages:
- secubox-threat-analyst: AI-powered threat analysis with CrowdSec integration
- luci-app-threat-analyst: LuCI dashboard for threat intelligence
- secubox-dns-guard: DNS security monitoring and blocking
- secubox-mcp-server: Model Context Protocol server for AI assistant integration

Enhancements:
- dns-provider: Add DynDNS support (dyndns, get, update, domains commands)
- gandi.sh: Full DynDNS with WAN IP detection and record updates
- luci-app-dnsguard: Upgrade to v1.1.0 with improved dashboard

Infrastructure:
- BIND9 DNS setup for secubox.in with CAA records
- Wildcard SSL certificates via DNS-01 challenge
- HAProxy config fixes for secubox.in subdomains
- Mail server setup with Roundcube webmail

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 08:30:28 +01:00

80 lines
2.4 KiB
Plaintext
Raw Blame History

config dns-guard 'main'
option enabled '1'
option interval '60'
option localai_url 'http://127.0.0.1:8081'
option localai_model 'tinyllama-1.1b-chat-v1.0.Q4_K_M'
# Auto-apply generated blocklists (0=queue for approval, 1=auto-apply)
option auto_apply_blocks '0'
# Minimum confidence score (0-100) to generate blocks
option min_confidence '80'
# Maximum domains to block per cycle
option max_blocks_per_cycle '10'
# Alert retention (hours)
option alert_retention '24'
# Detection modules
config detector 'dga'
option enabled '1'
option description 'Domain Generation Algorithm detection'
# Minimum entropy threshold for DGA detection (0.0-4.0)
option entropy_threshold '3.2'
# Minimum domain length for DGA candidate
option min_length '12'
config detector 'tunneling'
option enabled '1'
option description 'DNS tunneling and exfiltration detection'
# Maximum legitimate subdomain length
option max_subdomain_length '63'
# Maximum TXT record query rate per minute
option txt_rate_limit '10'
config detector 'rate_anomaly'
option enabled '1'
option description 'Unusual query rate detection'
# Queries per minute threshold per client
option queries_per_minute '100'
# Unique domains per minute threshold
option unique_domains_per_minute '50'
config detector 'known_bad'
option enabled '1'
option description 'Known malicious domain detection'
# Path to blocklist files (space-separated)
option blocklist_paths '/etc/dns-guard/blocklists'
config detector 'tld_anomaly'
option enabled '1'
option description 'Unusual TLD pattern detection'
# Suspicious TLDs (comma-separated)
option suspicious_tlds 'xyz,top,club,work,date,loan,racing,download,review,click,bid,stream,gdn,icu'
# Query log source
config source 'dnsmasq'
option enabled '1'
option type 'dnsmasq'
# dnsmasq must be configured with log-queries
option log_facility '/var/log/dnsmasq.log'
# Output: dnsmasq blocklist
config target 'dnsmasq_blocklist'
option enabled '1'
option type 'dnsmasq'
option output_path '/etc/dnsmasq.d/dns-guard-blocklist.conf'
option reload_cmd '/etc/init.d/dnsmasq restart'
# Output: AdGuard Home blocklist
config target 'adguardhome_blocklist'
option enabled '0'
option type 'adguardhome'
option output_path '/etc/adguardhome/filters/dns-guard.txt'
option reload_cmd 'killall -HUP AdGuardHome'
# Queue for pending blocks (approval workflow)
config queue 'pending'
option path '/var/lib/dns-guard/pending_blocks.json'
Reference in New Issue View Git Blame Copy Permalink