gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ae26317815
secubox-openwrt/package/secubox/secubox-p2p/root/etc/uci-defaults/99-secubox-p2p-api
CyberMind-FR 1652b39137 feat(p2p): Add decentralized threat intelligence sharing via mesh 
Share CrowdSec bans and mitmproxy detections between mesh nodes using
the existing blockchain chain + gossip sync. Received IOCs from trusted
peers are auto-applied as CrowdSec decisions based on a three-tier trust
model (direct/transitive/unknown).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-03 11:13:51 +01:00

67 lines
2.2 KiB
Bash
Raw Blame History

#!/bin/sh
# Configure uhttpd instance for P2P REST API and Factory UI on port 7331
# - Static files served from /www (includes /factory/index.html)
# - CGI scripts executed from /www/api/* (includes /api/factory/*)
# Check if p2p_api instance already exists
if ! uci -q get uhttpd.p2p_api >/dev/null 2>&1; then
uci set uhttpd.p2p_api=uhttpd
uci set uhttpd.p2p_api.listen_http='0.0.0.0:7331'
uci set uhttpd.p2p_api.home='/www'
uci set uhttpd.p2p_api.cgi_prefix='/api'
uci set uhttpd.p2p_api.index_page='index.html'
uci set uhttpd.p2p_api.no_symlinks='0'
uci set uhttpd.p2p_api.no_dirlists='1'
uci set uhttpd.p2p_api.script_timeout='60'
uci set uhttpd.p2p_api.network_timeout='30'
uci commit uhttpd
else
# Update existing config to fix paths
uci set uhttpd.p2p_api.home='/www'
uci set uhttpd.p2p_api.cgi_prefix='/api'
uci set uhttpd.p2p_api.index_page='index.html'
uci delete uhttpd.p2p_api.alias 2>/dev/null || true
uci commit uhttpd
fi
# Add firewall rule for P2P API port (LAN only by default)
if ! uci show firewall 2>/dev/null | grep -q "P2P-API"; then
uci add firewall rule
uci set firewall.@rule[-1].name='P2P-API'
uci set firewall.@rule[-1].src='lan'
uci set firewall.@rule[-1].dest_port='7331'
uci set firewall.@rule[-1].proto='tcp'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='1'
uci commit firewall
fi
# Add mDNS firewall rule if not exists
if ! uci show firewall 2>/dev/null | grep -q "mDNS"; then
uci add firewall rule
uci set firewall.@rule[-1].name='mDNS'
uci set firewall.@rule[-1].src='lan'
uci set firewall.@rule[-1].dest_port='5353'
uci set firewall.@rule[-1].proto='udp'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='1'
uci commit firewall
fi
# Add threat-intel cron jobs if not already present
CRONTAB="/etc/crontabs/root"
[ -f "$CRONTAB" ] || touch "$CRONTAB"
if ! grep -q "threat-intel.sh collect-and-publish" "$CRONTAB" 2>/dev/null; then
echo "*/15 * * * * /usr/lib/secubox/threat-intel.sh collect-and-publish" >> "$CRONTAB"
fi
if ! grep -q "threat-intel.sh apply-pending" "$CRONTAB" 2>/dev/null; then
echo "*/30 * * * * /usr/lib/secubox/threat-intel.sh apply-pending" >> "$CRONTAB"
fi
# Restart cron if running
/etc/init.d/cron restart 2>/dev/null || true
exit 0
Reference in New Issue View Git Blame Copy Permalink