gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c5c488b7cb
secubox-openwrt/README.md
CyberMind-FR 760408c36f feat(p2p): Release v0.6.0 - MirrorBox NetMesh Catalog 
- Distributed service registry with HAProxy vhost discovery
- Multi-endpoint URLs (haproxy/mesh/local) per service
- DNS federation for mesh peers (*.sb.local via dnsmasq)
- Catalog tab with service filtering and QR codes
- Linked peers navigation panel
- Tools panel with DNS management

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-31 11:56:18 +01:00

309 lines
11 KiB
Markdown
Raw Blame History

# SecuBox - Security Suite for OpenWrt
**Version:** 0.17.0 🎉 **First Public Release**
**Last Updated:** 2026-01-31
**Status:** Production Ready
**Modules:** 38 LuCI Applications
[![Build OpenWrt Packages](https://github.com/CyberMind-FR/secubox-openwrt/actions/workflows/build-openwrt-packages.yml/badge.svg)](https://github.com/CyberMind-FR/secubox-openwrt/actions/workflows/build-openwrt-packages.yml)
[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](LICENSE)
[![Release](https://img.shields.io/github/v/release/CyberMind-FR/secubox-openwrt?include_prereleases&label=release)](https://github.com/CyberMind-FR/secubox-openwrt/releases)
## 🎉 First Public Release
SecuBox v0.17.0 marks the **First Public Release** of the project. All core features are now stable and ready for production deployment.
### What's Ready
-**38 LuCI modules** — Complete security and network management suite
-**Three-Loop Security Architecture** — Operational, Tactical, and Strategic defense layers
-**CrowdSec Integration** — Real-time threat intelligence and automated blocking
-**Deep Packet Inspection** — netifyd/nDPId protocol analysis
-**WireGuard VPN** — Encrypted mesh connectivity
-**Multi-architecture support** — ARM64, ARM32, MIPS, x86
### Coming Next (v0.18+)
- 🔵 **P2P Hub** — Decentralized threat intelligence sharing
- 🔵 **did:plc Identity** — Self-sovereign node identity for trust networks
---
## Overview
SecuBox is a comprehensive security and network management suite for OpenWrt, providing a unified ecosystem of 38 specialized dashboards and tools. All modules are compiled automatically for multiple OpenWrt architectures via GitHub Actions.
**Website:** [secubox.maegia.tv](https://secubox.maegia.tv)
**Publisher:** [CyberMind.fr](https://cybermind.fr)
---
## Three-Loop Security Architecture
SecuBox implements a **Three-Loop Security Model** for defense in depth:
```
┌────────────────────────────────────────────────────────┐
│ LOOP 3: STRATEGIC │
│ (Hours → Days) │
│ ┌────────────────────────────────────────────────┐ │
│ │ LOOP 2: TACTICAL │ │
│ │ (Minutes → Hours) │ │
│ │ ┌────────────────────────────────────────┐ │ │
│ │ │ LOOP 1: OPERATIONAL │ │ │
│ │ │ (Milliseconds → Seconds) │ │ │
│ │ │ DETECT → DECIDE → BLOCK │ │ │
│ │ └────────────────────────────────────────┘ │ │
│ │ CORRELATE → ANALYZE → ADAPT │ │
│ └────────────────────────────────────────────────┘ │
│ AGGREGATE → ANTICIPATE → EVOLVE │
└────────────────────────────────────────────────────────┘
```
| Loop | Function | SecuBox Modules |
|------|----------|-----------------|
| **Loop 1** | Real-time blocking | nftables/fw4, netifyd DPI, CrowdSec Bouncer |
| **Loop 2** | Pattern correlation | CrowdSec Agent/LAPI, Scenarios, Netdata |
| **Loop 3** | Threat intelligence | CrowdSec CAPI, Blocklists, P2P Hub (v0.18+) |
See [DOCS/THREE-LOOP-ARCHITECTURE.md](DOCS/THREE-LOOP-ARCHITECTURE.md) for detailed analysis.
---
## SecuBox Modules
### SecuBox Core (5 modules)
| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-secubox** | 0.7.1 | Central dashboard/Hub for all SecuBox modules |
| **luci-app-secubox-portal** | 0.7.0 | Unified entry point with tabbed navigation |
| **luci-app-secubox-admin** | 1.0.0 | Admin control center with appstore and monitoring |
| **luci-app-secubox-bonus** | 0.2.0 | Documentation, local repo, and app store |
| **luci-app-system-hub** | 0.5.1 | Central system control with logs and backup |
### Security & Threat Management (9 modules)
| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-crowdsec-dashboard** | 0.7.0 | Real-time CrowdSec security monitoring |
| **luci-app-secubox-security-threats** | 1.0.0 | Unified netifyd DPI + CrowdSec intelligence |
| **luci-app-client-guardian** | 0.4.0 | Network access, captive portal, parental controls |
| **luci-app-auth-guardian** | 0.4.0 | OAuth2/OIDC authentication, voucher system |
| **luci-app-exposure** | 1.0.0 | Service exposure manager |
| **luci-app-tor-shield** | 1.0.0 | Tor anonymization dashboard |
| **luci-app-mitmproxy** | 0.4.0 | HTTPS traffic inspection |
| **luci-app-cyberfeed** | 0.1.1 | Cyberpunk RSS feed aggregator |
| **luci-app-ksm-manager** | 0.4.0 | Cryptographic key/HSM management |
### Deep Packet Inspection (2 modules)
| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-ndpid** | 1.1.2 | nDPId deep packet inspection dashboard |
| **luci-app-secubox-netifyd** | 1.2.1 | netifyd DPI with real-time flow monitoring |
### Network & Connectivity (8 modules)
| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-vhost-manager** | 0.5.0 | Nginx reverse proxy with Let's Encrypt SSL |
| **luci-app-haproxy** | 1.0.0 | Load balancer with vhosts and SSL |
| **luci-app-wireguard-dashboard** | 0.7.0 | WireGuard VPN monitoring |
| **luci-app-network-modes** | 0.5.0 | Sniffer, AP, Relay, Router modes |
| **luci-app-network-tweaks** | 1.0.0 | Auto Proxy DNS & Hosts from vhosts |
| **luci-app-mqtt-bridge** | 0.4.0 | USB-to-MQTT IoT hub |
| **luci-app-cdn-cache** | 0.5.0 | Content delivery optimization |
| **luci-app-media-flow** | 0.6.4 | Streaming detection (Netflix, YouTube, Spotify) |
### Bandwidth & Traffic Management (2 modules)
| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-bandwidth-manager** | 0.5.0 | QoS rules, client quotas, SQM integration |
| **luci-app-traffic-shaper** | 0.4.0 | TC/CAKE traffic shaping |
### Content & Web Platforms (5 modules)
| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-gitea** | 1.0.0 | Gitea Platform management |
| **luci-app-hexojs** | 1.0.0 | Hexo static site generator |
| **luci-app-metabolizer** | 1.0.0 | Metabolizer CMS support |
| **luci-app-magicmirror2** | 0.4.0 | MagicMirror2 smart display |
| **luci-app-mmpm** | 0.2.0 | MagicMirror Package Manager |
### AI/LLM & Analytics (4 modules)
| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-localai** | 0.1.0 | LocalAI LLM management |
| **luci-app-ollama** | 0.1.0 | Ollama LLM management |
| **luci-app-glances** | 1.0.0 | Glances system monitoring |
| **luci-app-netdata-dashboard** | 0.5.0 | Real-time Netdata monitoring |
### Streaming & Data Processing (2 modules)
| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-streamlit** | 1.0.0 | Streamlit Platform management |
| **luci-app-picobrew** | 1.0.0 | PicoBrew Server management |
### IoT & Smart Devices (1 module)
| Module | Version | Description |
|--------|---------|-------------|
| **luci-app-zigbee2mqtt** | 1.0.0 | Zigbee2MQTT docker management |
---
## Supported Architectures
### ARM 64-bit (AArch64)
| Target | Devices |
|--------|---------|
| `aarch64-cortex-a53` | ESPRESSObin, BananaPi R64 |
| `aarch64-cortex-a72` | MOCHAbin, Raspberry Pi 4, NanoPi R4S |
| `mediatek-filogic` | GL.iNet MT3000, BananaPi R3 |
| `rockchip-armv8` | NanoPi R4S/R5S, FriendlyARM |
| `bcm27xx-bcm2711` | Raspberry Pi 4, Compute Module 4 |
### ARM 32-bit
| Target | Devices |
|--------|---------|
| `arm-cortex-a7-neon` | Orange Pi, BananaPi, Allwinner |
| `arm-cortex-a9-neon` | Linksys WRT, Turris Omnia |
| `qualcomm-ipq40xx` | Google WiFi, Zyxel NBG6617 |
### MIPS
| Target | Devices |
|--------|---------|
| `mips-24kc` | TP-Link Archer, Ubiquiti |
| `mipsel-24kc` | Xiaomi, GL.iNet, Netgear |
### x86
| Target | Devices |
|--------|---------|
| `x86-64` | PC, VMs, Docker, Proxmox |
---
## Installation
### From Pre-built Packages
Download from [GitHub Releases](https://github.com/CyberMind-FR/secubox-openwrt/releases):
```bash
opkg update
opkg install luci-app-secubox-portal_*.ipk
opkg install luci-app-system-hub_*.ipk
opkg install luci-app-crowdsec-dashboard_*.ipk
```
### Build from Source
```bash
# Clone into OpenWrt SDK
cd ~/openwrt-sdk/package/
git clone https://github.com/CyberMind-FR/secubox-openwrt.git secubox
# Build
cd ~/openwrt-sdk/
make package/secubox/luci-app-secubox-portal/compile V=s
```
### Add as OpenWrt Feed
Add to `feeds.conf.default`:
```
src-git secubox https://github.com/CyberMind-FR/secubox-openwrt.git
```
Then:
```bash
./scripts/feeds update secubox
./scripts/feeds install -a -p secubox
make menuconfig # Select modules under LuCI > Applications
make V=s
```
---
## Repository Structure
```
secubox-openwrt/
├── package/secubox/ # All 38 SecuBox LuCI packages
├── secubox-tools/ # Build tools and local SDK
├── DOCS/ # Documentation
│ ├── THREE-LOOP-ARCHITECTURE.md # Security model analysis
│ ├── DEVELOPMENT-GUIDELINES.md
│ ├── QUICK-START.md
│ └── VALIDATION-GUIDE.md
└── .github/workflows/ # CI/CD
```
---
## OpenWrt Compatibility
| Version | Status | Package Format |
|---------|--------|----------------|
| 25.x | Testing | `.apk` |
| 24.10.x | **Recommended** | `.ipk` |
| 23.05.x | Supported | `.ipk` |
---
## Roadmap
| Phase | Version | Status | Focus |
|-------|---------|--------|-------|
| **Core Mesh** | v0.17 | ✅ Released | Loops 1+2 complete |
| **Service Mesh** | v0.18 | 🔵 In Progress | P2P Hub foundation |
| **Intelligence Mesh** | v0.19 | ⚪ Planned | Full P2P intelligence |
| **AI Mesh** | v0.20 | ⚪ Planned | ML in Loop 2 |
| **Certification** | v1.0 | ⚪ Planned | ANSSI certification |
---
## Links
* **Website**: [secubox.maegia.tv](https://secubox.maegia.tv)
* **GitHub**: [github.com/CyberMind-FR/secubox-openwrt](https://github.com/CyberMind-FR/secubox-openwrt)
* **Publisher**: [CyberMind.fr](https://cybermind.fr)
* **Issues**: [GitHub Issues](https://github.com/CyberMind-FR/secubox-openwrt/issues)
---
## License
Apache-2.0 © 2024-2026 CyberMind.fr
---
## Contributing
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Commit your changes (`git commit -m 'Add amazing feature'`)
4. Push to the branch (`git push origin feature/amazing-feature`)
5. Open a Pull Request
---
## Author
**Gandalf** - [CyberMind.fr](https://cybermind.fr)
**Ex Tenebris, Lux Securitas**
🇫🇷 Made with love in France
Reference in New Issue View Git Blame Copy Permalink