gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c8a5e1c19a
secubox-openwrt/package/secubox/secubox-app-device-intel/CONTINUE.md
CyberMind-FR 57db9cfb40 feat: Add device-intel and dns-provider packages 
Add 4 new packages implementing unified device intelligence and
DNS provider API management:

- secubox-app-dns-provider: dnsctl CLI with OVH, Gandi, Cloudflare
  adapters for DNS record CRUD, HAProxy vhost sync, propagation
  verification, and ACME DNS-01 wildcard certificate issuance
- luci-app-dns-provider: RPCD handler + LuCI views for provider
  settings and DNS record management
- secubox-app-device-intel: Aggregation layer merging mac-guardian,
  client-guardian, DHCP, P2P mesh, and exposure data with heuristic
  classification engine and USB/MQTT/Zigbee emulator modules
- luci-app-device-intel: RPCD handler + 5 LuCI views (dashboard,
  devices, emulators, mesh, settings) with shared API and CSS

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 15:47:20 +01:00

1.9 KiB
Raw Blame History

secubox-app-device-intel — Continue / Next Steps

Immediate Next Steps

  1. Test on router: Deploy all files, verify device-intelctl list returns aggregated data from available sources
  2. Test LuCI dashboard: Verify stat cards, type distribution, source chips render correctly
  3. Test device table: Verify filters, edit modal, detail modal work end-to-end
  4. Test USB emulator: Plug in USB device, verify it appears in device-intelctl list

Phase 2: Emulator Polish

  1. MQTT emulator: Install mosquitto, connect test client, verify discovery
  2. Zigbee emulator: Configure zigbee2mqtt, pair test device, verify API discovery
  3. Emulator caching: Add per-module cache files with independent TTLs
  4. Emulator error handling: Graceful fallback when broker/bridge is unreachable

Phase 3: Cross-System Integration

  1. Exposure integration: Cross-reference device IPs with listening ports from /proc/net/tcp
  2. DNS provider flow: "Expose via DNS" button in device actions → dns-provider record creation
  3. CrowdSec integration: Pull threat alerts by IP → enrich device risk scores
  4. MAC Guardian events: Subscribe to new device events for real-time updates

Phase 4: Mesh Intelligence

  1. P2P device sharing: Remote RPCD call to peer nodes for their device inventories
  2. Aggregate mesh view: Combine local + all remote device lists
  3. Shared service mapping: Map devices to services they host across the mesh
  4. Topology visualization: Network map showing device relationships and connections

Phase 5: Advanced Classification

  1. Traffic analysis: Use netifyd/ndpi data for protocol-based classification
  2. DHCP fingerprinting: Parse DHCP options (vendor class, parameter request list) for device identification
  3. BLE/Thread emulators: Extend to Bluetooth LE and Thread/Matter devices
  4. Custom rules UI: LuCI form for creating/editing device type rules