secubox-openwrt/package/secubox/secubox-auth-logger/files/99-secubox-auth-logger

#!/bin/sh
# SecuBox Auth Logger - Post-install configuration
# Enables verbose logging for uhttpd and configures CrowdSec

# Note: Dropbear 2024.86 does NOT support -v flag
# Auth monitoring relies on parsing existing syslog messages
# The auth-monitor.sh script watches logread for auth failures

# Enable uhttpd syslog for LuCI login monitoring
if [ -f /etc/config/uhttpd ]; then
    uci set uhttpd.main.syslog='1'
    uci commit uhttpd
    /etc/init.d/uhttpd restart 2>/dev/null
fi

# Create auth log file for secubox-auth-logger
touch /var/log/secubox-auth.log
chmod 644 /var/log/secubox-auth.log

# Restart CrowdSec to pick up new acquisition/parser/scenario
if [ -x /etc/init.d/crowdsec ]; then
    /etc/init.d/crowdsec restart 2>/dev/null
fi

exit 0