gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ccccd3d93b
secubox-openwrt/package/secubox/secubox-dpi-dual/files/etc/config/dpi-dual
CyberMind-FR ccccd3d93b feat(dpi-dual): Add WAF auto-ban tuning system 
- UCI config: Add scoring section with event weights, sensitivity presets,
  whitelist, and decay options
- dpi-correlator: Load scoring weights from UCI, apply sensitivity
  multipliers, check whitelist before auto-ban, periodic reputation decay
- CLI: New 'tune', 'whitelist', 'decay' commands for runtime configuration
- RPCD: 6 new methods - get_tuning, set_tuning, whitelist_add/remove/list,
  reset_reputation
- ACL: Added permissions for new tuning methods

Sensitivity presets:
- low (0.7x) - fewer false positives
- medium (1.0x) - balanced (default)
- high (1.3x) - aggressive detection

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-03-15 15:37:55 +01:00

73 lines
1.9 KiB
Plaintext
Raw Blame History

config global 'settings'
option enabled '1'
option mode 'dual'
option correlation '1'
option stats_dir '/tmp/secubox'
option flow_dir '/tmp/dpi-flows'
config mitm 'mitm'
option enabled '1'
option buffer_size '1000'
option async_analysis '1'
option replay_on_alert '1'
option buffer_dir '/tmp/dpi-buffer'
config tap 'tap'
option enabled '1'
option interface 'tap0'
option mirror_source 'eth0'
option mirror_mode 'software'
option flow_retention '300'
option netifyd_instance 'tap'
config correlation 'correlation'
option enabled '1'
option window '60'
option output '/tmp/secubox/correlated-threats.json'
option watch_crowdsec '1'
option auto_ban '0'
option auto_ban_threshold '80'
option auto_ban_duration '4h'
option notifications '1'
option notification_threshold '70'
option reputation_decay '5'
option decay_interval '3600'
# Sensitivity preset: low, medium, high, custom
option sensitivity 'medium'
# Event scoring weights (used when sensitivity=custom)
config scoring 'scoring'
option waf_block '25'
option waf_alert '15'
option crowdsec_ban '30'
option dpi_threat '20'
option scanner '35'
option brute_force '40'
option default '10'
# Sensitivity presets
# low: fewer false positives, only clear threats trigger ban
# medium: balanced detection (default)
# high: aggressive, more false positives but catches more threats
# Whitelist - IPs that should never be auto-banned
config whitelist 'whitelist'
list ip '127.0.0.1'
list ip '192.168.255.1'
# Add trusted IPs here:
# list ip '10.0.0.0/8'
# list ip '192.168.0.0/16'
# LAN TAP - Real-time passive flow analysis
# No MITM, no caching - just nDPI flow monitoring
config lan 'lan'
option enabled '1'
option interface 'br-lan'
option realtime '1'
option track_clients '1'
option track_destinations '1'
option track_protocols '1'
option aggregate_interval '5'
option client_retention '3600'
option netifyd_instance 'lan'
Reference in New Issue View Git Blame Copy Permalink