CyberMind-FR
ccfb58124c
Add complete French (fr) and Chinese (zh) translations for all documentation: - Root files: README, CHANGELOG, SECURITY, BETA-RELEASE - docs/: All 16 core documentation files - DOCS/: All 19 deep-dive documents including embedded/ and archive/ - package/secubox/: All 123+ package READMEs - Misc: secubox-tools/, scripts/, EXAMPLES/, config-backups/, streamlit-apps/ Total: 346 translation files created Each file includes language switcher links for easy navigation between English, French, and Chinese versions. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
105 lines
2.8 KiB
Markdown
105 lines
2.8 KiB
Markdown
# SecuBox CVE Triage Agent
|
||
|
||
:globe_with_meridians: **语言:** [English](README.md) | [Français](README.fr.md) | 中文
|
||
|
||
SecuBox 的 AI 驱动 CVE 分析和漏洞管理工具。
|
||
|
||
## 功能特性
|
||
|
||
- **自动 CVE 扫描**:监控已安装的软件包(opkg、LXC、Docker)
|
||
- **NVD 集成**:从 NIST NVD API 获取最新漏洞信息
|
||
- **CrowdSec 关联**:匹配与 CVE 相关的 CrowdSec 警报
|
||
- **AI 分析**:由 LocalAI 提供的影响评估和建议
|
||
- **审批工作流**:基于队列的关键变更补丁审批
|
||
- **多源监控**:opkg 软件包、LXC 容器、Docker 镜像
|
||
|
||
## CLI 参考
|
||
|
||
```bash
|
||
# 状态和监控
|
||
cve-triage status # Agent 状态
|
||
cve-triage scan # 扫描已安装的软件包
|
||
cve-triage fetch # 获取最新 CVE 数据
|
||
cve-triage run # 完整分类周期
|
||
|
||
# CVE 分析
|
||
cve-triage analyze CVE-2024-1234 # 分析特定 CVE
|
||
|
||
# 建议管理
|
||
cve-triage list-pending # 列出待处理的建议
|
||
cve-triage approve <id> # 批准建议
|
||
cve-triage reject <id> # 拒绝建议
|
||
cve-triage approve-all # 批准所有待处理建议
|
||
|
||
# 警报
|
||
cve-triage alerts # 显示活动警报
|
||
|
||
# 报告
|
||
cve-triage summary # 安全摘要
|
||
cve-triage export # 导出完整报告(JSON)
|
||
|
||
# 守护进程
|
||
cve-triage daemon # 作为后台守护进程运行
|
||
```
|
||
|
||
## 配置
|
||
|
||
编辑 `/etc/config/cve-triage`:
|
||
|
||
```uci
|
||
config cve-triage 'main'
|
||
option enabled '1'
|
||
option interval '3600' # 分类间隔(秒)
|
||
option localai_url 'http://127.0.0.1:8081'
|
||
option localai_model 'tinyllama-1.1b-chat-v1.0.Q4_K_M'
|
||
option min_severity 'high' # low/medium/high/critical
|
||
option affected_only '1' # 仅影响已安装软件包的 CVE
|
||
option auto_apply_patches '0' # 将补丁排队等待审批
|
||
option min_confidence '80' # AI 置信度阈值
|
||
```
|
||
|
||
## 数据流
|
||
|
||
```
|
||
1. 收集
|
||
├─ opkg list-installed
|
||
├─ LXC 容器软件包(dpkg/apk)
|
||
└─ Docker 镜像
|
||
|
||
2. 获取 CVE
|
||
├─ NVD API(最近 7 天,高严重性)
|
||
└─ CrowdSec CVE 警报
|
||
|
||
3. 匹配
|
||
└─ CVE 描述 ↔ 软件包名称
|
||
|
||
4. 分析(LocalAI)
|
||
├─ 影响评估
|
||
├─ OpenWrt 相关性
|
||
└─ 操作建议
|
||
|
||
5. 建议
|
||
├─ patch:opkg upgrade <pkg>
|
||
├─ mitigate:手动步骤
|
||
└─ monitor:无需操作
|
||
|
||
6. 审批/应用
|
||
├─ 自动应用(如果启用)
|
||
└─ 排队等待审核
|
||
```
|
||
|
||
## LocalAI 集成
|
||
|
||
需要 LocalAI 在 `http://127.0.0.1:8081` 运行。
|
||
|
||
如果没有 LocalAI,Agent 将使用基于 CVSS 的基本分析。
|
||
|
||
## 文件
|
||
|
||
- `/etc/config/cve-triage` - 配置
|
||
- `/var/lib/cve-triage/` - 状态和建议
|
||
- `/var/cache/cve-triage/` - CVE 数据缓存
|
||
- `/var/lib/cve-triage/pending_actions.json` - 审批队列
|
||
|
||
## 属于 SecuBox v0.19 AI Gateway
|