secubox-openwrt

History

CyberMind-FR 7b67b0329a feat(mitmproxy): Integrate threat detection with CrowdSec for auto-banning - Change analytics addon to write threats to /data/threats.log (bind-mounted to host) - Add CrowdSec acquisition config to read from /srv/mitmproxy/threats.log - Add parser for mitmproxy JSON threat logs with source_ip in Meta - Add scenarios for web attacks, scanners, SSRF, and CVE exploits - Update RPCD to read alerts from host-visible path without lxc-attach This enables automatic IP banning when mitmproxy detects: - SQL injection, XSS, command injection (capacity: 3, ban: 15m) - Path traversal, XXE, LDAP injection, Log4Shell - Aggressive web scanning (capacity: 10, ban: 10m) - SSRF attempts from external IPs (capacity: 5, ban: 10m) - Known CVE exploits (immediate trigger, ban: 30m) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-31 18:49:14 +01:00
..
luci.mitmproxy	feat(mitmproxy): Integrate threat detection with CrowdSec for auto-banning	2026-01-31 18:49:14 +01:00

CyberMind-FR 7b67b0329a feat(mitmproxy): Integrate threat detection with CrowdSec for auto-banning

- Change analytics addon to write threats to /data/threats.log (bind-mounted to host)
- Add CrowdSec acquisition config to read from /srv/mitmproxy/threats.log
- Add parser for mitmproxy JSON threat logs with source_ip in Meta
- Add scenarios for web attacks, scanners, SSRF, and CVE exploits
- Update RPCD to read alerts from host-visible path without lxc-attach

This enables automatic IP banning when mitmproxy detects:
- SQL injection, XSS, command injection (capacity: 3, ban: 15m)
- Path traversal, XXE, LDAP injection, Log4Shell
- Aggressive web scanning (capacity: 10, ban: 10m)
- SSRF attempts from external IPs (capacity: 5, ban: 10m)
- Known CVE exploits (immediate trigger, ban: 30m)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-31 18:49:14 +01:00

luci.mitmproxy

feat(mitmproxy): Integrate threat detection with CrowdSec for auto-banning

2026-01-31 18:49:14 +01:00