CyberMind-FR
0f4649c1e0
secubox-config-advisor: - 7 check categories (network, firewall, auth, encryption, services, logging, updates) - 25+ security rules with severity-weighted scoring (0-100, grade A-F) - Auto-remediation for 7 checks with dry-run mode - LocalAI integration for AI-powered suggestions - config-advisorctl CLI with 20+ commands luci-app-config-advisor: - Dashboard with score circle, grade, risk level, compliance rate - Compliance view by category with pass/fail/warn badges - Remediation view with apply/preview buttons - Settings for framework, weights, categories, LocalAI Part of v1.0.0 ANSSI CSPN certification roadmap. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
61 lines
1.9 KiB
Makefile
61 lines
1.9 KiB
Makefile
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=secubox-config-advisor
|
|
PKG_VERSION:=0.1.0
|
|
PKG_RELEASE:=1
|
|
|
|
PKG_MAINTAINER:=SecuBox Team <dev@secubox.io>
|
|
PKG_LICENSE:=GPL-3.0
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
define Package/secubox-config-advisor
|
|
SECTION:=secubox
|
|
CATEGORY:=SecuBox
|
|
TITLE:=Configuration Security Advisor
|
|
DEPENDS:=+jsonfilter +curl +openssl-util
|
|
PKGARCH:=all
|
|
endef
|
|
|
|
define Package/secubox-config-advisor/description
|
|
AI-powered configuration security advisor for SecuBox.
|
|
Features:
|
|
- ANSSI CSPN compliance checking
|
|
- Security hardening recommendations
|
|
- Configuration drift detection
|
|
- Risk scoring and prioritization
|
|
- LocalAI integration for intelligent analysis
|
|
- Automated remediation suggestions
|
|
endef
|
|
|
|
define Package/secubox-config-advisor/conffiles
|
|
/etc/config/config-advisor
|
|
endef
|
|
|
|
define Build/Compile
|
|
endef
|
|
|
|
define Package/secubox-config-advisor/install
|
|
$(INSTALL_DIR) $(1)/etc/config
|
|
$(INSTALL_CONF) ./files/etc/config/config-advisor $(1)/etc/config/config-advisor
|
|
|
|
$(INSTALL_DIR) $(1)/etc/init.d
|
|
$(INSTALL_BIN) ./files/etc/init.d/config-advisor $(1)/etc/init.d/config-advisor
|
|
|
|
$(INSTALL_DIR) $(1)/usr/sbin
|
|
$(INSTALL_BIN) ./files/usr/sbin/config-advisorctl $(1)/usr/sbin/config-advisorctl
|
|
|
|
$(INSTALL_DIR) $(1)/usr/lib/config-advisor
|
|
$(INSTALL_DATA) ./files/usr/lib/config-advisor/checks.sh $(1)/usr/lib/config-advisor/checks.sh
|
|
$(INSTALL_DATA) ./files/usr/lib/config-advisor/anssi.sh $(1)/usr/lib/config-advisor/anssi.sh
|
|
$(INSTALL_DATA) ./files/usr/lib/config-advisor/scoring.sh $(1)/usr/lib/config-advisor/scoring.sh
|
|
$(INSTALL_DATA) ./files/usr/lib/config-advisor/remediate.sh $(1)/usr/lib/config-advisor/remediate.sh
|
|
|
|
$(INSTALL_DIR) $(1)/usr/share/config-advisor
|
|
$(INSTALL_DATA) ./files/usr/share/config-advisor/anssi-rules.json $(1)/usr/share/config-advisor/anssi-rules.json
|
|
|
|
$(INSTALL_DIR) $(1)/var/lib/config-advisor
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,secubox-config-advisor))
|