CyberMind-FR
a8eb8b1271
P2P Mesh Intelligence implementation: - Add ZKP trust bonus (+20) for verified peers in IOC validation - Create blockchain.sh for permanent threat_ioc and ioc_feedback blocks - Create feedback.sh for IOC effectiveness tracking and reputation updates - Enhance gossip.sh IOC handler with ZKP-validated trust checks - Add SCORE_IOC_EFFECTIVE (+5) and SCORE_IOC_FALSE_POSITIVE (-8) to reputation - Add zkp_trust_bonus and feedback config options fix(mailserver): Correct vmail UID from 102 to 5000 Dovecot was using wrong UID (102/redis instead of 5000/vmail) causing permission denied errors when accessing mailboxes. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
176 lines
6.0 KiB
Bash
176 lines
6.0 KiB
Bash
#!/bin/sh
|
|
# P2P Intel Blockchain - Permanent IOC recording on mesh blockchain
|
|
# Records threat_ioc and ioc_feedback blocks for audit trail
|
|
|
|
. /usr/lib/secubox/p2p-mesh.sh 2>/dev/null
|
|
|
|
CHAIN_FILE="/srv/secubox/mesh/chain.json"
|
|
INTEL_DIR="/var/lib/p2p-intel"
|
|
PROCESSED_BLOCKS="$INTEL_DIR/processed-blocks.list"
|
|
|
|
# Initialize blockchain integration
|
|
blockchain_init() {
|
|
mkdir -p "$INTEL_DIR"
|
|
[ -f "$PROCESSED_BLOCKS" ] || touch "$PROCESSED_BLOCKS"
|
|
}
|
|
|
|
# Record IOC batch to blockchain
|
|
# Usage: blockchain_record_iocs '<iocs_json_array>' '<source_did>'
|
|
blockchain_record_iocs() {
|
|
local iocs_json="$1"
|
|
local source_did="$2"
|
|
|
|
[ -z "$iocs_json" ] && return 1
|
|
[ "$iocs_json" = "[]" ] && return 0
|
|
|
|
local timestamp=$(date +%s)
|
|
local node_id=$(cat /srv/secubox/mesh/node.id 2>/dev/null || echo "unknown")
|
|
local ioc_count=$(echo "$iocs_json" | jsonfilter -e '@[*]' 2>/dev/null | wc -l)
|
|
|
|
[ "$ioc_count" -eq 0 ] && return 0
|
|
|
|
# Build block data
|
|
local block_data="{\"version\":1,\"source\":\"$source_did\",\"count\":$ioc_count,\"iocs\":$iocs_json}"
|
|
local block_hash=$(echo "${block_data}${timestamp}${node_id}" | sha256sum | cut -d' ' -f1)
|
|
|
|
# Add to blockchain
|
|
if type chain_add_block >/dev/null 2>&1; then
|
|
chain_add_block "threat_ioc" "$block_data" "$block_hash"
|
|
logger -t p2p-intel "Recorded $ioc_count IOCs to blockchain (hash: ${block_hash:0:16})"
|
|
echo "$block_hash"
|
|
return 0
|
|
else
|
|
logger -t p2p-intel "Warning: chain_add_block not available"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
# Scan chain for unprocessed threat_ioc blocks from other nodes
|
|
# Returns: IOCs as JSON lines (one per line)
|
|
blockchain_scan_iocs() {
|
|
[ -f "$CHAIN_FILE" ] || return 0
|
|
[ -f "$PROCESSED_BLOCKS" ] || touch "$PROCESSED_BLOCKS"
|
|
|
|
local my_node=$(cat /srv/secubox/mesh/node.id 2>/dev/null)
|
|
|
|
jsonfilter -i "$CHAIN_FILE" -e '@.blocks[*]' 2>/dev/null | while read -r block; do
|
|
local btype=$(echo "$block" | jsonfilter -e '@.type' 2>/dev/null)
|
|
[ "$btype" = "threat_ioc" ] || continue
|
|
|
|
local bhash=$(echo "$block" | jsonfilter -e '@.hash' 2>/dev/null)
|
|
local bnode=$(echo "$block" | jsonfilter -e '@.node' 2>/dev/null)
|
|
|
|
# Skip own blocks
|
|
[ "$bnode" = "$my_node" ] && continue
|
|
|
|
# Skip already processed
|
|
grep -q "$bhash" "$PROCESSED_BLOCKS" 2>/dev/null && continue
|
|
|
|
# Extract source for trust checking
|
|
local source=$(echo "$block" | jsonfilter -e '@.data.source' 2>/dev/null)
|
|
|
|
# Output each IOC with source attribution
|
|
echo "$block" | jsonfilter -e '@.data.iocs[*]' 2>/dev/null | while read -r ioc; do
|
|
# Add source_node to IOC for trust tracking
|
|
echo "$ioc" | sed "s/}$/,\"source_node\":\"$source\"}/g"
|
|
done
|
|
|
|
# Mark as processed
|
|
echo "$bhash" >> "$PROCESSED_BLOCKS"
|
|
done
|
|
}
|
|
|
|
# Count unprocessed threat_ioc blocks
|
|
blockchain_pending_count() {
|
|
[ -f "$CHAIN_FILE" ] || { echo "0"; return; }
|
|
[ -f "$PROCESSED_BLOCKS" ] || touch "$PROCESSED_BLOCKS"
|
|
|
|
local my_node=$(cat /srv/secubox/mesh/node.id 2>/dev/null)
|
|
local count=0
|
|
|
|
jsonfilter -i "$CHAIN_FILE" -e '@.blocks[*]' 2>/dev/null | while read -r block; do
|
|
local btype=$(echo "$block" | jsonfilter -e '@.type' 2>/dev/null)
|
|
[ "$btype" = "threat_ioc" ] || continue
|
|
|
|
local bhash=$(echo "$block" | jsonfilter -e '@.hash' 2>/dev/null)
|
|
local bnode=$(echo "$block" | jsonfilter -e '@.node' 2>/dev/null)
|
|
|
|
[ "$bnode" = "$my_node" ] && continue
|
|
grep -q "$bhash" "$PROCESSED_BLOCKS" 2>/dev/null && continue
|
|
|
|
count=$((count + 1))
|
|
done
|
|
|
|
echo "$count"
|
|
}
|
|
|
|
# Record IOC feedback to chain (effectiveness tracking)
|
|
# Usage: blockchain_record_feedback '<ioc_hash>' '<feedback_type>' '<details>'
|
|
# feedback_type: "effective" or "false_positive"
|
|
blockchain_record_feedback() {
|
|
local ioc_hash="$1"
|
|
local feedback_type="$2"
|
|
local details="${3:-}"
|
|
|
|
[ -z "$ioc_hash" ] || [ -z "$feedback_type" ] && return 1
|
|
|
|
local timestamp=$(date +%s)
|
|
local node_id=$(cat /srv/secubox/mesh/node.id 2>/dev/null || echo "unknown")
|
|
|
|
local block_data="{\"ioc_hash\":\"$ioc_hash\",\"feedback\":\"$feedback_type\",\"reporter\":\"$node_id\",\"details\":\"$details\",\"ts\":$timestamp}"
|
|
local block_hash=$(echo "${block_data}${timestamp}" | sha256sum | cut -d' ' -f1)
|
|
|
|
if type chain_add_block >/dev/null 2>&1; then
|
|
chain_add_block "ioc_feedback" "$block_data" "$block_hash"
|
|
logger -t p2p-intel "Recorded IOC feedback: $ioc_hash -> $feedback_type"
|
|
echo "$block_hash"
|
|
return 0
|
|
else
|
|
logger -t p2p-intel "Warning: chain_add_block not available"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
# Get feedback statistics from blockchain
|
|
blockchain_feedback_stats() {
|
|
[ -f "$CHAIN_FILE" ] || { echo '{"effective":0,"false_positive":0}'; return; }
|
|
|
|
local effective=0
|
|
local false_positive=0
|
|
|
|
jsonfilter -i "$CHAIN_FILE" -e '@.blocks[*]' 2>/dev/null | while read -r block; do
|
|
local btype=$(echo "$block" | jsonfilter -e '@.type' 2>/dev/null)
|
|
[ "$btype" = "ioc_feedback" ] || continue
|
|
|
|
local feedback=$(echo "$block" | jsonfilter -e '@.data.feedback' 2>/dev/null)
|
|
case "$feedback" in
|
|
effective) effective=$((effective + 1)) ;;
|
|
false_positive) false_positive=$((false_positive + 1)) ;;
|
|
esac
|
|
done
|
|
|
|
echo "{\"effective\":$effective,\"false_positive\":$false_positive}"
|
|
}
|
|
|
|
# Get threat_ioc block count
|
|
blockchain_ioc_block_count() {
|
|
[ -f "$CHAIN_FILE" ] || { echo "0"; return; }
|
|
|
|
jsonfilter -i "$CHAIN_FILE" -e '@.blocks[*].type' 2>/dev/null | grep -c "threat_ioc" || echo "0"
|
|
}
|
|
|
|
# Clean old processed blocks list (keep last 1000)
|
|
blockchain_cleanup() {
|
|
[ -f "$PROCESSED_BLOCKS" ] || return 0
|
|
|
|
local lines=$(wc -l < "$PROCESSED_BLOCKS")
|
|
if [ "$lines" -gt 1000 ]; then
|
|
tail -n 1000 "$PROCESSED_BLOCKS" > "$PROCESSED_BLOCKS.tmp"
|
|
mv "$PROCESSED_BLOCKS.tmp" "$PROCESSED_BLOCKS"
|
|
logger -t p2p-intel "Cleaned processed blocks list (kept last 1000)"
|
|
fi
|
|
}
|
|
|
|
# Initialize on source
|
|
blockchain_init
|