secubox/secubox-deb
1
0
Fork 0
mirror of https://github.com/CyberMind-FR/secubox-deb.git synced 2026-06-29 16:31:31 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: secubox:68490a4a9bf80bd036eaa6c6d424c603e33cb52f
Branches Tags
secubox:master
secubox:feature/appstore-phase-a
secubox:feature/gondwana-phase1-mesh
secubox:fix/remove-authelia-sso
secubox:feature/760-standardize-secubox-lan-to-192-168-10-0
secubox:fix/secubox-p2p-master-link-statedir
secubox:feature/761-fix-podcaster-audio-player-stops-every-f
secubox:feature/758-nft-based-network-stats-log-counter-drop
secubox:feature/748-enhanced-tow-boot-http-netboot-serial-fl
secubox:feature/738-aggregator-resilience-sweep-async-handle
secubox:feature/737-secubox-netboot-provisioning-reseau-over
secubox:feature/728-sovereign-threat-intel-drop-crowdsec-cap
secubox:feature/727-secubox-aggregator-auto-heal-watchdog-ti
secubox:feature/726-secubox-podcaster-modern-podcast-manager
secubox:fix/494-secubox-core-service-execstart-overrides
secubox:feature/65-fix-nginx-add-missing-api-routes-to-webu
secubox:fix/53-wazuh-uvicorn-process-causes-100-cpu-spi
secubox:fix/121-metablog-ingest-site-dirs-should-be-crea
secubox:feature/724-toolbox-banner-in-banner-r0-r3-level-swi
secubox:feature/722-dpi-phase-3-ndpid-daemon-ci-cross-build
secubox:feature/720-dpi-phase-3-per-device-daily-history-tim
secubox:feature/718-dpi-phase-3-asn-enrichment-classify-sni
secubox:feature/716-kbin-pdf-donut-grid-layout-broken-each-d
secubox:feature/714-kbin-pdf-charts-blank-in-some-viewers-re
secubox:feature/711-kbin-pdf-donut-charts-render-as-solid-pi
secubox:feature/709-kbin-pdf-integrate-carto-graph-emoji-dat
secubox:feature/707-kbin-report-cyberpunk-netrunner-characte
secubox:feature/705-dpi-report-shows-zeros-exfil-is-a-60s-sn
secubox:feature/703-kbin-pdf-render-visual-donut-charts-mitm
secubox:feature/701-kbin-pdf-report-include-dpi-exfil-stats
secubox:feature/699-kbin-report-tabbed-donut-stats-pistage-d
secubox:feature/697-sbxmitm-truncates-responses-8mib-large-g
secubox:feature/695-dpi-dashboard-fill-top-apps-protocols-ba
secubox:feature/692-dpi-beaconing-rule-fires-on-sub-second-a
secubox:feature/687-plan-full-flow-dpi-on-r3-ndpid-netifyd-p
secubox:feature/689-sbxmitm-forged-leaf-certs-expire-after-2
secubox:feature/683-plan-kbin-tor-endpoint-quick-switch-anon
secubox:fix/662-altsvc-strip
secubox:feat/662-client-geoflag
secubox:feat/662-inline-banner
secubox:feat/662-adlearn
secubox:feat/662-social-relay
secubox:feat/662-cumulative-live
secubox:feat/662-analysis-relay
secubox:feat/662-csp-demo
secubox:feat/662-utls-chrome
secubox:feat/662-adstats-popups
secubox:fix/662-no-follow-redirect
secubox:fix/662-gzip-banner
secubox:feat/662-cutover-fix
secubox:feat/662-transparent-machash
secubox:feat/662-phase5prep-pkg
secubox:feat/662-phase4-jar
secubox:feat/662-phase3-parity
secubox:feat/662-phase2b-bench
secubox:fix/662-restore-ng-source
secubox:feature/662-epic-migrate-toolbox-mitm-engine-off-pyt
secubox:fix/cap-lists-5
secubox:feature/659-feat-toolbox-per-visitor-ad-block-breakd
secubox:fix/ad-learn-self-block-hardening
secubox:feature/656-feat-toolbox-ad-intelligence-aggressive
secubox:fix/653-fix-toolbox-banner-reliability-inline-bu
secubox:feature/651-perf-toolbox-649-follow-up-broaden-splic
secubox:feature/649-perf-toolbox-selective-sni-splice-passth
secubox:fix/623-postinst-systemic-var-lib-log-cache-secu
secubox:feature/646-perf-toolbox-adaptive-accept-encoding-st
secubox:fix/644-hub-dashboard-latency-9-12s-per-module-s
secubox:fix/642-social-graph-ip-literal-self-traffic-rec
secubox:feature/634-toolbox-clients-reset-all-clients-reset
secubox:fix/639-toolbox-banner-injected-into-iframes-sub
secubox:fix/636-toolbox-r3-banner-stream-inject-loader-b
secubox:feature/633-anti-track-v2-layered-block-poison-anony
secubox:feature/630-make-live-ops-fixes-permanent-package-di
secubox:feature/628-hub-health-monitor-page-vital-common-ser
secubox:feature/626-haproxy-smart-self-healing-error-pages-5
secubox:feature/624-waf-robustness-package-self-healing-insp
secubox:feature/620-toolbox-ttfb-perf-stream-inject-async-pe
secubox:fix/619-hub-dashboard-services-cache-never-warms
secubox:feature/617-security-posture-full-rewrite-honest-boa
secubox:feature/615-security-posture-add-security-posture-to
secubox:feature/613-threat-analyst-add-country-flags-to-top
secubox:feature/611-threat-analyst-limit-recent-attacks-tabl
secubox:feature/609-waf-robust-route-propagation-dir-bind-mo
secubox:feature/607-waf-behind-waf-media-cache-image-video-s
secubox:feature/605-waf-refuse-unmapped-hosts-close-open-for
secubox:feature/603-waf-port-live-mitmproxy-fixes-to-source
secubox:feature/601-vm-vm-shows-0-containers-lxc-enumeration
secubox:feature/599-threat-analyst-ingest-real-crowdsec-aler
secubox:feature/597-threat-analyst-global-security-overview
secubox:fix/595-threat-analyst-service-ends-up-disabled
secubox:fix/593-webui-fix-metrics-mitm-0-wrong-unit-thre
secubox:fix/autolearn-exclude-antibot
secubox:feature/589-autolearn-bad-trackers-actors-from-threa
secubox:feature/587-eye-graph-domain-suffix-country-cloud-nu
secubox:feature/578-banner-shareable-top-1-pin-quick-button
secubox:feature/577-perf-video-photo-cdn-proxy-cache-shared
secubox:fix/ad-ghost-collapse-placeholders
secubox:feature/576-ad-ghost-replace-ghosted-ad-with-a-css-l
secubox:fix/581-postinst-portal-stays-dead-after-dpkg-up
secubox:fix/575-eye-graph-remove-hide-all-ip-nodes-count
secubox:feature/574-webext-popup-protection-stats-quick-filt
secubox:feature/572-banner-colorful-emoji-chip-guirlande-fla
secubox:feature/570-toolbox-mitm-dpi-media-type-statistifier
secubox:feature/568-webext-popup-cap-top-tracker-list-to-5-e
secubox:feature/566-r3-r4-silent-ad-banner-ghoster-economisa
secubox:feature/564-detect-antibot-split-deployment-vs-chall
secubox:feature/562-ca-fingerprint-surface-the-r3-ca-on-the
secubox:feature/560-toolbox-protective-mode-tracker-alerting
secubox:feature/558-apk-make-zero-tap-auto-run-robust-real-f
secubox:feature/555-favicons-of-major-sites-in-the-xpi-popup
secubox:feature/553-cartographie-graph-impact-sized-icon-bub
secubox:feature/549-social-tracker-domain-rollup-history-tim
secubox:feature/545-injected-banner-neon-tube-redesign-for-r
secubox:feature/551-android-apk-zero-tap-auto-run-silent-onb
secubox:feature/547-linux-firefox-installer-script-for-the-t
secubox:feature/543-kbin-landing-radical-simplify-livelier-f
secubox:feature/532-plan-browser-xpi-webextension-emancipate
secubox:feature/490-phase-2c-toolbox-receiving-modules-actua
secubox:feature/538-android-app-root-mode-fully-automated-si
secubox:feature/536-serve-the-android-toolbox-apk-from-the-t
secubox:feature/531-plan-android-apk-one-tap-toolbox-r3-clie
secubox:fix/509-waf-soc-perf-double-buffered-cache-memor
secubox:fix/503-ci-disable-espressobin-v7-ultra-image-bu
secubox:feature/501-mitm-wg-multi-worker-fanout
secubox:perf/500-captive-flags-and-addon-async
secubox:feature/500-landing-platform-install
secubox:perf/500-mitm-wg-h2-and-concurrency
secubox:feature/500-phase8-utiq-quickwin
secubox:fix/498-crowdsec-sudoers-status
secubox:fix/498-auth-perms-and-rw
secubox:fix/498-ntp-health-timesyncd
secubox:feature/498-lxc-wg-privileged
secubox:feature/498-lxc-cutover-nm-name
secubox:feature/498-mitm-lxc-hardening
secubox:fix/498-crowdsec-health
secubox:chore/498-version-bump-wip
secubox:feature/498-nm-keyfile
secubox:fix/498-toolbox-ratelimit
secubox:fix/498-cert-probe
secubox:fix/498-r3-probe-same-origin
secubox:fix/498-xff-r3-detect
secubox:fix/498-wg-dns-fix
secubox:feature/498-wg-boot-and-waf-history
secubox:feature/498-asgi-migrate
secubox:feature/498-asgi-consolidation
secubox:feature/498-phase-6Q-quickwins
secubox:feature/498-phase-7-waf-active-enforcement-mitm-crow
secubox:feature/496-phase-6-wireguard-mitm-autocert-mode-r3
secubox:feature/495-phase-5-toolbox-mitm-in-dedicated-lxc-co
secubox:feature/492-phase-3-toolbox-transparency-layer-white
secubox:feature/488-phase-2b-toolbox-wire-mitm-addons-to-rec
secubox:feature/486-toolbox-phase-2a-geoip-flags-asn-secubox
secubox:feature/485-toolbox-phase-2a-soc-scoring-multi-signa
secubox:fix/465-revert-dts-patch-004-revert-hardware-usb
secubox:fix/463-dts-enable-usb3-superspeed-on-mpcie-slot
secubox:fix/458-mochabin-btusb-claims-mt7632u-interface
secubox:feature/450-refactor-move-secubox-mesh-yggdrasil-vpn
secubox:fix/444-kiosk-enable-cursor-on-pi-400-remove-noc
secubox:fix/442-rpi400-image-mass-mask-non-essential-ser
secubox:fix/436-build-scripts-stub-systemctl-handle-rasp
secubox:fix/433-build-rpi-usb-sh-kiosk-install-silently
secubox:fix/431-ci-install-binutils-aarch64-linux-gnu-fo
secubox:feature/429-secubox-nextcloud-dashboard-api-renvoie
secubox:feature/427-ci-build-packages-yml-arm64-matrix-build
secubox:feature/425-secubox-sentinelle-gsm-arm64-build-fails
secubox:feature/423-build-rpi-usb-sh-kiosk-flag-is-a-stub-pa
secubox:fix/150-nftables-service-masked-at-boot-board-lo
secubox:feature/152-roundcube-in-mail-lxc-configure-sqlite-b
secubox:fix/394-nextcloud-remove-authelia-auth-request-f
secubox:feature/410-secubox-user-provisioning-push-master-us
secubox:feature/409-secubox-avatar-smart-media-cookie-hoster
secubox:feature/407-privilege-separated-cookie-install-root
secubox:feature/401-secubox-webext-firefox-webextension-comp
secubox:feature/402-secubox-avatar-peek-poke-credential-brok
secubox:feature/400-secubox-sso-lite-native-auth-request-ver
secubox:feature/397-rework-secubox-photoprism-native-lxc-ins
secubox:feature/388-rework-secubox-peertube-align-with-secub
secubox:feature/398-secubox-nextcloud-capture-photolibrary-e
secubox:fix/395-waf-cred-004-false-positive-on-nextcloud
secubox:fix/392-vhost-health-error-status-404-502-hidden
secubox:feature/391-package-the-gk2-ram-optimization-pattern
secubox:feature/390-peertube-url-backport-vhost-template-por
secubox:docs/389-navbar-resort-hardening-repo-into-root-c
secubox:feature/377-feat-fmrelay-stream-fm-rds-as-icecast-mo
secubox:feat/sentinelle-v0-4-0-rds-extension
secubox:feat/zigbee-v2-6-0-backup-restore
secubox:fix/core-lxc-autostart-wait-for-data
secubox:fix/zigbee-access-list-public-url
secubox:fix/hub-sidebar-precache-instant-render
secubox:feature/370-x64-netplan-profiles-static-ip-fallback
secubox:feat/threat-analyst-v1-4-0-actually-useful
secubox:feat/threat-analyst-v1-3-0-simple-rewrite
secubox:fix/threat-analyst-v1-2-0-jwt-noop
secubox:fix/threat-analyst-v1-1-3-nocache
secubox:fix/threat-analyst-v1-1-2-cors-credentials
secubox:fix/threat-analyst-v1-1-1-navbar-padding
secubox:fix/361-secubox-threat-analyst-v1-1-0-wire-metri
secubox:fix/360-fix-secubox-hub-soc-dashboard-card-metri
secubox:feature/357-secubox-sentinelle-gsm-v0-3-6-async-job
secubox:feature/356-secubox-sentinelle-gsm-v0-3-5-scan-auto
secubox:fix/354-secubox-sentinelle-gsm-v0-3-4-monkey-pat
secubox:feature/345-mochabin-mpcie-slot-j5-investigate-w-dis
secubox:fix/353-secubox-sentinelle-gsm-v0-3-3-drop-args
secubox:feature/319-data-essential-data-convention-audit-30
secubox:fix/286-haproxyctl-cmd-generate-drops-backend-de
secubox:feature/312-secubox-threats-rebuild-threats-as-the-c
secubox:feature/310-secubox-authelia-split-auth-control-dash
secubox:feature/306-consolidate-navbar-to-6-charter-categori
secubox:fix/303-secubox-zigbee-menu-d-80-zigbee-json-is
secubox:fix/301-secubox-dns-provider-add-provider-modal
secubox:fix/299-secubox-dns-provider-webui-add-provider
secubox:feature/297-kernel-build-github-actions-workflow-for
secubox:feature/295-kernel-build-add-config-zram-m-zstd-comp
secubox:fix/293-secubox-zigbee-zigbee-config-ui-hidden-u
secubox:fix/290-health-banner-remove-clickable-alert-lin
secubox:feature/289-secubox-zigbee-split-secubox-config-modu
secubox:feature/287-secubox-lyrion-move-public-vhost-from-ly
secubox:feature/284-secubox-nextcloud-ship-etc-secubox-nextc
secubox:fix/282-secubox-nextcloud-nextcloud-must-stay-th
secubox:feature/280-secubox-nextcloud-modernize-lxc-install
secubox:feature/278-secubox-authelia-own-the-sbx-auth-login
secubox:fix/274-secubox-authelia-verify-must-forward-x-o
secubox:fix/273-secubox-zigbee-secubox-lyrion-auth-redir
secubox:feature/272-secubox-authelia-session-cookies-must-in
secubox:feature/270-secubox-authelia-server-level-banner-sub
secubox:feature/268-secubox-authelia-x-forwarded-proto-must
secubox:feature/266-secubox-authelia-zigbee-lyrion-4-fixes-f
secubox:feature/264-secubox-zigbee-secubox-lyrion-swap-lan-o
secubox:feature/262-secubox-authelia-implement-verify-real-a
secubox:feature/260-secubox-lyrion-lan-only-gate-on-lyrion-l
secubox:fix/241-secubox-zigbee-v2.4.1-sonoff-mg21
secubox:feature/255-mochabin-dt-board-mpcie-slot-usb-pins-no
secubox:feature/237-secubox-sentinelle-gsm-passive-rx-sdr-se
secubox:feature/236-secubox-rbs-sensor-wall-opad-rogue-base
secubox:feature/241-secubox-zigbee-v2-4-0-rewrite-in-place-z
secubox:feature/240-secubox-mqtt-v2-4-0-rewrite-in-place-mos
secubox:feature/247-health-banner-clickable-cross-domain-lin
secubox:feature/246-secubox-yacy-nginx-vhost-missing-well-kn
secubox:feature/248-secubox-lyrion-expose-web-ui-on-lan-ip-1
secubox:feature/244-secubox-lyrion-lxc-host-lyrion-music-ser
secubox:feature/239-secubox-authelia-sso-idp-lxc-authelia-oi
secubox:feature/234-secubox-rustdesk-new-lxc-module-for-self
secubox:feature/232-secubox-yacy-new-lxc-module-for-peer-to
secubox:feature/230-secubox-grafana-new-lxc-module-for-secur
secubox:fix/228-missing-tools-on-images-secubox-flash-di
secubox:fix/226-bare-metal-x86-64-polish-gate-pi-hardwar
secubox:fix/224-kiosk-launcher-chromium-fails-on-debian
secubox:fix/222-login-redirect-loop-68-web-ui-files-stil
secubox:fix/220-secubox-health-doctor-duplicate-debhelpe
secubox:fix/218-build-image-sh-skips-debian-deps-python3
secubox:docs/216-docs-codify-the-secubox-grammar-modular
secubox:feature/214-health-doctor-drop-act-runner-arm64-from
secubox:feature/212-secubox-health-doctor-vital-services-hea
secubox:fix/210-firstboot-users-json-wrong-schema-sha256
secubox:fix/200-metablogizerctl-publish-should-orchestra
secubox:fix/207-eye-square-ship-firstboot-sh-outside-usr
secubox:fix/202-eye-square-debian-rules-content-drift-re
secubox:fix/203-ci-build-packages-discover-step-schedule
secubox:fix/201-secubox-eye-square-switch-to-architectur
secubox:feature/196-implement-secubox-droplet-cli-dropletctl
secubox:fix/197-api-v1-health-alias
secubox:fix/round-real-root-icons
secubox:fix/round-armv6-boot-services
secubox:fix/194-secubox-metrics-visitororigin-entries-em
secubox:feature/192-portal-regenerate-full-dashboard-navbar
secubox:feature/190-giteactl-runner-forge-runner-add-remove
secubox:feature/180-publishctl-rename-metactl-forge-post-nou
secubox:feature/182-streamlitctl-extend-lifecycle-only-ctl-w
secubox:feature/183-streamforgectl-forge-missing-ctl-streaml
secubox:feature/184-metablogizerctl-extend-reference-ctl-wit
secubox:feature/181-dropletctl-forge-missing-ctl-file-upload
secubox:feature/176-giteactl-forge-repo-mirror-add-remove-li
secubox:feature/177-ci-mirror-github-workflows-gitea-workflo
secubox:feature/173-mitmproxyctl-align-with-lxc-reality-add
secubox:fix/rpi4b-radar-arcs-top-centered
secubox:fix/170-cookie-audit-pipeline-hardening-apparmor
secubox:fix/167-secubox-hub-vs-secubox-portal-login-html
secubox:fix/163-triple-soc-location-duplicate-breaks-ngi
secubox:fix/162-secubox-core-postinst-overwrites-etc-ngi
secubox:feature/158-live-deploy-fixes-followup
secubox:feature/158-eye-remote-multi-gadget-l3-dhcp-server-o
secubox:fix/155-eye-remote-link-rename-collision-when-mu
secubox:feature/153-mail-stack-phase-2-rspamd-migration-roun
secubox:feature/156-cookie-audit-pipeline-rgpd-eprivacy-comp
secubox:feature/147-add-scripts-check-dashboard-cache-py-lin
secubox:feature/136-mail-stack-phase-1-source-catch-up-legac
secubox:fix/145-secubox-waf-apply-double-cache-pattern-o
secubox:feature/138-port-radar-concentric-into-secubox-commo
secubox:fix/139-round-image-usb0-otg-networking-dead-ifu
secubox:fix/133-remote-ui-square-4-bugs-caught-at-pi-4b
secubox:feature/127-add-remote-ui-square-variant-for-pi-4b-7
secubox:feature/127-phase3-python-kiosk
secubox:feature/127-phase2-square-variant
secubox:feature/120-auth-rework-secubox-users-as-identity-so
secubox:fix/124-build-live-usb-safety-protect-host-dev-f
secubox:feature/122-build-live-usb-sh-add-static-ip-hostname
secubox:fix/117-metablogizer-webhook-git-pull-fails-on-d
secubox:feature/113-metablogizer-deploy-webhook-sub-e-of-49
secubox:fix/114-secubox-hub-sidebar-enters-mobile-mode-o
secubox:fix/111-metablogizer-api-load-sites-called-repea
secubox:fix/109-metablogizer-api-sub-c-runtime-imports-f
secubox:fix/106-metablogizer-api-delete-site-name-fails
secubox:fix/105-metablogizer-ui-api-helper-swallows-res
secubox:feature/103-metablogizer-version-dashboard-ui-module
secubox:feature/101-metablogizer-site-json-schema-version-me
secubox:feature/95-streamlit-per-site-version-pinning-conta
secubox:feature/94-metablogizer-gitea-ingest-import-166-sit
secubox:feature/49-feat-metablogizer-streamlit-version-mana
secubox:fix/92-uvicorn-sibling-imports
secubox:feature/92-health-banner-visitor-origin-feed-anonym
secubox:feature/89-secubox-apt-clone-validate-implementatio
secubox:feature/license-headers-phase-a
secubox:feature/license-phase-b-full
secubox:feature/83-multi-agent-worktree-workflow
secubox:feature/eye-remote-auto-mode
secubox:feature/sync-workflow-eyemote
secubox:feature/multigadget-docs
secubox:v2.14.1
secubox:v2.14.0
secubox:android-v0.4.0
secubox:webext-v0.1.5
secubox:webext-v0.1.4
secubox:webext-v0.1.3
secubox:webext-v0.1.2
secubox:android-v0.3.0
secubox:android-v0.2.0
secubox:webext-v0.1.1
secubox:webext-v0.1.0
secubox:android-v0.1.0
secubox:v2.13.20
secubox:v2.13.19
secubox:v2.13.18
secubox:v2.13.17
secubox:v2.13.16
secubox:v2.13.15
secubox:v2.13.14
secubox:v2.13.13
secubox:v2.13.12
secubox:v2.13.11
secubox:v2.13.10
secubox:v2.13.9
secubox:v2.13.8
secubox:v2.13.7
secubox:v2.13.6
secubox:v2.13.5
secubox:v2.13.4
secubox:v2.13.3
secubox:v2.13.2
secubox:v2.13.1
secubox:v2.13.0
secubox:v2.12.18
secubox:v2.12.17
secubox:v2.12.16
secubox:v2.12.15
secubox:v2.12.14
secubox:v2.12.13
secubox:v2.12.12
secubox:v2.12.11
secubox:v2.12.10
secubox:v2.12.9
secubox:v2.12.8
secubox:v2.12.7
secubox:v2.12.6
secubox:v2.12.5
secubox:v2.12.4
secubox:v2.12.3
secubox:v2.12.2
secubox:v2.12.1
secubox:v2.12.0
secubox:v2.11.1
secubox:v2.11.0
secubox:v2.10.3
secubox:v2.10.2
secubox:v2.10.1
secubox:v2.10.0
secubox:v2.9.0
secubox:v2.2.1-eye-remote
secubox:v2.8.0
secubox:v2.7.3
secubox:v2.7.2
secubox:v2.7.1
secubox:v2.7.0
secubox:v2.6.1
secubox:v2.6.0
secubox:v2.5.0
secubox:v2.4.0
secubox:v2.3.0
secubox:v2.2.0
secubox:v2.1.1
secubox:v1.9.0
secubox:multiboot-v2.2.4-live
secubox:multiboot-v2.2.4-pre1
secubox:v2.1.0
secubox:v1.8.0
secubox:v1.7.1
secubox:v1.7.0.1
secubox:v1.7.0
secubox:v1.6.7.14
secubox:v1.6.7.13
secubox:v1.6.7.12
secubox:v1.6.7.11
secubox:v1.6.7
secubox:v1.6.5
secubox:v1.6.0
secubox:v1.5.9
secubox:v1.5.8
secubox:v1.5.7
secubox:v1.5.6
secubox:v1.5.5
secubox:v1.5.4
secubox:v1.5.3
secubox:v1.5.2
secubox:v1.5.1
secubox:v1.5.0
secubox:v1.4.2
secubox:v1.4.1
secubox:v1.4.0
secubox:v1.3.11
secubox:v1.3.10
secubox:v1.3.9
secubox:v1.3.8
secubox:v1.3.7
secubox:v1.3.6
secubox:v1.3.5
secubox:v1.3.4
secubox:v1.3.3
secubox:v1.3.2
secubox:v1.3.1
secubox:v1.3.0
secubox:v1.2.0
secubox:v1.1.0
secubox:v1.0.0
secubox:test-devel
...
compare: secubox:ab8822e3f4a736cdd8a2921c406489bb0e925969
Branches Tags
secubox:master
secubox:feature/appstore-phase-a
secubox:feature/gondwana-phase1-mesh
secubox:fix/remove-authelia-sso
secubox:feature/760-standardize-secubox-lan-to-192-168-10-0
secubox:fix/secubox-p2p-master-link-statedir
secubox:feature/761-fix-podcaster-audio-player-stops-every-f
secubox:feature/758-nft-based-network-stats-log-counter-drop
secubox:feature/748-enhanced-tow-boot-http-netboot-serial-fl
secubox:feature/738-aggregator-resilience-sweep-async-handle
secubox:feature/737-secubox-netboot-provisioning-reseau-over
secubox:feature/728-sovereign-threat-intel-drop-crowdsec-cap
secubox:feature/727-secubox-aggregator-auto-heal-watchdog-ti
secubox:feature/726-secubox-podcaster-modern-podcast-manager
secubox:fix/494-secubox-core-service-execstart-overrides
secubox:feature/65-fix-nginx-add-missing-api-routes-to-webu
secubox:fix/53-wazuh-uvicorn-process-causes-100-cpu-spi
secubox:fix/121-metablog-ingest-site-dirs-should-be-crea
secubox:feature/724-toolbox-banner-in-banner-r0-r3-level-swi
secubox:feature/722-dpi-phase-3-ndpid-daemon-ci-cross-build
secubox:feature/720-dpi-phase-3-per-device-daily-history-tim
secubox:feature/718-dpi-phase-3-asn-enrichment-classify-sni
secubox:feature/716-kbin-pdf-donut-grid-layout-broken-each-d
secubox:feature/714-kbin-pdf-charts-blank-in-some-viewers-re
secubox:feature/711-kbin-pdf-donut-charts-render-as-solid-pi
secubox:feature/709-kbin-pdf-integrate-carto-graph-emoji-dat
secubox:feature/707-kbin-report-cyberpunk-netrunner-characte
secubox:feature/705-dpi-report-shows-zeros-exfil-is-a-60s-sn
secubox:feature/703-kbin-pdf-render-visual-donut-charts-mitm
secubox:feature/701-kbin-pdf-report-include-dpi-exfil-stats
secubox:feature/699-kbin-report-tabbed-donut-stats-pistage-d
secubox:feature/697-sbxmitm-truncates-responses-8mib-large-g
secubox:feature/695-dpi-dashboard-fill-top-apps-protocols-ba
secubox:feature/692-dpi-beaconing-rule-fires-on-sub-second-a
secubox:feature/687-plan-full-flow-dpi-on-r3-ndpid-netifyd-p
secubox:feature/689-sbxmitm-forged-leaf-certs-expire-after-2
secubox:feature/683-plan-kbin-tor-endpoint-quick-switch-anon
secubox:fix/662-altsvc-strip
secubox:feat/662-client-geoflag
secubox:feat/662-inline-banner
secubox:feat/662-adlearn
secubox:feat/662-social-relay
secubox:feat/662-cumulative-live
secubox:feat/662-analysis-relay
secubox:feat/662-csp-demo
secubox:feat/662-utls-chrome
secubox:feat/662-adstats-popups
secubox:fix/662-no-follow-redirect
secubox:fix/662-gzip-banner
secubox:feat/662-cutover-fix
secubox:feat/662-transparent-machash
secubox:feat/662-phase5prep-pkg
secubox:feat/662-phase4-jar
secubox:feat/662-phase3-parity
secubox:feat/662-phase2b-bench
secubox:fix/662-restore-ng-source
secubox:feature/662-epic-migrate-toolbox-mitm-engine-off-pyt
secubox:fix/cap-lists-5
secubox:feature/659-feat-toolbox-per-visitor-ad-block-breakd
secubox:fix/ad-learn-self-block-hardening
secubox:feature/656-feat-toolbox-ad-intelligence-aggressive
secubox:fix/653-fix-toolbox-banner-reliability-inline-bu
secubox:feature/651-perf-toolbox-649-follow-up-broaden-splic
secubox:feature/649-perf-toolbox-selective-sni-splice-passth
secubox:fix/623-postinst-systemic-var-lib-log-cache-secu
secubox:feature/646-perf-toolbox-adaptive-accept-encoding-st
secubox:fix/644-hub-dashboard-latency-9-12s-per-module-s
secubox:fix/642-social-graph-ip-literal-self-traffic-rec
secubox:feature/634-toolbox-clients-reset-all-clients-reset
secubox:fix/639-toolbox-banner-injected-into-iframes-sub
secubox:fix/636-toolbox-r3-banner-stream-inject-loader-b
secubox:feature/633-anti-track-v2-layered-block-poison-anony
secubox:feature/630-make-live-ops-fixes-permanent-package-di
secubox:feature/628-hub-health-monitor-page-vital-common-ser
secubox:feature/626-haproxy-smart-self-healing-error-pages-5
secubox:feature/624-waf-robustness-package-self-healing-insp
secubox:feature/620-toolbox-ttfb-perf-stream-inject-async-pe
secubox:fix/619-hub-dashboard-services-cache-never-warms
secubox:feature/617-security-posture-full-rewrite-honest-boa
secubox:feature/615-security-posture-add-security-posture-to
secubox:feature/613-threat-analyst-add-country-flags-to-top
secubox:feature/611-threat-analyst-limit-recent-attacks-tabl
secubox:feature/609-waf-robust-route-propagation-dir-bind-mo
secubox:feature/607-waf-behind-waf-media-cache-image-video-s
secubox:feature/605-waf-refuse-unmapped-hosts-close-open-for
secubox:feature/603-waf-port-live-mitmproxy-fixes-to-source
secubox:feature/601-vm-vm-shows-0-containers-lxc-enumeration
secubox:feature/599-threat-analyst-ingest-real-crowdsec-aler
secubox:feature/597-threat-analyst-global-security-overview
secubox:fix/595-threat-analyst-service-ends-up-disabled
secubox:fix/593-webui-fix-metrics-mitm-0-wrong-unit-thre
secubox:fix/autolearn-exclude-antibot
secubox:feature/589-autolearn-bad-trackers-actors-from-threa
secubox:feature/587-eye-graph-domain-suffix-country-cloud-nu
secubox:feature/578-banner-shareable-top-1-pin-quick-button
secubox:feature/577-perf-video-photo-cdn-proxy-cache-shared
secubox:fix/ad-ghost-collapse-placeholders
secubox:feature/576-ad-ghost-replace-ghosted-ad-with-a-css-l
secubox:fix/581-postinst-portal-stays-dead-after-dpkg-up
secubox:fix/575-eye-graph-remove-hide-all-ip-nodes-count
secubox:feature/574-webext-popup-protection-stats-quick-filt
secubox:feature/572-banner-colorful-emoji-chip-guirlande-fla
secubox:feature/570-toolbox-mitm-dpi-media-type-statistifier
secubox:feature/568-webext-popup-cap-top-tracker-list-to-5-e
secubox:feature/566-r3-r4-silent-ad-banner-ghoster-economisa
secubox:feature/564-detect-antibot-split-deployment-vs-chall
secubox:feature/562-ca-fingerprint-surface-the-r3-ca-on-the
secubox:feature/560-toolbox-protective-mode-tracker-alerting
secubox:feature/558-apk-make-zero-tap-auto-run-robust-real-f
secubox:feature/555-favicons-of-major-sites-in-the-xpi-popup
secubox:feature/553-cartographie-graph-impact-sized-icon-bub
secubox:feature/549-social-tracker-domain-rollup-history-tim
secubox:feature/545-injected-banner-neon-tube-redesign-for-r
secubox:feature/551-android-apk-zero-tap-auto-run-silent-onb
secubox:feature/547-linux-firefox-installer-script-for-the-t
secubox:feature/543-kbin-landing-radical-simplify-livelier-f
secubox:feature/532-plan-browser-xpi-webextension-emancipate
secubox:feature/490-phase-2c-toolbox-receiving-modules-actua
secubox:feature/538-android-app-root-mode-fully-automated-si
secubox:feature/536-serve-the-android-toolbox-apk-from-the-t
secubox:feature/531-plan-android-apk-one-tap-toolbox-r3-clie
secubox:fix/509-waf-soc-perf-double-buffered-cache-memor
secubox:fix/503-ci-disable-espressobin-v7-ultra-image-bu
secubox:feature/501-mitm-wg-multi-worker-fanout
secubox:perf/500-captive-flags-and-addon-async
secubox:feature/500-landing-platform-install
secubox:perf/500-mitm-wg-h2-and-concurrency
secubox:feature/500-phase8-utiq-quickwin
secubox:fix/498-crowdsec-sudoers-status
secubox:fix/498-auth-perms-and-rw
secubox:fix/498-ntp-health-timesyncd
secubox:feature/498-lxc-wg-privileged
secubox:feature/498-lxc-cutover-nm-name
secubox:feature/498-mitm-lxc-hardening
secubox:fix/498-crowdsec-health
secubox:chore/498-version-bump-wip
secubox:feature/498-nm-keyfile
secubox:fix/498-toolbox-ratelimit
secubox:fix/498-cert-probe
secubox:fix/498-r3-probe-same-origin
secubox:fix/498-xff-r3-detect
secubox:fix/498-wg-dns-fix
secubox:feature/498-wg-boot-and-waf-history
secubox:feature/498-asgi-migrate
secubox:feature/498-asgi-consolidation
secubox:feature/498-phase-6Q-quickwins
secubox:feature/498-phase-7-waf-active-enforcement-mitm-crow
secubox:feature/496-phase-6-wireguard-mitm-autocert-mode-r3
secubox:feature/495-phase-5-toolbox-mitm-in-dedicated-lxc-co
secubox:feature/492-phase-3-toolbox-transparency-layer-white
secubox:feature/488-phase-2b-toolbox-wire-mitm-addons-to-rec
secubox:feature/486-toolbox-phase-2a-geoip-flags-asn-secubox
secubox:feature/485-toolbox-phase-2a-soc-scoring-multi-signa
secubox:fix/465-revert-dts-patch-004-revert-hardware-usb
secubox:fix/463-dts-enable-usb3-superspeed-on-mpcie-slot
secubox:fix/458-mochabin-btusb-claims-mt7632u-interface
secubox:feature/450-refactor-move-secubox-mesh-yggdrasil-vpn
secubox:fix/444-kiosk-enable-cursor-on-pi-400-remove-noc
secubox:fix/442-rpi400-image-mass-mask-non-essential-ser
secubox:fix/436-build-scripts-stub-systemctl-handle-rasp
secubox:fix/433-build-rpi-usb-sh-kiosk-install-silently
secubox:fix/431-ci-install-binutils-aarch64-linux-gnu-fo
secubox:feature/429-secubox-nextcloud-dashboard-api-renvoie
secubox:feature/427-ci-build-packages-yml-arm64-matrix-build
secubox:feature/425-secubox-sentinelle-gsm-arm64-build-fails
secubox:feature/423-build-rpi-usb-sh-kiosk-flag-is-a-stub-pa
secubox:fix/150-nftables-service-masked-at-boot-board-lo
secubox:feature/152-roundcube-in-mail-lxc-configure-sqlite-b
secubox:fix/394-nextcloud-remove-authelia-auth-request-f
secubox:feature/410-secubox-user-provisioning-push-master-us
secubox:feature/409-secubox-avatar-smart-media-cookie-hoster
secubox:feature/407-privilege-separated-cookie-install-root
secubox:feature/401-secubox-webext-firefox-webextension-comp
secubox:feature/402-secubox-avatar-peek-poke-credential-brok
secubox:feature/400-secubox-sso-lite-native-auth-request-ver
secubox:feature/397-rework-secubox-photoprism-native-lxc-ins
secubox:feature/388-rework-secubox-peertube-align-with-secub
secubox:feature/398-secubox-nextcloud-capture-photolibrary-e
secubox:fix/395-waf-cred-004-false-positive-on-nextcloud
secubox:fix/392-vhost-health-error-status-404-502-hidden
secubox:feature/391-package-the-gk2-ram-optimization-pattern
secubox:feature/390-peertube-url-backport-vhost-template-por
secubox:docs/389-navbar-resort-hardening-repo-into-root-c
secubox:feature/377-feat-fmrelay-stream-fm-rds-as-icecast-mo
secubox:feat/sentinelle-v0-4-0-rds-extension
secubox:feat/zigbee-v2-6-0-backup-restore
secubox:fix/core-lxc-autostart-wait-for-data
secubox:fix/zigbee-access-list-public-url
secubox:fix/hub-sidebar-precache-instant-render
secubox:feature/370-x64-netplan-profiles-static-ip-fallback
secubox:feat/threat-analyst-v1-4-0-actually-useful
secubox:feat/threat-analyst-v1-3-0-simple-rewrite
secubox:fix/threat-analyst-v1-2-0-jwt-noop
secubox:fix/threat-analyst-v1-1-3-nocache
secubox:fix/threat-analyst-v1-1-2-cors-credentials
secubox:fix/threat-analyst-v1-1-1-navbar-padding
secubox:fix/361-secubox-threat-analyst-v1-1-0-wire-metri
secubox:fix/360-fix-secubox-hub-soc-dashboard-card-metri
secubox:feature/357-secubox-sentinelle-gsm-v0-3-6-async-job
secubox:feature/356-secubox-sentinelle-gsm-v0-3-5-scan-auto
secubox:fix/354-secubox-sentinelle-gsm-v0-3-4-monkey-pat
secubox:feature/345-mochabin-mpcie-slot-j5-investigate-w-dis
secubox:fix/353-secubox-sentinelle-gsm-v0-3-3-drop-args
secubox:feature/319-data-essential-data-convention-audit-30
secubox:fix/286-haproxyctl-cmd-generate-drops-backend-de
secubox:feature/312-secubox-threats-rebuild-threats-as-the-c
secubox:feature/310-secubox-authelia-split-auth-control-dash
secubox:feature/306-consolidate-navbar-to-6-charter-categori
secubox:fix/303-secubox-zigbee-menu-d-80-zigbee-json-is
secubox:fix/301-secubox-dns-provider-add-provider-modal
secubox:fix/299-secubox-dns-provider-webui-add-provider
secubox:feature/297-kernel-build-github-actions-workflow-for
secubox:feature/295-kernel-build-add-config-zram-m-zstd-comp
secubox:fix/293-secubox-zigbee-zigbee-config-ui-hidden-u
secubox:fix/290-health-banner-remove-clickable-alert-lin
secubox:feature/289-secubox-zigbee-split-secubox-config-modu
secubox:feature/287-secubox-lyrion-move-public-vhost-from-ly
secubox:feature/284-secubox-nextcloud-ship-etc-secubox-nextc
secubox:fix/282-secubox-nextcloud-nextcloud-must-stay-th
secubox:feature/280-secubox-nextcloud-modernize-lxc-install
secubox:feature/278-secubox-authelia-own-the-sbx-auth-login
secubox:fix/274-secubox-authelia-verify-must-forward-x-o
secubox:fix/273-secubox-zigbee-secubox-lyrion-auth-redir
secubox:feature/272-secubox-authelia-session-cookies-must-in
secubox:feature/270-secubox-authelia-server-level-banner-sub
secubox:feature/268-secubox-authelia-x-forwarded-proto-must
secubox:feature/266-secubox-authelia-zigbee-lyrion-4-fixes-f
secubox:feature/264-secubox-zigbee-secubox-lyrion-swap-lan-o
secubox:feature/262-secubox-authelia-implement-verify-real-a
secubox:feature/260-secubox-lyrion-lan-only-gate-on-lyrion-l
secubox:fix/241-secubox-zigbee-v2.4.1-sonoff-mg21
secubox:feature/255-mochabin-dt-board-mpcie-slot-usb-pins-no
secubox:feature/237-secubox-sentinelle-gsm-passive-rx-sdr-se
secubox:feature/236-secubox-rbs-sensor-wall-opad-rogue-base
secubox:feature/241-secubox-zigbee-v2-4-0-rewrite-in-place-z
secubox:feature/240-secubox-mqtt-v2-4-0-rewrite-in-place-mos
secubox:feature/247-health-banner-clickable-cross-domain-lin
secubox:feature/246-secubox-yacy-nginx-vhost-missing-well-kn
secubox:feature/248-secubox-lyrion-expose-web-ui-on-lan-ip-1
secubox:feature/244-secubox-lyrion-lxc-host-lyrion-music-ser
secubox:feature/239-secubox-authelia-sso-idp-lxc-authelia-oi
secubox:feature/234-secubox-rustdesk-new-lxc-module-for-self
secubox:feature/232-secubox-yacy-new-lxc-module-for-peer-to
secubox:feature/230-secubox-grafana-new-lxc-module-for-secur
secubox:fix/228-missing-tools-on-images-secubox-flash-di
secubox:fix/226-bare-metal-x86-64-polish-gate-pi-hardwar
secubox:fix/224-kiosk-launcher-chromium-fails-on-debian
secubox:fix/222-login-redirect-loop-68-web-ui-files-stil
secubox:fix/220-secubox-health-doctor-duplicate-debhelpe
secubox:fix/218-build-image-sh-skips-debian-deps-python3
secubox:docs/216-docs-codify-the-secubox-grammar-modular
secubox:feature/214-health-doctor-drop-act-runner-arm64-from
secubox:feature/212-secubox-health-doctor-vital-services-hea
secubox:fix/210-firstboot-users-json-wrong-schema-sha256
secubox:fix/200-metablogizerctl-publish-should-orchestra
secubox:fix/207-eye-square-ship-firstboot-sh-outside-usr
secubox:fix/202-eye-square-debian-rules-content-drift-re
secubox:fix/203-ci-build-packages-discover-step-schedule
secubox:fix/201-secubox-eye-square-switch-to-architectur
secubox:feature/196-implement-secubox-droplet-cli-dropletctl
secubox:fix/197-api-v1-health-alias
secubox:fix/round-real-root-icons
secubox:fix/round-armv6-boot-services
secubox:fix/194-secubox-metrics-visitororigin-entries-em
secubox:feature/192-portal-regenerate-full-dashboard-navbar
secubox:feature/190-giteactl-runner-forge-runner-add-remove
secubox:feature/180-publishctl-rename-metactl-forge-post-nou
secubox:feature/182-streamlitctl-extend-lifecycle-only-ctl-w
secubox:feature/183-streamforgectl-forge-missing-ctl-streaml
secubox:feature/184-metablogizerctl-extend-reference-ctl-wit
secubox:feature/181-dropletctl-forge-missing-ctl-file-upload
secubox:feature/176-giteactl-forge-repo-mirror-add-remove-li
secubox:feature/177-ci-mirror-github-workflows-gitea-workflo
secubox:feature/173-mitmproxyctl-align-with-lxc-reality-add
secubox:fix/rpi4b-radar-arcs-top-centered
secubox:fix/170-cookie-audit-pipeline-hardening-apparmor
secubox:fix/167-secubox-hub-vs-secubox-portal-login-html
secubox:fix/163-triple-soc-location-duplicate-breaks-ngi
secubox:fix/162-secubox-core-postinst-overwrites-etc-ngi
secubox:feature/158-live-deploy-fixes-followup
secubox:feature/158-eye-remote-multi-gadget-l3-dhcp-server-o
secubox:fix/155-eye-remote-link-rename-collision-when-mu
secubox:feature/153-mail-stack-phase-2-rspamd-migration-roun
secubox:feature/156-cookie-audit-pipeline-rgpd-eprivacy-comp
secubox:feature/147-add-scripts-check-dashboard-cache-py-lin
secubox:feature/136-mail-stack-phase-1-source-catch-up-legac
secubox:fix/145-secubox-waf-apply-double-cache-pattern-o
secubox:feature/138-port-radar-concentric-into-secubox-commo
secubox:fix/139-round-image-usb0-otg-networking-dead-ifu
secubox:fix/133-remote-ui-square-4-bugs-caught-at-pi-4b
secubox:feature/127-add-remote-ui-square-variant-for-pi-4b-7
secubox:feature/127-phase3-python-kiosk
secubox:feature/127-phase2-square-variant
secubox:feature/120-auth-rework-secubox-users-as-identity-so
secubox:fix/124-build-live-usb-safety-protect-host-dev-f
secubox:feature/122-build-live-usb-sh-add-static-ip-hostname
secubox:fix/117-metablogizer-webhook-git-pull-fails-on-d
secubox:feature/113-metablogizer-deploy-webhook-sub-e-of-49
secubox:fix/114-secubox-hub-sidebar-enters-mobile-mode-o
secubox:fix/111-metablogizer-api-load-sites-called-repea
secubox:fix/109-metablogizer-api-sub-c-runtime-imports-f
secubox:fix/106-metablogizer-api-delete-site-name-fails
secubox:fix/105-metablogizer-ui-api-helper-swallows-res
secubox:feature/103-metablogizer-version-dashboard-ui-module
secubox:feature/101-metablogizer-site-json-schema-version-me
secubox:feature/95-streamlit-per-site-version-pinning-conta
secubox:feature/94-metablogizer-gitea-ingest-import-166-sit
secubox:feature/49-feat-metablogizer-streamlit-version-mana
secubox:fix/92-uvicorn-sibling-imports
secubox:feature/92-health-banner-visitor-origin-feed-anonym
secubox:feature/89-secubox-apt-clone-validate-implementatio
secubox:feature/license-headers-phase-a
secubox:feature/license-phase-b-full
secubox:feature/83-multi-agent-worktree-workflow
secubox:feature/eye-remote-auto-mode
secubox:feature/sync-workflow-eyemote
secubox:feature/multigadget-docs
secubox:v2.14.1
secubox:v2.14.0
secubox:android-v0.4.0
secubox:webext-v0.1.5
secubox:webext-v0.1.4
secubox:webext-v0.1.3
secubox:webext-v0.1.2
secubox:android-v0.3.0
secubox:android-v0.2.0
secubox:webext-v0.1.1
secubox:webext-v0.1.0
secubox:android-v0.1.0
secubox:v2.13.20
secubox:v2.13.19
secubox:v2.13.18
secubox:v2.13.17
secubox:v2.13.16
secubox:v2.13.15
secubox:v2.13.14
secubox:v2.13.13
secubox:v2.13.12
secubox:v2.13.11
secubox:v2.13.10
secubox:v2.13.9
secubox:v2.13.8
secubox:v2.13.7
secubox:v2.13.6
secubox:v2.13.5
secubox:v2.13.4
secubox:v2.13.3
secubox:v2.13.2
secubox:v2.13.1
secubox:v2.13.0
secubox:v2.12.18
secubox:v2.12.17
secubox:v2.12.16
secubox:v2.12.15
secubox:v2.12.14
secubox:v2.12.13
secubox:v2.12.12
secubox:v2.12.11
secubox:v2.12.10
secubox:v2.12.9
secubox:v2.12.8
secubox:v2.12.7
secubox:v2.12.6
secubox:v2.12.5
secubox:v2.12.4
secubox:v2.12.3
secubox:v2.12.2
secubox:v2.12.1
secubox:v2.12.0
secubox:v2.11.1
secubox:v2.11.0
secubox:v2.10.3
secubox:v2.10.2
secubox:v2.10.1
secubox:v2.10.0
secubox:v2.9.0
secubox:v2.2.1-eye-remote
secubox:v2.8.0
secubox:v2.7.3
secubox:v2.7.2
secubox:v2.7.1
secubox:v2.7.0
secubox:v2.6.1
secubox:v2.6.0
secubox:v2.5.0
secubox:v2.4.0
secubox:v2.3.0
secubox:v2.2.0
secubox:v2.1.1
secubox:v1.9.0
secubox:multiboot-v2.2.4-live
secubox:multiboot-v2.2.4-pre1
secubox:v2.1.0
secubox:v1.8.0
secubox:v1.7.1
secubox:v1.7.0.1
secubox:v1.7.0
secubox:v1.6.7.14
secubox:v1.6.7.13
secubox:v1.6.7.12
secubox:v1.6.7.11
secubox:v1.6.7
secubox:v1.6.5
secubox:v1.6.0
secubox:v1.5.9
secubox:v1.5.8
secubox:v1.5.7
secubox:v1.5.6
secubox:v1.5.5
secubox:v1.5.4
secubox:v1.5.3
secubox:v1.5.2
secubox:v1.5.1
secubox:v1.5.0
secubox:v1.4.2
secubox:v1.4.1
secubox:v1.4.0
secubox:v1.3.11
secubox:v1.3.10
secubox:v1.3.9
secubox:v1.3.8
secubox:v1.3.7
secubox:v1.3.6
secubox:v1.3.5
secubox:v1.3.4
secubox:v1.3.3
secubox:v1.3.2
secubox:v1.3.1
secubox:v1.3.0
secubox:v1.2.0
secubox:v1.1.0
secubox:v1.0.0
secubox:test-devel

4 Commits
68490a4a9b ... ab8822e3f4

Author SHA1 Message Date
CyberMind-FR
ab8822e3f4 docs: record #623 systemic shared-parent clobber fix (PR #648)
Some checks are pending
License Headers / check (push) Waiting to run
Details
2026-06-18 10:48:24 +02:00
CyberMind
9950e9ec3e
Merge pull request #648 from CyberMind-FR/fix/623-postinst-systemic-var-lib-log-cache-secu 
postinst: systemic /var/{lib,log,cache}/secubox parent-mode clobber across ~12 packages (board-wide traversal breakage)
 2026-06-18 10:41:52 +02:00
CyberMind-FR
951af764fb fix(#623): close review gaps — 3 chmod 750 /var/log clobbers + tmpfiles defense-in-depth 
Review found two gaps the install-d sweep missed:
- chmod-form clobber: soc-gateway/soc-agent/ui-manager did 'chmod 750
  /var/log/secubox' (same #511 traversal class) -> now 0755.
- secubox-core tmpfiles.d only declared /run/secubox; now declares all 5 shared
  parents at 0755 (mode-only, owner-agnostic) for boot/install-time self-heal.
  core 1.1.7 -> 1.1.8.
 2026-06-18 10:39:52 +02:00
CyberMind-FR
6b7d7f8607 fix(#623): shared /run|/var/lib|/var/cache|/etc/secubox parents stay 1777/0755 in all postinsts 
Systemic clobber: the scaffold boilerplate (install -d -m 750 /var/lib/secubox,
/run/secubox) put restrictive modes on SHARED parents in ~56 module postinsts,
reverting them to 0750 on every install/upgrade and breaking traversal for
non-secubox daemons (kbin/toolbox 500). Empirically confirmed install -d -m only
modes the final component, so /parent/leaf forms are harmless — only bare-parent
targets were rewritten. Multi-arg lines (incl. ones making /var/lib world-writable
1777) split per-parent: /run/secubox=1777 root:root, /var/lib|cache|etc=0755
secubox:secubox; module-private leaves keep 0750. Scaffold + PATTERNS.md fixed so
new packages don't reintroduce it.
 2026-06-18 10:32:58 +02:00
70 changed files with 192 additions and 123 deletions
Show Stats Expand all files Collapse all files

23
.claude/HISTORY.md
View File

@ -3,6 +3,29 @@
---
## 2026-06-18 — #623 systemic shared-parent clobber resolved at source (PR #648)
- **Root cause corrected.** The recurring `/var/{lib,log,cache,…}/secubox` parent
clobber was NOT the `install -d -m 0750 /parent/leaf` leaf form (empirically
proven harmless: GNU `install -d -m` modes only the final component). It was the
scaffold boilerplate `install -d -m 750 /var/lib/secubox` + `/run/secubox` (BARE
parents) in ~56 module postinsts — written `-m 750` (3-digit), which is why prior
greps/sweeps (#511/#627/#631) missed it.
- **Source-wide fix.** Scripted rewrite of all bare-parent targets → `/run/secubox`
1777 root:root, `/var/lib|log|cache|etc|usr/share/secubox` 0755; 6 multi-arg
lines split per-parent (4 were setting `/var/lib/secubox` world-writable 1777 —
a security regression); 3 `chmod 750 /var/log/secubox` (soc-gateway/soc-agent/
ui-manager) → 0755. Module-private leaves (`/var/lib/secubox/<mod>` 0750) left
untouched. Scaffold `new-package.sh` + `.claude/PATTERNS.md` fixed so new
packages don't reintroduce it. secubox-core 1.1.8 tmpfiles.d now declares all 5
shared parents at 0755 (mode-only) for boot/install-time self-heal.
- **Verified:** all 64 changed maintainer scripts `bash -n` clean; zero bare-parent
restrictive lines remain (install-d + chmod forms); saas-relay + core rebuilt and
packaged postinst/tmpfiles confirmed. Two-stage review (found + closed 2 gaps:
the chmod-form clobbers + tmpfiles coverage). NOT mass-deployed (60-pkg restart =
thundering-herd risk); live covered by `secubox-dirs-guard.timer`; lands at next
CI image build / reflash.
## 2026-06-18 — perf sprint (hub latency, R3 tunnel encoding) + crowdsec unblock
- **Hub dashboard latency (#644, PR #645, hub `1.4.6`).** The hub runs mounted in

10
.claude/PATTERNS.md
View File

@ -383,9 +383,13 @@ case "$1" in
adduser --system --group --no-create-home --home /var/lib/secubox secubox
fi
# Répertoires runtime
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
# Répertoires runtime — SHARED parents, NE JAMAIS les passer en 0750/0700
# (#623 : casse la traversée pour les daemons non-secubox → kbin/toolbox 500).
# /run/secubox reste 1777 (sticky world-writable, sockets de tous les services,
# #471) ; /var/lib/secubox reste 0755. Les leaves privées
# (/var/lib/secubox/<module>) peuvent être 0750.
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
# Activer et démarrer le service
systemctl daemon-reload

17
.claude/WIP.md
View File

@ -22,13 +22,20 @@ Tout mergé sur master + déployé sur gk2. Détail dans HISTORY 2026-06-18.
CSP-strict tirées décompressées via le worker R3 GIL-bound. **toolbox 2.6.53**.
- ✅ **crowdsec** réparé (403 transitoire CDN → `dpkg --configure` RC=0, audit clean).
- ✅ **#623 (PR #648, merged 9950e9ec)** — clobber systémique RÉSOLU au source.
La vraie cause : boilerplate scaffold `install -d -m 750 /var/lib/secubox` +
`/run/secubox` (parents NUS) dans ~56 postinsts — écrit `-m 750` (3 chiffres),
d'où le ratage des sweeps précédents. Empiriquement prouvé que le form
`install -d -m 750 /parent/leaf` NE clobbe PAS le parent (seuls les targets
parents-nus). Fix : tous → 1777 (/run) / 0755 ; 6 lignes multi-arg splittées
(4 mettaient /var/lib en world-writable 1777) ; 3 `chmod 750 /var/log` ;
scaffold `new-package.sh` + `PATTERNS.md` ; core 1.1.8 tmpfiles.d déclare les 5
parents 0755. **PAS de mass-deploy** (60 paquets = mass-restart = risque
thundering-herd) ; live couvert par `dirs-guard.timer` ; arrive au prochain
build CI / reflash.
### ⬜ Next Up
- **#623 (P0 bug)** — clobber systémique des modes parents `/var/{lib,log,cache}/
secubox` sur ~12 paquets (postinsts `install -d -m 0750` multi-arg que le sweep
#623 a manqués). Couvert par `secubox-dirs-guard.timer` mais la cause-racine
reste ouverte paquet par paquet → casse la traversée non-`secubox` (kbin/toolbox
500). **Prochain actionnable propre** (PR bornée).
- **Anti-Track v2 ARMING** (décision USER, gated) — soak observe-only puis flip
`privacy_enforce=true` ; régénérer `data/cdn-allowlist.txt` depuis les plages
publiques avant `privacy_ip_drop` ; `unbound-checkconf` avant `privacy_dns_feed`.

4
packages/secubox-admin/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/admin
install -d -o root -g secubox -m 0755 /var/log/secubox
systemctl daemon-reload

4
packages/secubox-ai-insights/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/ai-insights
install -d -o secubox -g secubox -m 750 /var/lib/secubox/ai-insights/models
install -d -o secubox -g secubox -m 750 /var/cache/secubox/ai-insights

4
packages/secubox-auth/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-auth.service
systemctl start secubox-auth.service || true

2
packages/secubox-authelia/debian/postinst
View File

@ -9,7 +9,7 @@ case "$1" in
getent passwd secubox >/dev/null || useradd --system --gid secubox \
--home /var/lib/secubox --no-create-home --shell /usr/sbin/nologin secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/authelia
install -d -m 0755 -o secubox -g secubox /var/log/secubox

4
packages/secubox-avatar/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/avatar
install -d -o secubox -g secubox -m 750 /var/lib/secubox/avatar/images
systemctl daemon-reload

4
packages/secubox-cdn/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-cdn.service
systemctl start secubox-cdn.service || true

3
packages/secubox-certs/debian/postinst
View File

@ -1,7 +1,8 @@
#!/bin/sh
set -e
if [ "$1" = "configure" ]; then
install -d -m 0755 /run/secubox /var/cache/secubox/certs
install -d -o root -g root -m 1777 /run/secubox
install -d -m 0755 /var/cache/secubox/certs
systemctl daemon-reload || true
systemctl enable --now secubox-certs.service || true
fi

12
packages/secubox-core/debian/changelog
View File

@ -1,3 +1,15 @@
secubox-core (1.1.8-1~bookworm1) bookworm; urgency=medium
* fix(#623): tmpfiles.d now declares all shared secubox parents
(/var/lib, /var/log, /var/cache, /etc, /usr/share /secubox) at 0755
(mode-only, owner-agnostic), in addition to /run/secubox 1777 — boot +
install-time defense-in-depth that self-heals a momentary 0750 clobber
before the next secubox-dirs-guard.timer tick. Pairs with the source-wide
postinst sweep that stopped ~56 module postinsts from clobbering those
parents.
-- Gerald Kerma <devel@cybermind.fr> Thu, 18 Jun 2026 13:00:00 +0200
secubox-core (1.1.7-1~bookworm1) bookworm; urgency=medium
* fix(postinst): /var/lib/secubox + /usr/share/secubox/www were set 0750,

10
packages/secubox-core/tmpfiles.d/secubox.conf
View File

@ -1 +1,11 @@
d /run/secubox 1777 root root -
# #623 — defense-in-depth: guarantee the SHARED secubox parents stay traversable
# (0755) at boot and on every `systemd-tmpfiles --create`, so if a module postinst
# momentarily re-clobbers one to 0750 it self-heals before the next
# secubox-dirs-guard.timer tick. Mode-only (owner `-`) to mirror the owner-agnostic
# dirs-guard and never fight secubox-core's / a module's own ownership.
d /var/lib/secubox 0755 - - -
d /var/log/secubox 0755 - - -
d /var/cache/secubox 0755 - - -
d /etc/secubox 0755 - - -
d /usr/share/secubox 0755 - - -

4
packages/secubox-crowdsec/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-crowdsec.service
systemctl start secubox-crowdsec.service || true

4
packages/secubox-domoticz/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
# Create data directories
install -d -m 755 /srv/domoticz
install -d -m 755 /srv/domoticz/config

4
packages/secubox-dpi/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-dpi.service
systemctl start secubox-dpi.service || true

4
packages/secubox-droplet/debian/postinst
View File

@ -8,8 +8,8 @@ case "$1" in
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 755 /srv/droplet
# Enable and start service

2
packages/secubox-fmrelay/debian/postinst
View File

@ -13,7 +13,7 @@ case "$1" in
# the device with).
usermod -aG plugdev secubox 2>/dev/null || true
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/fmrelay
install -d -m 0755 -o secubox -g secubox /var/log/secubox

4
packages/secubox-glances/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/glances
systemctl daemon-reload
systemctl enable secubox-glances.service

4
packages/secubox-gotosocial/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
# Create data directory for GoToSocial
install -d -o root -g root -m 755 /srv/gotosocial
install -d -o root -g root -m 755 /srv/gotosocial/storage

2
packages/secubox-grafana/debian/postinst
View File

@ -9,7 +9,7 @@ case "$1" in
getent passwd secubox >/dev/null || useradd --system --gid secubox \
--home /var/lib/secubox --no-create-home --shell /usr/sbin/nologin secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/grafana
install -d -m 0755 -o secubox -g secubox /var/log/secubox

3
packages/secubox-haproxy/debian/postinst
View File

@ -7,7 +7,8 @@ case "$1" in
# Shared parents stay 0755 (traversable by every secubox-* daemon — setting
# them 0750 here broke kbin/toolbox by blocking traversal, #626). Only the
# haproxy-private leaves are restricted.
install -d -o secubox -g secubox -m 755 /run/secubox /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/haproxy /var/lib/secubox/haproxy/config_backups
chmod 0755 /var/lib/secubox /run/secubox 2>/dev/null || true
# Create /etc/haproxy if not present (haproxy is Recommends, not Depends)

2
packages/secubox-health-doctor/debian/postinst
View File

@ -3,7 +3,7 @@ set -e
case "$1" in
configure)
install -d -o secubox -g secubox -m 750 /var/cache/secubox
install -d -o secubox -g secubox -m 755 /var/cache/secubox
systemctl daemon-reload
# API daemon + periodic timer
systemctl enable --now secubox-health-doctor.service || true

4
packages/secubox-hexo/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
# Create hexo data directory
install -d -o root -g root -m 755 /srv/hexo/blogs
# Ensure nginx secubox.d directory exists

4
packages/secubox-homeassistant/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
# Create data directories
install -d -m 755 /srv/homeassistant
install -d -m 755 /srv/homeassistant/config

4
packages/secubox-hub/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-hub.service
systemctl start secubox-hub.service || true

4
packages/secubox-jellyfin/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
# Ensure nginx secubox.d directory exists
install -d -m 755 /etc/nginx/secubox.d
# Enable and start service

4
packages/secubox-jitsi/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
# Create Jitsi data directory
install -d -o root -g root -m 755 /srv/jitsi
install -d -o root -g root -m 755 /srv/jitsi/recordings

4
packages/secubox-ksm/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/ksm
systemctl daemon-reload
systemctl enable secubox-ksm.service

4
packages/secubox-localai/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
# Create data directories
install -d -m 755 /srv/localai
install -d -m 755 /srv/localai/models

2
packages/secubox-lyrion/debian/postinst
View File

@ -9,7 +9,7 @@ case "$1" in
getent passwd secubox >/dev/null || useradd --system --gid secubox \
--home /var/lib/secubox --no-create-home --shell /usr/sbin/nologin secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/lyrion
install -d -m 0755 -o secubox -g secubox /var/log/secubox

4
packages/secubox-mac-guard/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/mac-guard
systemctl daemon-reload
systemctl enable secubox-mac-guard.service

4
packages/secubox-mediaflow/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-mediaflow.service
systemctl start secubox-mediaflow.service || true

6
packages/secubox-metabolizer/debian/postinst
View File

@ -5,10 +5,10 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/cache/secubox/metabolizer
install -d -o secubox -g secubox -m 750 /etc/secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
systemctl daemon-reload
systemctl enable secubox-metabolizer.service
systemctl start secubox-metabolizer.service || true

4
packages/secubox-metacatalog/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/cache/secubox/metacatalog
systemctl daemon-reload
systemctl enable secubox-metacatalog.service

4
packages/secubox-mirror/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/mirrors
install -d -o secubox -g secubox -m 750 /var/cache/secubox-mirror
install -d -o secubox -g secubox -m 750 /etc/nginx/secubox-mirror.d

2
packages/secubox-mqtt/debian/postinst
View File

@ -9,7 +9,7 @@ case "$1" in
getent passwd secubox >/dev/null || useradd --system --gid secubox \
--home /var/lib/secubox --no-create-home --shell /usr/sbin/nologin secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0750 -o root -g secubox /etc/secubox/secrets
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/mqtt
install -d -m 0755 -o secubox -g secubox /var/log/secubox

4
packages/secubox-nac/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-nac.service
systemctl start secubox-nac.service || true

4
packages/secubox-netdata/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-netdata.service
systemctl start secubox-netdata.service || true

4
packages/secubox-netdiag/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/cache/secubox/netdiag
systemctl daemon-reload
systemctl enable secubox-netdiag.service

4
packages/secubox-netifyd/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/netifyd
systemctl daemon-reload
systemctl enable secubox-netifyd.service

4
packages/secubox-netmodes/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o root -g root -m 755 /var/lib/secubox/netmodes-backup
install -d -o root -g root -m 755 /etc/secubox/netmodes
systemctl daemon-reload

4
packages/secubox-nettweak/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/nettweak
install -d -o root -g root -m 755 /etc/sysctl.d
systemctl daemon-reload

4
packages/secubox-newsbin/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o root -g root -m 755 /srv/newsbin
install -d -o root -g root -m 755 /srv/downloads/usenet
install -d -o root -g root -m 755 /srv/downloads/usenet/complete

4
packages/secubox-ollama/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
# Ensure nginx secubox.d directory exists
install -d -m 755 /etc/nginx/secubox.d
# Enable and start service

5
packages/secubox-peertube/debian/postinst
View File

@ -8,11 +8,12 @@ if [ "$1" = "configure" ]; then
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Runtime + state directories
install -d -o secubox -g secubox -m 750 /run/secubox /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
# Do NOT reset /etc/secubox — secubox-core owns it as secubox:secubox 0750
# (the users-engine needs dir-write for atomic users.json saves / TOTP).
# Only create as a fallback if it's somehow missing.
[ -d /etc/secubox ] || install -d -o secubox -g secubox -m 750 /etc/secubox
[ -d /etc/secubox ] || install -d -o secubox -g secubox -m 755 /etc/secubox
# nginx snippet directory (peertube.conf shipped by the package lands here)
install -d -m 755 /etc/nginx/secubox.d

6
packages/secubox-photoprism/debian/postinst
View File

@ -7,12 +7,12 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
# Do NOT reset /etc/secubox — secubox-core owns it as secubox:secubox 0750
# (the users-engine needs dir-write for atomic users.json saves / TOTP).
# Only create as a fallback if it's somehow missing.
[ -d /etc/secubox ] || install -d -o secubox -g secubox -m 750 /etc/secubox
[ -d /etc/secubox ] || install -d -o secubox -g secubox -m 755 /etc/secubox
# #319 /data migration: move legacy /srv/photoprism → /data/photoprism and
# leave a back-compat symlink. Idempotent.

4
packages/secubox-picobrew/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
# Create data directories for picobrew
install -d -o secubox -g secubox -m 755 /var/lib/secubox/picobrew
install -d -o secubox -g secubox -m 755 /var/lib/secubox/picobrew/sensors

4
packages/secubox-portal/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-portal.service
systemctl start secubox-portal.service || true

4
packages/secubox-qos/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-qos.service
systemctl start secubox-qos.service || true

2
packages/secubox-rbs-sensor/debian/postinst
View File

@ -10,7 +10,7 @@ case "$1" in
# dialout: needed for /dev/ttyUSB* access when the EP06 enumerates
usermod -aG dialout secubox 2>/dev/null || true
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/rbs-sensor
install -d -m 0755 -o secubox -g secubox /var/log/secubox

6
packages/secubox-reporter/debian/postinst
View File

@ -5,11 +5,11 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/reports
install -d -o secubox -g secubox -m 750 /var/cache/secubox/reporter
install -d -o secubox -g secubox -m 750 /etc/secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
systemctl daemon-reload
systemctl enable secubox-reporter.service
systemctl start secubox-reporter.service || true

4
packages/secubox-routes/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-routes.service
systemctl start secubox-routes.service || true

2
packages/secubox-rustdesk/debian/postinst
View File

@ -6,7 +6,7 @@ case "$1" in
getent passwd secubox >/dev/null || useradd --system --gid secubox \
--home /var/lib/secubox --no-create-home --shell /usr/sbin/nologin secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/rustdesk
install -d -m 0755 -o secubox -g secubox /var/log/secubox

4
packages/secubox-saas-relay/debian/postinst
View File

@ -4,7 +4,9 @@ case "$1" in
configure)
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home --home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox /var/lib/secubox /var/lib/secubox/saas-relay
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/saas-relay
install -d -o secubox -g secubox -m 700 /etc/secubox/secrets
install -d -o secubox -g secubox -m 750 /var/cache/secubox/saas-relay
systemctl daemon-reload

2
packages/secubox-sentinelle-gsm/debian/postinst
View File

@ -12,7 +12,7 @@ case "$1" in
# daemon can claim the USB device when v0.2 wires the SDR I/O.
usermod -aG plugdev secubox 2>/dev/null || true
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0750 -o root -g secubox /etc/secubox/secrets
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/sentinelle-gsm
install -d -m 0755 -o secubox -g secubox /var/log/secubox

6
packages/secubox-smtp-relay/debian/postinst
View File

@ -5,9 +5,9 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /etc/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
systemctl daemon-reload
systemctl enable secubox-smtp-relay.service
systemctl start secubox-smtp-relay.service || true

2
packages/secubox-soc-agent/debian/postinst
View File

@ -17,7 +17,7 @@ case "$1" in
# Ensure log directory exists with correct permissions
mkdir -p /var/log/secubox
chown root:adm /var/log/secubox
chmod 750 /var/log/secubox
chmod 0755 /var/log/secubox
# Create config directory
mkdir -p /etc/secubox

2
packages/secubox-soc-gateway/debian/postinst
View File

@ -17,7 +17,7 @@ case "$1" in
# Ensure log directory exists with correct permissions
mkdir -p /var/log/secubox
chown root:adm /var/log/secubox
chmod 750 /var/log/secubox
chmod 0755 /var/log/secubox
# Create config directory
mkdir -p /etc/secubox

3
packages/secubox-streamforge/debian/postinst
View File

@ -4,7 +4,8 @@ case "$1" in
configure)
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home --home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 755 /srv/streamlit/apps
systemctl daemon-reload
systemctl enable secubox-streamforge.service

3
packages/secubox-streamlit/debian/postinst
View File

@ -4,7 +4,8 @@ case "$1" in
configure)
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home --home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 755 /srv/streamlit/apps /srv/streamlit/logs
install -d -o secubox -g secubox -m 755 /var/log/secubox
install -d -o root -g root -m 755 /etc/secubox

4
packages/secubox-system/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-system.service
systemctl start secubox-system.service || true

4
packages/secubox-torrent/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/cache/secubox/torrent
# Create data directories
install -d -m 755 /srv/torrent/config

2
packages/secubox-ui-manager/debian/postinst
View File

@ -15,7 +15,7 @@ case "$1" in
# Create log directory
mkdir -p /var/log/secubox
chmod 750 /var/log/secubox
chmod 0755 /var/log/secubox
# Create config directory
mkdir -p /etc/secubox/ui

2
packages/secubox-users/debian/postinst
View File

@ -7,7 +7,7 @@ case "$1" in
getent group secubox >/dev/null || groupadd --system secubox
getent passwd secubox >/dev/null || useradd --system --gid secubox \
--home /var/lib/secubox --no-create-home --shell /usr/sbin/nologin secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
# Run v1 → v2 migration (idempotent)
python3 - <<'PYEOF' || echo 'WARN: migration step failed — investigate /etc/secubox/users.json'

4
packages/secubox-vhost/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-vhost.service
systemctl start secubox-vhost.service || true

4
packages/secubox-voip/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /srv/voip
# Ensure nginx secubox.d directory exists
install -d -m 755 /etc/nginx/secubox.d

4
packages/secubox-webradio/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
# Create data directories
install -d -o secubox -g secubox -m 755 /var/lib/secubox/webradio
install -d -o secubox -g secubox -m 755 /var/lib/secubox/webradio/recordings

2
packages/secubox-yacy/debian/postinst
View File

@ -8,7 +8,7 @@ case "$1" in
getent passwd secubox >/dev/null || useradd --system --gid secubox \
--home /var/lib/secubox --no-create-home --shell /usr/sbin/nologin secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/yacy
install -d -m 0755 -o secubox -g secubox /var/log/secubox

2
packages/secubox-zigbee/debian/postinst
View File

@ -9,7 +9,7 @@ case "$1" in
getent passwd secubox >/dev/null || useradd --system --gid secubox \
--home /var/lib/secubox --no-create-home --shell /usr/sbin/nologin secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0750 -o root -g secubox /etc/secubox/secrets
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/zigbee
install -d -m 0755 -o secubox -g secubox /var/log/secubox

12
scripts/new-package.sh
View File

@ -201,9 +201,15 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
# Create runtime directories.
# NOTE (#623): these are SHARED parents — keep them traversable for every
# secubox-* daemon. /run/secubox MUST stay 1777 (world-writable sticky, all
# services drop sockets there, ref #471); /var/lib/secubox MUST stay 0755.
# NEVER set a shared parent to 0750/0700 — it breaks traversal for non-secubox
# users (kbin/toolbox 500). Module-private leaves (/var/lib/secubox/PKGNAME)
# may be 0750. Re-asserting 0755/1777 here is idempotent + self-healing.
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
# Ensure nginx secubox.d directory exists
install -d -m 755 /etc/nginx/secubox.d
# Enable and start service