secubox/secubox-deb
1
0
Fork 0
mirror of https://github.com/CyberMind-FR/secubox-deb.git synced 2026-06-29 21:38:35 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: secubox:ab8822e3f4a736cdd8a2921c406489bb0e925969
Branches Tags
secubox:master
secubox:feature/appstore-phase-a
secubox:feature/gondwana-phase1-mesh
secubox:fix/remove-authelia-sso
secubox:feature/760-standardize-secubox-lan-to-192-168-10-0
secubox:fix/secubox-p2p-master-link-statedir
secubox:feature/761-fix-podcaster-audio-player-stops-every-f
secubox:feature/758-nft-based-network-stats-log-counter-drop
secubox:feature/748-enhanced-tow-boot-http-netboot-serial-fl
secubox:feature/738-aggregator-resilience-sweep-async-handle
secubox:feature/737-secubox-netboot-provisioning-reseau-over
secubox:feature/728-sovereign-threat-intel-drop-crowdsec-cap
secubox:feature/727-secubox-aggregator-auto-heal-watchdog-ti
secubox:feature/726-secubox-podcaster-modern-podcast-manager
secubox:fix/494-secubox-core-service-execstart-overrides
secubox:feature/65-fix-nginx-add-missing-api-routes-to-webu
secubox:fix/53-wazuh-uvicorn-process-causes-100-cpu-spi
secubox:fix/121-metablog-ingest-site-dirs-should-be-crea
secubox:feature/724-toolbox-banner-in-banner-r0-r3-level-swi
secubox:feature/722-dpi-phase-3-ndpid-daemon-ci-cross-build
secubox:feature/720-dpi-phase-3-per-device-daily-history-tim
secubox:feature/718-dpi-phase-3-asn-enrichment-classify-sni
secubox:feature/716-kbin-pdf-donut-grid-layout-broken-each-d
secubox:feature/714-kbin-pdf-charts-blank-in-some-viewers-re
secubox:feature/711-kbin-pdf-donut-charts-render-as-solid-pi
secubox:feature/709-kbin-pdf-integrate-carto-graph-emoji-dat
secubox:feature/707-kbin-report-cyberpunk-netrunner-characte
secubox:feature/705-dpi-report-shows-zeros-exfil-is-a-60s-sn
secubox:feature/703-kbin-pdf-render-visual-donut-charts-mitm
secubox:feature/701-kbin-pdf-report-include-dpi-exfil-stats
secubox:feature/699-kbin-report-tabbed-donut-stats-pistage-d
secubox:feature/697-sbxmitm-truncates-responses-8mib-large-g
secubox:feature/695-dpi-dashboard-fill-top-apps-protocols-ba
secubox:feature/692-dpi-beaconing-rule-fires-on-sub-second-a
secubox:feature/687-plan-full-flow-dpi-on-r3-ndpid-netifyd-p
secubox:feature/689-sbxmitm-forged-leaf-certs-expire-after-2
secubox:feature/683-plan-kbin-tor-endpoint-quick-switch-anon
secubox:fix/662-altsvc-strip
secubox:feat/662-client-geoflag
secubox:feat/662-inline-banner
secubox:feat/662-adlearn
secubox:feat/662-social-relay
secubox:feat/662-cumulative-live
secubox:feat/662-analysis-relay
secubox:feat/662-csp-demo
secubox:feat/662-utls-chrome
secubox:feat/662-adstats-popups
secubox:fix/662-no-follow-redirect
secubox:fix/662-gzip-banner
secubox:feat/662-cutover-fix
secubox:feat/662-transparent-machash
secubox:feat/662-phase5prep-pkg
secubox:feat/662-phase4-jar
secubox:feat/662-phase3-parity
secubox:feat/662-phase2b-bench
secubox:fix/662-restore-ng-source
secubox:feature/662-epic-migrate-toolbox-mitm-engine-off-pyt
secubox:fix/cap-lists-5
secubox:feature/659-feat-toolbox-per-visitor-ad-block-breakd
secubox:fix/ad-learn-self-block-hardening
secubox:feature/656-feat-toolbox-ad-intelligence-aggressive
secubox:fix/653-fix-toolbox-banner-reliability-inline-bu
secubox:feature/651-perf-toolbox-649-follow-up-broaden-splic
secubox:feature/649-perf-toolbox-selective-sni-splice-passth
secubox:fix/623-postinst-systemic-var-lib-log-cache-secu
secubox:feature/646-perf-toolbox-adaptive-accept-encoding-st
secubox:fix/644-hub-dashboard-latency-9-12s-per-module-s
secubox:fix/642-social-graph-ip-literal-self-traffic-rec
secubox:feature/634-toolbox-clients-reset-all-clients-reset
secubox:fix/639-toolbox-banner-injected-into-iframes-sub
secubox:fix/636-toolbox-r3-banner-stream-inject-loader-b
secubox:feature/633-anti-track-v2-layered-block-poison-anony
secubox:feature/630-make-live-ops-fixes-permanent-package-di
secubox:feature/628-hub-health-monitor-page-vital-common-ser
secubox:feature/626-haproxy-smart-self-healing-error-pages-5
secubox:feature/624-waf-robustness-package-self-healing-insp
secubox:feature/620-toolbox-ttfb-perf-stream-inject-async-pe
secubox:fix/619-hub-dashboard-services-cache-never-warms
secubox:feature/617-security-posture-full-rewrite-honest-boa
secubox:feature/615-security-posture-add-security-posture-to
secubox:feature/613-threat-analyst-add-country-flags-to-top
secubox:feature/611-threat-analyst-limit-recent-attacks-tabl
secubox:feature/609-waf-robust-route-propagation-dir-bind-mo
secubox:feature/607-waf-behind-waf-media-cache-image-video-s
secubox:feature/605-waf-refuse-unmapped-hosts-close-open-for
secubox:feature/603-waf-port-live-mitmproxy-fixes-to-source
secubox:feature/601-vm-vm-shows-0-containers-lxc-enumeration
secubox:feature/599-threat-analyst-ingest-real-crowdsec-aler
secubox:feature/597-threat-analyst-global-security-overview
secubox:fix/595-threat-analyst-service-ends-up-disabled
secubox:fix/593-webui-fix-metrics-mitm-0-wrong-unit-thre
secubox:fix/autolearn-exclude-antibot
secubox:feature/589-autolearn-bad-trackers-actors-from-threa
secubox:feature/587-eye-graph-domain-suffix-country-cloud-nu
secubox:feature/578-banner-shareable-top-1-pin-quick-button
secubox:feature/577-perf-video-photo-cdn-proxy-cache-shared
secubox:fix/ad-ghost-collapse-placeholders
secubox:feature/576-ad-ghost-replace-ghosted-ad-with-a-css-l
secubox:fix/581-postinst-portal-stays-dead-after-dpkg-up
secubox:fix/575-eye-graph-remove-hide-all-ip-nodes-count
secubox:feature/574-webext-popup-protection-stats-quick-filt
secubox:feature/572-banner-colorful-emoji-chip-guirlande-fla
secubox:feature/570-toolbox-mitm-dpi-media-type-statistifier
secubox:feature/568-webext-popup-cap-top-tracker-list-to-5-e
secubox:feature/566-r3-r4-silent-ad-banner-ghoster-economisa
secubox:feature/564-detect-antibot-split-deployment-vs-chall
secubox:feature/562-ca-fingerprint-surface-the-r3-ca-on-the
secubox:feature/560-toolbox-protective-mode-tracker-alerting
secubox:feature/558-apk-make-zero-tap-auto-run-robust-real-f
secubox:feature/555-favicons-of-major-sites-in-the-xpi-popup
secubox:feature/553-cartographie-graph-impact-sized-icon-bub
secubox:feature/549-social-tracker-domain-rollup-history-tim
secubox:feature/545-injected-banner-neon-tube-redesign-for-r
secubox:feature/551-android-apk-zero-tap-auto-run-silent-onb
secubox:feature/547-linux-firefox-installer-script-for-the-t
secubox:feature/543-kbin-landing-radical-simplify-livelier-f
secubox:feature/532-plan-browser-xpi-webextension-emancipate
secubox:feature/490-phase-2c-toolbox-receiving-modules-actua
secubox:feature/538-android-app-root-mode-fully-automated-si
secubox:feature/536-serve-the-android-toolbox-apk-from-the-t
secubox:feature/531-plan-android-apk-one-tap-toolbox-r3-clie
secubox:fix/509-waf-soc-perf-double-buffered-cache-memor
secubox:fix/503-ci-disable-espressobin-v7-ultra-image-bu
secubox:feature/501-mitm-wg-multi-worker-fanout
secubox:perf/500-captive-flags-and-addon-async
secubox:feature/500-landing-platform-install
secubox:perf/500-mitm-wg-h2-and-concurrency
secubox:feature/500-phase8-utiq-quickwin
secubox:fix/498-crowdsec-sudoers-status
secubox:fix/498-auth-perms-and-rw
secubox:fix/498-ntp-health-timesyncd
secubox:feature/498-lxc-wg-privileged
secubox:feature/498-lxc-cutover-nm-name
secubox:feature/498-mitm-lxc-hardening
secubox:fix/498-crowdsec-health
secubox:chore/498-version-bump-wip
secubox:feature/498-nm-keyfile
secubox:fix/498-toolbox-ratelimit
secubox:fix/498-cert-probe
secubox:fix/498-r3-probe-same-origin
secubox:fix/498-xff-r3-detect
secubox:fix/498-wg-dns-fix
secubox:feature/498-wg-boot-and-waf-history
secubox:feature/498-asgi-migrate
secubox:feature/498-asgi-consolidation
secubox:feature/498-phase-6Q-quickwins
secubox:feature/498-phase-7-waf-active-enforcement-mitm-crow
secubox:feature/496-phase-6-wireguard-mitm-autocert-mode-r3
secubox:feature/495-phase-5-toolbox-mitm-in-dedicated-lxc-co
secubox:feature/492-phase-3-toolbox-transparency-layer-white
secubox:feature/488-phase-2b-toolbox-wire-mitm-addons-to-rec
secubox:feature/486-toolbox-phase-2a-geoip-flags-asn-secubox
secubox:feature/485-toolbox-phase-2a-soc-scoring-multi-signa
secubox:fix/465-revert-dts-patch-004-revert-hardware-usb
secubox:fix/463-dts-enable-usb3-superspeed-on-mpcie-slot
secubox:fix/458-mochabin-btusb-claims-mt7632u-interface
secubox:feature/450-refactor-move-secubox-mesh-yggdrasil-vpn
secubox:fix/444-kiosk-enable-cursor-on-pi-400-remove-noc
secubox:fix/442-rpi400-image-mass-mask-non-essential-ser
secubox:fix/436-build-scripts-stub-systemctl-handle-rasp
secubox:fix/433-build-rpi-usb-sh-kiosk-install-silently
secubox:fix/431-ci-install-binutils-aarch64-linux-gnu-fo
secubox:feature/429-secubox-nextcloud-dashboard-api-renvoie
secubox:feature/427-ci-build-packages-yml-arm64-matrix-build
secubox:feature/425-secubox-sentinelle-gsm-arm64-build-fails
secubox:feature/423-build-rpi-usb-sh-kiosk-flag-is-a-stub-pa
secubox:fix/150-nftables-service-masked-at-boot-board-lo
secubox:feature/152-roundcube-in-mail-lxc-configure-sqlite-b
secubox:fix/394-nextcloud-remove-authelia-auth-request-f
secubox:feature/410-secubox-user-provisioning-push-master-us
secubox:feature/409-secubox-avatar-smart-media-cookie-hoster
secubox:feature/407-privilege-separated-cookie-install-root
secubox:feature/401-secubox-webext-firefox-webextension-comp
secubox:feature/402-secubox-avatar-peek-poke-credential-brok
secubox:feature/400-secubox-sso-lite-native-auth-request-ver
secubox:feature/397-rework-secubox-photoprism-native-lxc-ins
secubox:feature/388-rework-secubox-peertube-align-with-secub
secubox:feature/398-secubox-nextcloud-capture-photolibrary-e
secubox:fix/395-waf-cred-004-false-positive-on-nextcloud
secubox:fix/392-vhost-health-error-status-404-502-hidden
secubox:feature/391-package-the-gk2-ram-optimization-pattern
secubox:feature/390-peertube-url-backport-vhost-template-por
secubox:docs/389-navbar-resort-hardening-repo-into-root-c
secubox:feature/377-feat-fmrelay-stream-fm-rds-as-icecast-mo
secubox:feat/sentinelle-v0-4-0-rds-extension
secubox:feat/zigbee-v2-6-0-backup-restore
secubox:fix/core-lxc-autostart-wait-for-data
secubox:fix/zigbee-access-list-public-url
secubox:fix/hub-sidebar-precache-instant-render
secubox:feature/370-x64-netplan-profiles-static-ip-fallback
secubox:feat/threat-analyst-v1-4-0-actually-useful
secubox:feat/threat-analyst-v1-3-0-simple-rewrite
secubox:fix/threat-analyst-v1-2-0-jwt-noop
secubox:fix/threat-analyst-v1-1-3-nocache
secubox:fix/threat-analyst-v1-1-2-cors-credentials
secubox:fix/threat-analyst-v1-1-1-navbar-padding
secubox:fix/361-secubox-threat-analyst-v1-1-0-wire-metri
secubox:fix/360-fix-secubox-hub-soc-dashboard-card-metri
secubox:feature/357-secubox-sentinelle-gsm-v0-3-6-async-job
secubox:feature/356-secubox-sentinelle-gsm-v0-3-5-scan-auto
secubox:fix/354-secubox-sentinelle-gsm-v0-3-4-monkey-pat
secubox:feature/345-mochabin-mpcie-slot-j5-investigate-w-dis
secubox:fix/353-secubox-sentinelle-gsm-v0-3-3-drop-args
secubox:feature/319-data-essential-data-convention-audit-30
secubox:fix/286-haproxyctl-cmd-generate-drops-backend-de
secubox:feature/312-secubox-threats-rebuild-threats-as-the-c
secubox:feature/310-secubox-authelia-split-auth-control-dash
secubox:feature/306-consolidate-navbar-to-6-charter-categori
secubox:fix/303-secubox-zigbee-menu-d-80-zigbee-json-is
secubox:fix/301-secubox-dns-provider-add-provider-modal
secubox:fix/299-secubox-dns-provider-webui-add-provider
secubox:feature/297-kernel-build-github-actions-workflow-for
secubox:feature/295-kernel-build-add-config-zram-m-zstd-comp
secubox:fix/293-secubox-zigbee-zigbee-config-ui-hidden-u
secubox:fix/290-health-banner-remove-clickable-alert-lin
secubox:feature/289-secubox-zigbee-split-secubox-config-modu
secubox:feature/287-secubox-lyrion-move-public-vhost-from-ly
secubox:feature/284-secubox-nextcloud-ship-etc-secubox-nextc
secubox:fix/282-secubox-nextcloud-nextcloud-must-stay-th
secubox:feature/280-secubox-nextcloud-modernize-lxc-install
secubox:feature/278-secubox-authelia-own-the-sbx-auth-login
secubox:fix/274-secubox-authelia-verify-must-forward-x-o
secubox:fix/273-secubox-zigbee-secubox-lyrion-auth-redir
secubox:feature/272-secubox-authelia-session-cookies-must-in
secubox:feature/270-secubox-authelia-server-level-banner-sub
secubox:feature/268-secubox-authelia-x-forwarded-proto-must
secubox:feature/266-secubox-authelia-zigbee-lyrion-4-fixes-f
secubox:feature/264-secubox-zigbee-secubox-lyrion-swap-lan-o
secubox:feature/262-secubox-authelia-implement-verify-real-a
secubox:feature/260-secubox-lyrion-lan-only-gate-on-lyrion-l
secubox:fix/241-secubox-zigbee-v2.4.1-sonoff-mg21
secubox:feature/255-mochabin-dt-board-mpcie-slot-usb-pins-no
secubox:feature/237-secubox-sentinelle-gsm-passive-rx-sdr-se
secubox:feature/236-secubox-rbs-sensor-wall-opad-rogue-base
secubox:feature/241-secubox-zigbee-v2-4-0-rewrite-in-place-z
secubox:feature/240-secubox-mqtt-v2-4-0-rewrite-in-place-mos
secubox:feature/247-health-banner-clickable-cross-domain-lin
secubox:feature/246-secubox-yacy-nginx-vhost-missing-well-kn
secubox:feature/248-secubox-lyrion-expose-web-ui-on-lan-ip-1
secubox:feature/244-secubox-lyrion-lxc-host-lyrion-music-ser
secubox:feature/239-secubox-authelia-sso-idp-lxc-authelia-oi
secubox:feature/234-secubox-rustdesk-new-lxc-module-for-self
secubox:feature/232-secubox-yacy-new-lxc-module-for-peer-to
secubox:feature/230-secubox-grafana-new-lxc-module-for-secur
secubox:fix/228-missing-tools-on-images-secubox-flash-di
secubox:fix/226-bare-metal-x86-64-polish-gate-pi-hardwar
secubox:fix/224-kiosk-launcher-chromium-fails-on-debian
secubox:fix/222-login-redirect-loop-68-web-ui-files-stil
secubox:fix/220-secubox-health-doctor-duplicate-debhelpe
secubox:fix/218-build-image-sh-skips-debian-deps-python3
secubox:docs/216-docs-codify-the-secubox-grammar-modular
secubox:feature/214-health-doctor-drop-act-runner-arm64-from
secubox:feature/212-secubox-health-doctor-vital-services-hea
secubox:fix/210-firstboot-users-json-wrong-schema-sha256
secubox:fix/200-metablogizerctl-publish-should-orchestra
secubox:fix/207-eye-square-ship-firstboot-sh-outside-usr
secubox:fix/202-eye-square-debian-rules-content-drift-re
secubox:fix/203-ci-build-packages-discover-step-schedule
secubox:fix/201-secubox-eye-square-switch-to-architectur
secubox:feature/196-implement-secubox-droplet-cli-dropletctl
secubox:fix/197-api-v1-health-alias
secubox:fix/round-real-root-icons
secubox:fix/round-armv6-boot-services
secubox:fix/194-secubox-metrics-visitororigin-entries-em
secubox:feature/192-portal-regenerate-full-dashboard-navbar
secubox:feature/190-giteactl-runner-forge-runner-add-remove
secubox:feature/180-publishctl-rename-metactl-forge-post-nou
secubox:feature/182-streamlitctl-extend-lifecycle-only-ctl-w
secubox:feature/183-streamforgectl-forge-missing-ctl-streaml
secubox:feature/184-metablogizerctl-extend-reference-ctl-wit
secubox:feature/181-dropletctl-forge-missing-ctl-file-upload
secubox:feature/176-giteactl-forge-repo-mirror-add-remove-li
secubox:feature/177-ci-mirror-github-workflows-gitea-workflo
secubox:feature/173-mitmproxyctl-align-with-lxc-reality-add
secubox:fix/rpi4b-radar-arcs-top-centered
secubox:fix/170-cookie-audit-pipeline-hardening-apparmor
secubox:fix/167-secubox-hub-vs-secubox-portal-login-html
secubox:fix/163-triple-soc-location-duplicate-breaks-ngi
secubox:fix/162-secubox-core-postinst-overwrites-etc-ngi
secubox:feature/158-live-deploy-fixes-followup
secubox:feature/158-eye-remote-multi-gadget-l3-dhcp-server-o
secubox:fix/155-eye-remote-link-rename-collision-when-mu
secubox:feature/153-mail-stack-phase-2-rspamd-migration-roun
secubox:feature/156-cookie-audit-pipeline-rgpd-eprivacy-comp
secubox:feature/147-add-scripts-check-dashboard-cache-py-lin
secubox:feature/136-mail-stack-phase-1-source-catch-up-legac
secubox:fix/145-secubox-waf-apply-double-cache-pattern-o
secubox:feature/138-port-radar-concentric-into-secubox-commo
secubox:fix/139-round-image-usb0-otg-networking-dead-ifu
secubox:fix/133-remote-ui-square-4-bugs-caught-at-pi-4b
secubox:feature/127-add-remote-ui-square-variant-for-pi-4b-7
secubox:feature/127-phase3-python-kiosk
secubox:feature/127-phase2-square-variant
secubox:feature/120-auth-rework-secubox-users-as-identity-so
secubox:fix/124-build-live-usb-safety-protect-host-dev-f
secubox:feature/122-build-live-usb-sh-add-static-ip-hostname
secubox:fix/117-metablogizer-webhook-git-pull-fails-on-d
secubox:feature/113-metablogizer-deploy-webhook-sub-e-of-49
secubox:fix/114-secubox-hub-sidebar-enters-mobile-mode-o
secubox:fix/111-metablogizer-api-load-sites-called-repea
secubox:fix/109-metablogizer-api-sub-c-runtime-imports-f
secubox:fix/106-metablogizer-api-delete-site-name-fails
secubox:fix/105-metablogizer-ui-api-helper-swallows-res
secubox:feature/103-metablogizer-version-dashboard-ui-module
secubox:feature/101-metablogizer-site-json-schema-version-me
secubox:feature/95-streamlit-per-site-version-pinning-conta
secubox:feature/94-metablogizer-gitea-ingest-import-166-sit
secubox:feature/49-feat-metablogizer-streamlit-version-mana
secubox:fix/92-uvicorn-sibling-imports
secubox:feature/92-health-banner-visitor-origin-feed-anonym
secubox:feature/89-secubox-apt-clone-validate-implementatio
secubox:feature/license-headers-phase-a
secubox:feature/license-phase-b-full
secubox:feature/83-multi-agent-worktree-workflow
secubox:feature/eye-remote-auto-mode
secubox:feature/sync-workflow-eyemote
secubox:feature/multigadget-docs
secubox:v2.14.1
secubox:v2.14.0
secubox:android-v0.4.0
secubox:webext-v0.1.5
secubox:webext-v0.1.4
secubox:webext-v0.1.3
secubox:webext-v0.1.2
secubox:android-v0.3.0
secubox:android-v0.2.0
secubox:webext-v0.1.1
secubox:webext-v0.1.0
secubox:android-v0.1.0
secubox:v2.13.20
secubox:v2.13.19
secubox:v2.13.18
secubox:v2.13.17
secubox:v2.13.16
secubox:v2.13.15
secubox:v2.13.14
secubox:v2.13.13
secubox:v2.13.12
secubox:v2.13.11
secubox:v2.13.10
secubox:v2.13.9
secubox:v2.13.8
secubox:v2.13.7
secubox:v2.13.6
secubox:v2.13.5
secubox:v2.13.4
secubox:v2.13.3
secubox:v2.13.2
secubox:v2.13.1
secubox:v2.13.0
secubox:v2.12.18
secubox:v2.12.17
secubox:v2.12.16
secubox:v2.12.15
secubox:v2.12.14
secubox:v2.12.13
secubox:v2.12.12
secubox:v2.12.11
secubox:v2.12.10
secubox:v2.12.9
secubox:v2.12.8
secubox:v2.12.7
secubox:v2.12.6
secubox:v2.12.5
secubox:v2.12.4
secubox:v2.12.3
secubox:v2.12.2
secubox:v2.12.1
secubox:v2.12.0
secubox:v2.11.1
secubox:v2.11.0
secubox:v2.10.3
secubox:v2.10.2
secubox:v2.10.1
secubox:v2.10.0
secubox:v2.9.0
secubox:v2.2.1-eye-remote
secubox:v2.8.0
secubox:v2.7.3
secubox:v2.7.2
secubox:v2.7.1
secubox:v2.7.0
secubox:v2.6.1
secubox:v2.6.0
secubox:v2.5.0
secubox:v2.4.0
secubox:v2.3.0
secubox:v2.2.0
secubox:v2.1.1
secubox:v1.9.0
secubox:multiboot-v2.2.4-live
secubox:multiboot-v2.2.4-pre1
secubox:v2.1.0
secubox:v1.8.0
secubox:v1.7.1
secubox:v1.7.0.1
secubox:v1.7.0
secubox:v1.6.7.14
secubox:v1.6.7.13
secubox:v1.6.7.12
secubox:v1.6.7.11
secubox:v1.6.7
secubox:v1.6.5
secubox:v1.6.0
secubox:v1.5.9
secubox:v1.5.8
secubox:v1.5.7
secubox:v1.5.6
secubox:v1.5.5
secubox:v1.5.4
secubox:v1.5.3
secubox:v1.5.2
secubox:v1.5.1
secubox:v1.5.0
secubox:v1.4.2
secubox:v1.4.1
secubox:v1.4.0
secubox:v1.3.11
secubox:v1.3.10
secubox:v1.3.9
secubox:v1.3.8
secubox:v1.3.7
secubox:v1.3.6
secubox:v1.3.5
secubox:v1.3.4
secubox:v1.3.3
secubox:v1.3.2
secubox:v1.3.1
secubox:v1.3.0
secubox:v1.2.0
secubox:v1.1.0
secubox:v1.0.0
secubox:test-devel
..
compare: secubox:68490a4a9bf80bd036eaa6c6d424c603e33cb52f
Branches Tags
secubox:master
secubox:feature/appstore-phase-a
secubox:feature/gondwana-phase1-mesh
secubox:fix/remove-authelia-sso
secubox:feature/760-standardize-secubox-lan-to-192-168-10-0
secubox:fix/secubox-p2p-master-link-statedir
secubox:feature/761-fix-podcaster-audio-player-stops-every-f
secubox:feature/758-nft-based-network-stats-log-counter-drop
secubox:feature/748-enhanced-tow-boot-http-netboot-serial-fl
secubox:feature/738-aggregator-resilience-sweep-async-handle
secubox:feature/737-secubox-netboot-provisioning-reseau-over
secubox:feature/728-sovereign-threat-intel-drop-crowdsec-cap
secubox:feature/727-secubox-aggregator-auto-heal-watchdog-ti
secubox:feature/726-secubox-podcaster-modern-podcast-manager
secubox:fix/494-secubox-core-service-execstart-overrides
secubox:feature/65-fix-nginx-add-missing-api-routes-to-webu
secubox:fix/53-wazuh-uvicorn-process-causes-100-cpu-spi
secubox:fix/121-metablog-ingest-site-dirs-should-be-crea
secubox:feature/724-toolbox-banner-in-banner-r0-r3-level-swi
secubox:feature/722-dpi-phase-3-ndpid-daemon-ci-cross-build
secubox:feature/720-dpi-phase-3-per-device-daily-history-tim
secubox:feature/718-dpi-phase-3-asn-enrichment-classify-sni
secubox:feature/716-kbin-pdf-donut-grid-layout-broken-each-d
secubox:feature/714-kbin-pdf-charts-blank-in-some-viewers-re
secubox:feature/711-kbin-pdf-donut-charts-render-as-solid-pi
secubox:feature/709-kbin-pdf-integrate-carto-graph-emoji-dat
secubox:feature/707-kbin-report-cyberpunk-netrunner-characte
secubox:feature/705-dpi-report-shows-zeros-exfil-is-a-60s-sn
secubox:feature/703-kbin-pdf-render-visual-donut-charts-mitm
secubox:feature/701-kbin-pdf-report-include-dpi-exfil-stats
secubox:feature/699-kbin-report-tabbed-donut-stats-pistage-d
secubox:feature/697-sbxmitm-truncates-responses-8mib-large-g
secubox:feature/695-dpi-dashboard-fill-top-apps-protocols-ba
secubox:feature/692-dpi-beaconing-rule-fires-on-sub-second-a
secubox:feature/687-plan-full-flow-dpi-on-r3-ndpid-netifyd-p
secubox:feature/689-sbxmitm-forged-leaf-certs-expire-after-2
secubox:feature/683-plan-kbin-tor-endpoint-quick-switch-anon
secubox:fix/662-altsvc-strip
secubox:feat/662-client-geoflag
secubox:feat/662-inline-banner
secubox:feat/662-adlearn
secubox:feat/662-social-relay
secubox:feat/662-cumulative-live
secubox:feat/662-analysis-relay
secubox:feat/662-csp-demo
secubox:feat/662-utls-chrome
secubox:feat/662-adstats-popups
secubox:fix/662-no-follow-redirect
secubox:fix/662-gzip-banner
secubox:feat/662-cutover-fix
secubox:feat/662-transparent-machash
secubox:feat/662-phase5prep-pkg
secubox:feat/662-phase4-jar
secubox:feat/662-phase3-parity
secubox:feat/662-phase2b-bench
secubox:fix/662-restore-ng-source
secubox:feature/662-epic-migrate-toolbox-mitm-engine-off-pyt
secubox:fix/cap-lists-5
secubox:feature/659-feat-toolbox-per-visitor-ad-block-breakd
secubox:fix/ad-learn-self-block-hardening
secubox:feature/656-feat-toolbox-ad-intelligence-aggressive
secubox:fix/653-fix-toolbox-banner-reliability-inline-bu
secubox:feature/651-perf-toolbox-649-follow-up-broaden-splic
secubox:feature/649-perf-toolbox-selective-sni-splice-passth
secubox:fix/623-postinst-systemic-var-lib-log-cache-secu
secubox:feature/646-perf-toolbox-adaptive-accept-encoding-st
secubox:fix/644-hub-dashboard-latency-9-12s-per-module-s
secubox:fix/642-social-graph-ip-literal-self-traffic-rec
secubox:feature/634-toolbox-clients-reset-all-clients-reset
secubox:fix/639-toolbox-banner-injected-into-iframes-sub
secubox:fix/636-toolbox-r3-banner-stream-inject-loader-b
secubox:feature/633-anti-track-v2-layered-block-poison-anony
secubox:feature/630-make-live-ops-fixes-permanent-package-di
secubox:feature/628-hub-health-monitor-page-vital-common-ser
secubox:feature/626-haproxy-smart-self-healing-error-pages-5
secubox:feature/624-waf-robustness-package-self-healing-insp
secubox:feature/620-toolbox-ttfb-perf-stream-inject-async-pe
secubox:fix/619-hub-dashboard-services-cache-never-warms
secubox:feature/617-security-posture-full-rewrite-honest-boa
secubox:feature/615-security-posture-add-security-posture-to
secubox:feature/613-threat-analyst-add-country-flags-to-top
secubox:feature/611-threat-analyst-limit-recent-attacks-tabl
secubox:feature/609-waf-robust-route-propagation-dir-bind-mo
secubox:feature/607-waf-behind-waf-media-cache-image-video-s
secubox:feature/605-waf-refuse-unmapped-hosts-close-open-for
secubox:feature/603-waf-port-live-mitmproxy-fixes-to-source
secubox:feature/601-vm-vm-shows-0-containers-lxc-enumeration
secubox:feature/599-threat-analyst-ingest-real-crowdsec-aler
secubox:feature/597-threat-analyst-global-security-overview
secubox:fix/595-threat-analyst-service-ends-up-disabled
secubox:fix/593-webui-fix-metrics-mitm-0-wrong-unit-thre
secubox:fix/autolearn-exclude-antibot
secubox:feature/589-autolearn-bad-trackers-actors-from-threa
secubox:feature/587-eye-graph-domain-suffix-country-cloud-nu
secubox:feature/578-banner-shareable-top-1-pin-quick-button
secubox:feature/577-perf-video-photo-cdn-proxy-cache-shared
secubox:fix/ad-ghost-collapse-placeholders
secubox:feature/576-ad-ghost-replace-ghosted-ad-with-a-css-l
secubox:fix/581-postinst-portal-stays-dead-after-dpkg-up
secubox:fix/575-eye-graph-remove-hide-all-ip-nodes-count
secubox:feature/574-webext-popup-protection-stats-quick-filt
secubox:feature/572-banner-colorful-emoji-chip-guirlande-fla
secubox:feature/570-toolbox-mitm-dpi-media-type-statistifier
secubox:feature/568-webext-popup-cap-top-tracker-list-to-5-e
secubox:feature/566-r3-r4-silent-ad-banner-ghoster-economisa
secubox:feature/564-detect-antibot-split-deployment-vs-chall
secubox:feature/562-ca-fingerprint-surface-the-r3-ca-on-the
secubox:feature/560-toolbox-protective-mode-tracker-alerting
secubox:feature/558-apk-make-zero-tap-auto-run-robust-real-f
secubox:feature/555-favicons-of-major-sites-in-the-xpi-popup
secubox:feature/553-cartographie-graph-impact-sized-icon-bub
secubox:feature/549-social-tracker-domain-rollup-history-tim
secubox:feature/545-injected-banner-neon-tube-redesign-for-r
secubox:feature/551-android-apk-zero-tap-auto-run-silent-onb
secubox:feature/547-linux-firefox-installer-script-for-the-t
secubox:feature/543-kbin-landing-radical-simplify-livelier-f
secubox:feature/532-plan-browser-xpi-webextension-emancipate
secubox:feature/490-phase-2c-toolbox-receiving-modules-actua
secubox:feature/538-android-app-root-mode-fully-automated-si
secubox:feature/536-serve-the-android-toolbox-apk-from-the-t
secubox:feature/531-plan-android-apk-one-tap-toolbox-r3-clie
secubox:fix/509-waf-soc-perf-double-buffered-cache-memor
secubox:fix/503-ci-disable-espressobin-v7-ultra-image-bu
secubox:feature/501-mitm-wg-multi-worker-fanout
secubox:perf/500-captive-flags-and-addon-async
secubox:feature/500-landing-platform-install
secubox:perf/500-mitm-wg-h2-and-concurrency
secubox:feature/500-phase8-utiq-quickwin
secubox:fix/498-crowdsec-sudoers-status
secubox:fix/498-auth-perms-and-rw
secubox:fix/498-ntp-health-timesyncd
secubox:feature/498-lxc-wg-privileged
secubox:feature/498-lxc-cutover-nm-name
secubox:feature/498-mitm-lxc-hardening
secubox:fix/498-crowdsec-health
secubox:chore/498-version-bump-wip
secubox:feature/498-nm-keyfile
secubox:fix/498-toolbox-ratelimit
secubox:fix/498-cert-probe
secubox:fix/498-r3-probe-same-origin
secubox:fix/498-xff-r3-detect
secubox:fix/498-wg-dns-fix
secubox:feature/498-wg-boot-and-waf-history
secubox:feature/498-asgi-migrate
secubox:feature/498-asgi-consolidation
secubox:feature/498-phase-6Q-quickwins
secubox:feature/498-phase-7-waf-active-enforcement-mitm-crow
secubox:feature/496-phase-6-wireguard-mitm-autocert-mode-r3
secubox:feature/495-phase-5-toolbox-mitm-in-dedicated-lxc-co
secubox:feature/492-phase-3-toolbox-transparency-layer-white
secubox:feature/488-phase-2b-toolbox-wire-mitm-addons-to-rec
secubox:feature/486-toolbox-phase-2a-geoip-flags-asn-secubox
secubox:feature/485-toolbox-phase-2a-soc-scoring-multi-signa
secubox:fix/465-revert-dts-patch-004-revert-hardware-usb
secubox:fix/463-dts-enable-usb3-superspeed-on-mpcie-slot
secubox:fix/458-mochabin-btusb-claims-mt7632u-interface
secubox:feature/450-refactor-move-secubox-mesh-yggdrasil-vpn
secubox:fix/444-kiosk-enable-cursor-on-pi-400-remove-noc
secubox:fix/442-rpi400-image-mass-mask-non-essential-ser
secubox:fix/436-build-scripts-stub-systemctl-handle-rasp
secubox:fix/433-build-rpi-usb-sh-kiosk-install-silently
secubox:fix/431-ci-install-binutils-aarch64-linux-gnu-fo
secubox:feature/429-secubox-nextcloud-dashboard-api-renvoie
secubox:feature/427-ci-build-packages-yml-arm64-matrix-build
secubox:feature/425-secubox-sentinelle-gsm-arm64-build-fails
secubox:feature/423-build-rpi-usb-sh-kiosk-flag-is-a-stub-pa
secubox:fix/150-nftables-service-masked-at-boot-board-lo
secubox:feature/152-roundcube-in-mail-lxc-configure-sqlite-b
secubox:fix/394-nextcloud-remove-authelia-auth-request-f
secubox:feature/410-secubox-user-provisioning-push-master-us
secubox:feature/409-secubox-avatar-smart-media-cookie-hoster
secubox:feature/407-privilege-separated-cookie-install-root
secubox:feature/401-secubox-webext-firefox-webextension-comp
secubox:feature/402-secubox-avatar-peek-poke-credential-brok
secubox:feature/400-secubox-sso-lite-native-auth-request-ver
secubox:feature/397-rework-secubox-photoprism-native-lxc-ins
secubox:feature/388-rework-secubox-peertube-align-with-secub
secubox:feature/398-secubox-nextcloud-capture-photolibrary-e
secubox:fix/395-waf-cred-004-false-positive-on-nextcloud
secubox:fix/392-vhost-health-error-status-404-502-hidden
secubox:feature/391-package-the-gk2-ram-optimization-pattern
secubox:feature/390-peertube-url-backport-vhost-template-por
secubox:docs/389-navbar-resort-hardening-repo-into-root-c
secubox:feature/377-feat-fmrelay-stream-fm-rds-as-icecast-mo
secubox:feat/sentinelle-v0-4-0-rds-extension
secubox:feat/zigbee-v2-6-0-backup-restore
secubox:fix/core-lxc-autostart-wait-for-data
secubox:fix/zigbee-access-list-public-url
secubox:fix/hub-sidebar-precache-instant-render
secubox:feature/370-x64-netplan-profiles-static-ip-fallback
secubox:feat/threat-analyst-v1-4-0-actually-useful
secubox:feat/threat-analyst-v1-3-0-simple-rewrite
secubox:fix/threat-analyst-v1-2-0-jwt-noop
secubox:fix/threat-analyst-v1-1-3-nocache
secubox:fix/threat-analyst-v1-1-2-cors-credentials
secubox:fix/threat-analyst-v1-1-1-navbar-padding
secubox:fix/361-secubox-threat-analyst-v1-1-0-wire-metri
secubox:fix/360-fix-secubox-hub-soc-dashboard-card-metri
secubox:feature/357-secubox-sentinelle-gsm-v0-3-6-async-job
secubox:feature/356-secubox-sentinelle-gsm-v0-3-5-scan-auto
secubox:fix/354-secubox-sentinelle-gsm-v0-3-4-monkey-pat
secubox:feature/345-mochabin-mpcie-slot-j5-investigate-w-dis
secubox:fix/353-secubox-sentinelle-gsm-v0-3-3-drop-args
secubox:feature/319-data-essential-data-convention-audit-30
secubox:fix/286-haproxyctl-cmd-generate-drops-backend-de
secubox:feature/312-secubox-threats-rebuild-threats-as-the-c
secubox:feature/310-secubox-authelia-split-auth-control-dash
secubox:feature/306-consolidate-navbar-to-6-charter-categori
secubox:fix/303-secubox-zigbee-menu-d-80-zigbee-json-is
secubox:fix/301-secubox-dns-provider-add-provider-modal
secubox:fix/299-secubox-dns-provider-webui-add-provider
secubox:feature/297-kernel-build-github-actions-workflow-for
secubox:feature/295-kernel-build-add-config-zram-m-zstd-comp
secubox:fix/293-secubox-zigbee-zigbee-config-ui-hidden-u
secubox:fix/290-health-banner-remove-clickable-alert-lin
secubox:feature/289-secubox-zigbee-split-secubox-config-modu
secubox:feature/287-secubox-lyrion-move-public-vhost-from-ly
secubox:feature/284-secubox-nextcloud-ship-etc-secubox-nextc
secubox:fix/282-secubox-nextcloud-nextcloud-must-stay-th
secubox:feature/280-secubox-nextcloud-modernize-lxc-install
secubox:feature/278-secubox-authelia-own-the-sbx-auth-login
secubox:fix/274-secubox-authelia-verify-must-forward-x-o
secubox:fix/273-secubox-zigbee-secubox-lyrion-auth-redir
secubox:feature/272-secubox-authelia-session-cookies-must-in
secubox:feature/270-secubox-authelia-server-level-banner-sub
secubox:feature/268-secubox-authelia-x-forwarded-proto-must
secubox:feature/266-secubox-authelia-zigbee-lyrion-4-fixes-f
secubox:feature/264-secubox-zigbee-secubox-lyrion-swap-lan-o
secubox:feature/262-secubox-authelia-implement-verify-real-a
secubox:feature/260-secubox-lyrion-lan-only-gate-on-lyrion-l
secubox:fix/241-secubox-zigbee-v2.4.1-sonoff-mg21
secubox:feature/255-mochabin-dt-board-mpcie-slot-usb-pins-no
secubox:feature/237-secubox-sentinelle-gsm-passive-rx-sdr-se
secubox:feature/236-secubox-rbs-sensor-wall-opad-rogue-base
secubox:feature/241-secubox-zigbee-v2-4-0-rewrite-in-place-z
secubox:feature/240-secubox-mqtt-v2-4-0-rewrite-in-place-mos
secubox:feature/247-health-banner-clickable-cross-domain-lin
secubox:feature/246-secubox-yacy-nginx-vhost-missing-well-kn
secubox:feature/248-secubox-lyrion-expose-web-ui-on-lan-ip-1
secubox:feature/244-secubox-lyrion-lxc-host-lyrion-music-ser
secubox:feature/239-secubox-authelia-sso-idp-lxc-authelia-oi
secubox:feature/234-secubox-rustdesk-new-lxc-module-for-self
secubox:feature/232-secubox-yacy-new-lxc-module-for-peer-to
secubox:feature/230-secubox-grafana-new-lxc-module-for-secur
secubox:fix/228-missing-tools-on-images-secubox-flash-di
secubox:fix/226-bare-metal-x86-64-polish-gate-pi-hardwar
secubox:fix/224-kiosk-launcher-chromium-fails-on-debian
secubox:fix/222-login-redirect-loop-68-web-ui-files-stil
secubox:fix/220-secubox-health-doctor-duplicate-debhelpe
secubox:fix/218-build-image-sh-skips-debian-deps-python3
secubox:docs/216-docs-codify-the-secubox-grammar-modular
secubox:feature/214-health-doctor-drop-act-runner-arm64-from
secubox:feature/212-secubox-health-doctor-vital-services-hea
secubox:fix/210-firstboot-users-json-wrong-schema-sha256
secubox:fix/200-metablogizerctl-publish-should-orchestra
secubox:fix/207-eye-square-ship-firstboot-sh-outside-usr
secubox:fix/202-eye-square-debian-rules-content-drift-re
secubox:fix/203-ci-build-packages-discover-step-schedule
secubox:fix/201-secubox-eye-square-switch-to-architectur
secubox:feature/196-implement-secubox-droplet-cli-dropletctl
secubox:fix/197-api-v1-health-alias
secubox:fix/round-real-root-icons
secubox:fix/round-armv6-boot-services
secubox:fix/194-secubox-metrics-visitororigin-entries-em
secubox:feature/192-portal-regenerate-full-dashboard-navbar
secubox:feature/190-giteactl-runner-forge-runner-add-remove
secubox:feature/180-publishctl-rename-metactl-forge-post-nou
secubox:feature/182-streamlitctl-extend-lifecycle-only-ctl-w
secubox:feature/183-streamforgectl-forge-missing-ctl-streaml
secubox:feature/184-metablogizerctl-extend-reference-ctl-wit
secubox:feature/181-dropletctl-forge-missing-ctl-file-upload
secubox:feature/176-giteactl-forge-repo-mirror-add-remove-li
secubox:feature/177-ci-mirror-github-workflows-gitea-workflo
secubox:feature/173-mitmproxyctl-align-with-lxc-reality-add
secubox:fix/rpi4b-radar-arcs-top-centered
secubox:fix/170-cookie-audit-pipeline-hardening-apparmor
secubox:fix/167-secubox-hub-vs-secubox-portal-login-html
secubox:fix/163-triple-soc-location-duplicate-breaks-ngi
secubox:fix/162-secubox-core-postinst-overwrites-etc-ngi
secubox:feature/158-live-deploy-fixes-followup
secubox:feature/158-eye-remote-multi-gadget-l3-dhcp-server-o
secubox:fix/155-eye-remote-link-rename-collision-when-mu
secubox:feature/153-mail-stack-phase-2-rspamd-migration-roun
secubox:feature/156-cookie-audit-pipeline-rgpd-eprivacy-comp
secubox:feature/147-add-scripts-check-dashboard-cache-py-lin
secubox:feature/136-mail-stack-phase-1-source-catch-up-legac
secubox:fix/145-secubox-waf-apply-double-cache-pattern-o
secubox:feature/138-port-radar-concentric-into-secubox-commo
secubox:fix/139-round-image-usb0-otg-networking-dead-ifu
secubox:fix/133-remote-ui-square-4-bugs-caught-at-pi-4b
secubox:feature/127-add-remote-ui-square-variant-for-pi-4b-7
secubox:feature/127-phase3-python-kiosk
secubox:feature/127-phase2-square-variant
secubox:feature/120-auth-rework-secubox-users-as-identity-so
secubox:fix/124-build-live-usb-safety-protect-host-dev-f
secubox:feature/122-build-live-usb-sh-add-static-ip-hostname
secubox:fix/117-metablogizer-webhook-git-pull-fails-on-d
secubox:feature/113-metablogizer-deploy-webhook-sub-e-of-49
secubox:fix/114-secubox-hub-sidebar-enters-mobile-mode-o
secubox:fix/111-metablogizer-api-load-sites-called-repea
secubox:fix/109-metablogizer-api-sub-c-runtime-imports-f
secubox:fix/106-metablogizer-api-delete-site-name-fails
secubox:fix/105-metablogizer-ui-api-helper-swallows-res
secubox:feature/103-metablogizer-version-dashboard-ui-module
secubox:feature/101-metablogizer-site-json-schema-version-me
secubox:feature/95-streamlit-per-site-version-pinning-conta
secubox:feature/94-metablogizer-gitea-ingest-import-166-sit
secubox:feature/49-feat-metablogizer-streamlit-version-mana
secubox:fix/92-uvicorn-sibling-imports
secubox:feature/92-health-banner-visitor-origin-feed-anonym
secubox:feature/89-secubox-apt-clone-validate-implementatio
secubox:feature/license-headers-phase-a
secubox:feature/license-phase-b-full
secubox:feature/83-multi-agent-worktree-workflow
secubox:feature/eye-remote-auto-mode
secubox:feature/sync-workflow-eyemote
secubox:feature/multigadget-docs
secubox:v2.14.1
secubox:v2.14.0
secubox:android-v0.4.0
secubox:webext-v0.1.5
secubox:webext-v0.1.4
secubox:webext-v0.1.3
secubox:webext-v0.1.2
secubox:android-v0.3.0
secubox:android-v0.2.0
secubox:webext-v0.1.1
secubox:webext-v0.1.0
secubox:android-v0.1.0
secubox:v2.13.20
secubox:v2.13.19
secubox:v2.13.18
secubox:v2.13.17
secubox:v2.13.16
secubox:v2.13.15
secubox:v2.13.14
secubox:v2.13.13
secubox:v2.13.12
secubox:v2.13.11
secubox:v2.13.10
secubox:v2.13.9
secubox:v2.13.8
secubox:v2.13.7
secubox:v2.13.6
secubox:v2.13.5
secubox:v2.13.4
secubox:v2.13.3
secubox:v2.13.2
secubox:v2.13.1
secubox:v2.13.0
secubox:v2.12.18
secubox:v2.12.17
secubox:v2.12.16
secubox:v2.12.15
secubox:v2.12.14
secubox:v2.12.13
secubox:v2.12.12
secubox:v2.12.11
secubox:v2.12.10
secubox:v2.12.9
secubox:v2.12.8
secubox:v2.12.7
secubox:v2.12.6
secubox:v2.12.5
secubox:v2.12.4
secubox:v2.12.3
secubox:v2.12.2
secubox:v2.12.1
secubox:v2.12.0
secubox:v2.11.1
secubox:v2.11.0
secubox:v2.10.3
secubox:v2.10.2
secubox:v2.10.1
secubox:v2.10.0
secubox:v2.9.0
secubox:v2.2.1-eye-remote
secubox:v2.8.0
secubox:v2.7.3
secubox:v2.7.2
secubox:v2.7.1
secubox:v2.7.0
secubox:v2.6.1
secubox:v2.6.0
secubox:v2.5.0
secubox:v2.4.0
secubox:v2.3.0
secubox:v2.2.0
secubox:v2.1.1
secubox:v1.9.0
secubox:multiboot-v2.2.4-live
secubox:multiboot-v2.2.4-pre1
secubox:v2.1.0
secubox:v1.8.0
secubox:v1.7.1
secubox:v1.7.0.1
secubox:v1.7.0
secubox:v1.6.7.14
secubox:v1.6.7.13
secubox:v1.6.7.12
secubox:v1.6.7.11
secubox:v1.6.7
secubox:v1.6.5
secubox:v1.6.0
secubox:v1.5.9
secubox:v1.5.8
secubox:v1.5.7
secubox:v1.5.6
secubox:v1.5.5
secubox:v1.5.4
secubox:v1.5.3
secubox:v1.5.2
secubox:v1.5.1
secubox:v1.5.0
secubox:v1.4.2
secubox:v1.4.1
secubox:v1.4.0
secubox:v1.3.11
secubox:v1.3.10
secubox:v1.3.9
secubox:v1.3.8
secubox:v1.3.7
secubox:v1.3.6
secubox:v1.3.5
secubox:v1.3.4
secubox:v1.3.3
secubox:v1.3.2
secubox:v1.3.1
secubox:v1.3.0
secubox:v1.2.0
secubox:v1.1.0
secubox:v1.0.0
secubox:test-devel

No commits in common. "ab8822e3f4a736cdd8a2921c406489bb0e925969" and "68490a4a9bf80bd036eaa6c6d424c603e33cb52f" have entirely different histories.
ab8822e3f4 ... 68490a4a9b

70 changed files with 123 additions and 192 deletions
Show Stats Expand all files Collapse all files

23
.claude/HISTORY.md
View File

@ -3,29 +3,6 @@
---
## 2026-06-18 — #623 systemic shared-parent clobber resolved at source (PR #648)
- **Root cause corrected.** The recurring `/var/{lib,log,cache,…}/secubox` parent
clobber was NOT the `install -d -m 0750 /parent/leaf` leaf form (empirically
proven harmless: GNU `install -d -m` modes only the final component). It was the
scaffold boilerplate `install -d -m 750 /var/lib/secubox` + `/run/secubox` (BARE
parents) in ~56 module postinsts — written `-m 750` (3-digit), which is why prior
greps/sweeps (#511/#627/#631) missed it.
- **Source-wide fix.** Scripted rewrite of all bare-parent targets → `/run/secubox`
1777 root:root, `/var/lib|log|cache|etc|usr/share/secubox` 0755; 6 multi-arg
lines split per-parent (4 were setting `/var/lib/secubox` world-writable 1777 —
a security regression); 3 `chmod 750 /var/log/secubox` (soc-gateway/soc-agent/
ui-manager) → 0755. Module-private leaves (`/var/lib/secubox/<mod>` 0750) left
untouched. Scaffold `new-package.sh` + `.claude/PATTERNS.md` fixed so new
packages don't reintroduce it. secubox-core 1.1.8 tmpfiles.d now declares all 5
shared parents at 0755 (mode-only) for boot/install-time self-heal.
- **Verified:** all 64 changed maintainer scripts `bash -n` clean; zero bare-parent
restrictive lines remain (install-d + chmod forms); saas-relay + core rebuilt and
packaged postinst/tmpfiles confirmed. Two-stage review (found + closed 2 gaps:
the chmod-form clobbers + tmpfiles coverage). NOT mass-deployed (60-pkg restart =
thundering-herd risk); live covered by `secubox-dirs-guard.timer`; lands at next
CI image build / reflash.
## 2026-06-18 — perf sprint (hub latency, R3 tunnel encoding) + crowdsec unblock
- **Hub dashboard latency (#644, PR #645, hub `1.4.6`).** The hub runs mounted in

10
.claude/PATTERNS.md
View File

@ -383,13 +383,9 @@ case "$1" in
adduser --system --group --no-create-home --home /var/lib/secubox secubox
fi
# Répertoires runtime — SHARED parents, NE JAMAIS les passer en 0750/0700
# (#623 : casse la traversée pour les daemons non-secubox → kbin/toolbox 500).
# /run/secubox reste 1777 (sticky world-writable, sockets de tous les services,
# #471) ; /var/lib/secubox reste 0755. Les leaves privées
# (/var/lib/secubox/<module>) peuvent être 0750.
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
# Répertoires runtime
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
# Activer et démarrer le service
systemctl daemon-reload

17
.claude/WIP.md
View File

@ -22,20 +22,13 @@ Tout mergé sur master + déployé sur gk2. Détail dans HISTORY 2026-06-18.
CSP-strict tirées décompressées via le worker R3 GIL-bound. **toolbox 2.6.53**.
- ✅ **crowdsec** réparé (403 transitoire CDN → `dpkg --configure` RC=0, audit clean).
- ✅ **#623 (PR #648, merged 9950e9ec)** — clobber systémique RÉSOLU au source.
La vraie cause : boilerplate scaffold `install -d -m 750 /var/lib/secubox` +
`/run/secubox` (parents NUS) dans ~56 postinsts — écrit `-m 750` (3 chiffres),
d'où le ratage des sweeps précédents. Empiriquement prouvé que le form
`install -d -m 750 /parent/leaf` NE clobbe PAS le parent (seuls les targets
parents-nus). Fix : tous → 1777 (/run) / 0755 ; 6 lignes multi-arg splittées
(4 mettaient /var/lib en world-writable 1777) ; 3 `chmod 750 /var/log` ;
scaffold `new-package.sh` + `PATTERNS.md` ; core 1.1.8 tmpfiles.d déclare les 5
parents 0755. **PAS de mass-deploy** (60 paquets = mass-restart = risque
thundering-herd) ; live couvert par `dirs-guard.timer` ; arrive au prochain
build CI / reflash.
### ⬜ Next Up
- **#623 (P0 bug)** — clobber systémique des modes parents `/var/{lib,log,cache}/
secubox` sur ~12 paquets (postinsts `install -d -m 0750` multi-arg que le sweep
#623 a manqués). Couvert par `secubox-dirs-guard.timer` mais la cause-racine
reste ouverte paquet par paquet → casse la traversée non-`secubox` (kbin/toolbox
500). **Prochain actionnable propre** (PR bornée).
- **Anti-Track v2 ARMING** (décision USER, gated) — soak observe-only puis flip
`privacy_enforce=true` ; régénérer `data/cdn-allowlist.txt` depuis les plages
publiques avant `privacy_ip_drop` ; `unbound-checkconf` avant `privacy_dns_feed`.

4
packages/secubox-admin/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/admin
install -d -o root -g secubox -m 0755 /var/log/secubox
systemctl daemon-reload

4
packages/secubox-ai-insights/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/ai-insights
install -d -o secubox -g secubox -m 750 /var/lib/secubox/ai-insights/models
install -d -o secubox -g secubox -m 750 /var/cache/secubox/ai-insights

4
packages/secubox-auth/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-auth.service
systemctl start secubox-auth.service || true

2
packages/secubox-authelia/debian/postinst
View File

@ -9,7 +9,7 @@ case "$1" in
getent passwd secubox >/dev/null || useradd --system --gid secubox \
--home /var/lib/secubox --no-create-home --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/authelia
install -d -m 0755 -o secubox -g secubox /var/log/secubox

4
packages/secubox-avatar/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/avatar
install -d -o secubox -g secubox -m 750 /var/lib/secubox/avatar/images
systemctl daemon-reload

4
packages/secubox-cdn/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-cdn.service
systemctl start secubox-cdn.service || true

3
packages/secubox-certs/debian/postinst
View File

@ -1,8 +1,7 @@
#!/bin/sh
set -e
if [ "$1" = "configure" ]; then
install -d -o root -g root -m 1777 /run/secubox
install -d -m 0755 /var/cache/secubox/certs
install -d -m 0755 /run/secubox /var/cache/secubox/certs
systemctl daemon-reload || true
systemctl enable --now secubox-certs.service || true
fi

12
packages/secubox-core/debian/changelog
View File

@ -1,15 +1,3 @@
secubox-core (1.1.8-1~bookworm1) bookworm; urgency=medium
* fix(#623): tmpfiles.d now declares all shared secubox parents
(/var/lib, /var/log, /var/cache, /etc, /usr/share /secubox) at 0755
(mode-only, owner-agnostic), in addition to /run/secubox 1777 — boot +
install-time defense-in-depth that self-heals a momentary 0750 clobber
before the next secubox-dirs-guard.timer tick. Pairs with the source-wide
postinst sweep that stopped ~56 module postinsts from clobbering those
parents.
-- Gerald Kerma <devel@cybermind.fr> Thu, 18 Jun 2026 13:00:00 +0200
secubox-core (1.1.7-1~bookworm1) bookworm; urgency=medium
* fix(postinst): /var/lib/secubox + /usr/share/secubox/www were set 0750,

10
packages/secubox-core/tmpfiles.d/secubox.conf
View File

@ -1,11 +1 @@
d /run/secubox 1777 root root -
# #623 — defense-in-depth: guarantee the SHARED secubox parents stay traversable
# (0755) at boot and on every `systemd-tmpfiles --create`, so if a module postinst
# momentarily re-clobbers one to 0750 it self-heals before the next
# secubox-dirs-guard.timer tick. Mode-only (owner `-`) to mirror the owner-agnostic
# dirs-guard and never fight secubox-core's / a module's own ownership.
d /var/lib/secubox 0755 - - -
d /var/log/secubox 0755 - - -
d /var/cache/secubox 0755 - - -
d /etc/secubox 0755 - - -
d /usr/share/secubox 0755 - - -

4
packages/secubox-crowdsec/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-crowdsec.service
systemctl start secubox-crowdsec.service || true

4
packages/secubox-domoticz/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
# Create data directories
install -d -m 755 /srv/domoticz
install -d -m 755 /srv/domoticz/config

4
packages/secubox-dpi/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-dpi.service
systemctl start secubox-dpi.service || true

4
packages/secubox-droplet/debian/postinst
View File

@ -8,8 +8,8 @@ case "$1" in
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 755 /srv/droplet
# Enable and start service

2
packages/secubox-fmrelay/debian/postinst
View File

@ -13,7 +13,7 @@ case "$1" in
# the device with).
usermod -aG plugdev secubox 2>/dev/null || true
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/fmrelay
install -d -m 0755 -o secubox -g secubox /var/log/secubox

4
packages/secubox-glances/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/glances
systemctl daemon-reload
systemctl enable secubox-glances.service

4
packages/secubox-gotosocial/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
# Create data directory for GoToSocial
install -d -o root -g root -m 755 /srv/gotosocial
install -d -o root -g root -m 755 /srv/gotosocial/storage

2
packages/secubox-grafana/debian/postinst
View File

@ -9,7 +9,7 @@ case "$1" in
getent passwd secubox >/dev/null || useradd --system --gid secubox \
--home /var/lib/secubox --no-create-home --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/grafana
install -d -m 0755 -o secubox -g secubox /var/log/secubox

3
packages/secubox-haproxy/debian/postinst
View File

@ -7,8 +7,7 @@ case "$1" in
# Shared parents stay 0755 (traversable by every secubox-* daemon — setting
# them 0750 here broke kbin/toolbox by blocking traversal, #626). Only the
# haproxy-private leaves are restricted.
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 755 /run/secubox /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/haproxy /var/lib/secubox/haproxy/config_backups
chmod 0755 /var/lib/secubox /run/secubox 2>/dev/null || true
# Create /etc/haproxy if not present (haproxy is Recommends, not Depends)

2
packages/secubox-health-doctor/debian/postinst
View File

@ -3,7 +3,7 @@ set -e
case "$1" in
configure)
install -d -o secubox -g secubox -m 755 /var/cache/secubox
install -d -o secubox -g secubox -m 750 /var/cache/secubox
systemctl daemon-reload
# API daemon + periodic timer
systemctl enable --now secubox-health-doctor.service || true

4
packages/secubox-hexo/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
# Create hexo data directory
install -d -o root -g root -m 755 /srv/hexo/blogs
# Ensure nginx secubox.d directory exists

4
packages/secubox-homeassistant/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
# Create data directories
install -d -m 755 /srv/homeassistant
install -d -m 755 /srv/homeassistant/config

4
packages/secubox-hub/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-hub.service
systemctl start secubox-hub.service || true

4
packages/secubox-jellyfin/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
# Ensure nginx secubox.d directory exists
install -d -m 755 /etc/nginx/secubox.d
# Enable and start service

4
packages/secubox-jitsi/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
# Create Jitsi data directory
install -d -o root -g root -m 755 /srv/jitsi
install -d -o root -g root -m 755 /srv/jitsi/recordings

4
packages/secubox-ksm/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/ksm
systemctl daemon-reload
systemctl enable secubox-ksm.service

4
packages/secubox-localai/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
# Create data directories
install -d -m 755 /srv/localai
install -d -m 755 /srv/localai/models

2
packages/secubox-lyrion/debian/postinst
View File

@ -9,7 +9,7 @@ case "$1" in
getent passwd secubox >/dev/null || useradd --system --gid secubox \
--home /var/lib/secubox --no-create-home --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/lyrion
install -d -m 0755 -o secubox -g secubox /var/log/secubox

4
packages/secubox-mac-guard/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/mac-guard
systemctl daemon-reload
systemctl enable secubox-mac-guard.service

4
packages/secubox-mediaflow/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-mediaflow.service
systemctl start secubox-mediaflow.service || true

6
packages/secubox-metabolizer/debian/postinst
View File

@ -5,10 +5,10 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/cache/secubox/metabolizer
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -o secubox -g secubox -m 750 /etc/secubox
systemctl daemon-reload
systemctl enable secubox-metabolizer.service
systemctl start secubox-metabolizer.service || true

4
packages/secubox-metacatalog/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/cache/secubox/metacatalog
systemctl daemon-reload
systemctl enable secubox-metacatalog.service

4
packages/secubox-mirror/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/mirrors
install -d -o secubox -g secubox -m 750 /var/cache/secubox-mirror
install -d -o secubox -g secubox -m 750 /etc/nginx/secubox-mirror.d

2
packages/secubox-mqtt/debian/postinst
View File

@ -9,7 +9,7 @@ case "$1" in
getent passwd secubox >/dev/null || useradd --system --gid secubox \
--home /var/lib/secubox --no-create-home --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -m 0750 -o root -g secubox /etc/secubox/secrets
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/mqtt
install -d -m 0755 -o secubox -g secubox /var/log/secubox

4
packages/secubox-nac/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-nac.service
systemctl start secubox-nac.service || true

4
packages/secubox-netdata/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-netdata.service
systemctl start secubox-netdata.service || true

4
packages/secubox-netdiag/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/cache/secubox/netdiag
systemctl daemon-reload
systemctl enable secubox-netdiag.service

4
packages/secubox-netifyd/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/netifyd
systemctl daemon-reload
systemctl enable secubox-netifyd.service

4
packages/secubox-netmodes/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 755 /var/lib/secubox/netmodes-backup
install -d -o root -g root -m 755 /etc/secubox/netmodes
systemctl daemon-reload

4
packages/secubox-nettweak/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/nettweak
install -d -o root -g root -m 755 /etc/sysctl.d
systemctl daemon-reload

4
packages/secubox-newsbin/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o root -g root -m 755 /srv/newsbin
install -d -o root -g root -m 755 /srv/downloads/usenet
install -d -o root -g root -m 755 /srv/downloads/usenet/complete

4
packages/secubox-ollama/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
# Ensure nginx secubox.d directory exists
install -d -m 755 /etc/nginx/secubox.d
# Enable and start service

5
packages/secubox-peertube/debian/postinst
View File

@ -8,12 +8,11 @@ if [ "$1" = "configure" ]; then
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Runtime + state directories
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox /var/lib/secubox
# Do NOT reset /etc/secubox — secubox-core owns it as secubox:secubox 0750
# (the users-engine needs dir-write for atomic users.json saves / TOTP).
# Only create as a fallback if it's somehow missing.
[ -d /etc/secubox ] || install -d -o secubox -g secubox -m 755 /etc/secubox
[ -d /etc/secubox ] || install -d -o secubox -g secubox -m 750 /etc/secubox
# nginx snippet directory (peertube.conf shipped by the package lands here)
install -d -m 755 /etc/nginx/secubox.d

6
packages/secubox-photoprism/debian/postinst
View File

@ -7,12 +7,12 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
# Do NOT reset /etc/secubox — secubox-core owns it as secubox:secubox 0750
# (the users-engine needs dir-write for atomic users.json saves / TOTP).
# Only create as a fallback if it's somehow missing.
[ -d /etc/secubox ] || install -d -o secubox -g secubox -m 755 /etc/secubox
[ -d /etc/secubox ] || install -d -o secubox -g secubox -m 750 /etc/secubox
# #319 /data migration: move legacy /srv/photoprism → /data/photoprism and
# leave a back-compat symlink. Idempotent.

4
packages/secubox-picobrew/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
# Create data directories for picobrew
install -d -o secubox -g secubox -m 755 /var/lib/secubox/picobrew
install -d -o secubox -g secubox -m 755 /var/lib/secubox/picobrew/sensors

4
packages/secubox-portal/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-portal.service
systemctl start secubox-portal.service || true

4
packages/secubox-qos/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-qos.service
systemctl start secubox-qos.service || true

2
packages/secubox-rbs-sensor/debian/postinst
View File

@ -10,7 +10,7 @@ case "$1" in
# dialout: needed for /dev/ttyUSB* access when the EP06 enumerates
usermod -aG dialout secubox 2>/dev/null || true
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/rbs-sensor
install -d -m 0755 -o secubox -g secubox /var/log/secubox

6
packages/secubox-reporter/debian/postinst
View File

@ -5,11 +5,11 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/reports
install -d -o secubox -g secubox -m 750 /var/cache/secubox/reporter
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -o secubox -g secubox -m 750 /etc/secubox
systemctl daemon-reload
systemctl enable secubox-reporter.service
systemctl start secubox-reporter.service || true

4
packages/secubox-routes/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-routes.service
systemctl start secubox-routes.service || true

2
packages/secubox-rustdesk/debian/postinst
View File

@ -6,7 +6,7 @@ case "$1" in
getent passwd secubox >/dev/null || useradd --system --gid secubox \
--home /var/lib/secubox --no-create-home --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/rustdesk
install -d -m 0755 -o secubox -g secubox /var/log/secubox

4
packages/secubox-saas-relay/debian/postinst
View File

@ -4,9 +4,7 @@ case "$1" in
configure)
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home --home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox/saas-relay
install -d -o secubox -g secubox -m 750 /run/secubox /var/lib/secubox /var/lib/secubox/saas-relay
install -d -o secubox -g secubox -m 700 /etc/secubox/secrets
install -d -o secubox -g secubox -m 750 /var/cache/secubox/saas-relay
systemctl daemon-reload

2
packages/secubox-sentinelle-gsm/debian/postinst
View File

@ -12,7 +12,7 @@ case "$1" in
# daemon can claim the USB device when v0.2 wires the SDR I/O.
usermod -aG plugdev secubox 2>/dev/null || true
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -m 0750 -o root -g secubox /etc/secubox/secrets
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/sentinelle-gsm
install -d -m 0755 -o secubox -g secubox /var/log/secubox

6
packages/secubox-smtp-relay/debian/postinst
View File

@ -5,9 +5,9 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /etc/secubox
systemctl daemon-reload
systemctl enable secubox-smtp-relay.service
systemctl start secubox-smtp-relay.service || true

2
packages/secubox-soc-agent/debian/postinst
View File

@ -17,7 +17,7 @@ case "$1" in
# Ensure log directory exists with correct permissions
mkdir -p /var/log/secubox
chown root:adm /var/log/secubox
chmod 0755 /var/log/secubox
chmod 750 /var/log/secubox
# Create config directory
mkdir -p /etc/secubox

2
packages/secubox-soc-gateway/debian/postinst
View File

@ -17,7 +17,7 @@ case "$1" in
# Ensure log directory exists with correct permissions
mkdir -p /var/log/secubox
chown root:adm /var/log/secubox
chmod 0755 /var/log/secubox
chmod 750 /var/log/secubox
# Create config directory
mkdir -p /etc/secubox

3
packages/secubox-streamforge/debian/postinst
View File

@ -4,8 +4,7 @@ case "$1" in
configure)
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home --home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox /var/lib/secubox
install -d -o secubox -g secubox -m 755 /srv/streamlit/apps
systemctl daemon-reload
systemctl enable secubox-streamforge.service

3
packages/secubox-streamlit/debian/postinst
View File

@ -4,8 +4,7 @@ case "$1" in
configure)
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home --home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox /var/lib/secubox
install -d -o secubox -g secubox -m 755 /srv/streamlit/apps /srv/streamlit/logs
install -d -o secubox -g secubox -m 755 /var/log/secubox
install -d -o root -g root -m 755 /etc/secubox

4
packages/secubox-system/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-system.service
systemctl start secubox-system.service || true

4
packages/secubox-torrent/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /var/cache/secubox/torrent
# Create data directories
install -d -m 755 /srv/torrent/config

2
packages/secubox-ui-manager/debian/postinst
View File

@ -15,7 +15,7 @@ case "$1" in
# Create log directory
mkdir -p /var/log/secubox
chmod 0755 /var/log/secubox
chmod 750 /var/log/secubox
# Create config directory
mkdir -p /etc/secubox/ui

2
packages/secubox-users/debian/postinst
View File

@ -7,7 +7,7 @@ case "$1" in
getent group secubox >/dev/null || groupadd --system secubox
getent passwd secubox >/dev/null || useradd --system --gid secubox \
--home /var/lib/secubox --no-create-home --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0770 -o root -g secubox /etc/secubox
# Run v1 → v2 migration (idempotent)
python3 - <<'PYEOF' || echo 'WARN: migration step failed — investigate /etc/secubox/users.json'

4
packages/secubox-vhost/debian/postinst
View File

@ -5,8 +5,8 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
systemctl daemon-reload
systemctl enable secubox-vhost.service
systemctl start secubox-vhost.service || true

4
packages/secubox-voip/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /srv/voip
# Ensure nginx secubox.d directory exists
install -d -m 755 /etc/nginx/secubox.d

4
packages/secubox-webradio/debian/postinst
View File

@ -7,8 +7,8 @@ case "$1" in
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
# Create data directories
install -d -o secubox -g secubox -m 755 /var/lib/secubox/webradio
install -d -o secubox -g secubox -m 755 /var/lib/secubox/webradio/recordings

2
packages/secubox-yacy/debian/postinst
View File

@ -8,7 +8,7 @@ case "$1" in
getent passwd secubox >/dev/null || useradd --system --gid secubox \
--home /var/lib/secubox --no-create-home --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/yacy
install -d -m 0755 -o secubox -g secubox /var/log/secubox

2
packages/secubox-zigbee/debian/postinst
View File

@ -9,7 +9,7 @@ case "$1" in
getent passwd secubox >/dev/null || useradd --system --gid secubox \
--home /var/lib/secubox --no-create-home --shell /usr/sbin/nologin secubox
install -d -o secubox -g secubox -m 755 /etc/secubox
install -d -m 0770 -o root -g secubox /etc/secubox
install -d -m 0750 -o root -g secubox /etc/secubox/secrets
install -d -m 0755 -o secubox -g secubox /var/lib/secubox/zigbee
install -d -m 0755 -o secubox -g secubox /var/log/secubox

12
scripts/new-package.sh
View File

@ -201,15 +201,9 @@ case "$1" in
id -u secubox >/dev/null 2>&1 || \
adduser --system --group --no-create-home \
--home /var/lib/secubox --shell /usr/sbin/nologin secubox
# Create runtime directories.
# NOTE (#623): these are SHARED parents — keep them traversable for every
# secubox-* daemon. /run/secubox MUST stay 1777 (world-writable sticky, all
# services drop sockets there, ref #471); /var/lib/secubox MUST stay 0755.
# NEVER set a shared parent to 0750/0700 — it breaks traversal for non-secubox
# users (kbin/toolbox 500). Module-private leaves (/var/lib/secubox/PKGNAME)
# may be 0750. Re-asserting 0755/1777 here is idempotent + self-healing.
install -d -o root -g root -m 1777 /run/secubox
install -d -o secubox -g secubox -m 755 /var/lib/secubox
# Create runtime directories
install -d -o secubox -g secubox -m 750 /run/secubox
install -d -o secubox -g secubox -m 750 /var/lib/secubox
# Ensure nginx secubox.d directory exists
install -d -m 755 /etc/nginx/secubox.d
# Enable and start service