CyberMind-FR
3e52444a73
- Add secubox-app-crowdsec-custom package with: - HTTP auth bruteforce detection - Path scanning detection - LuCI/uhttpd auth monitoring - Trusted IP whitelist for private networks - Fix Lyrion Docker image path to ghcr.io/lms-community/lyrionmusicserver:stable Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
16 lines
440 B
YAML
16 lines
440 B
YAML
# CrowdSec scenario for SecuBox/LuCI authentication bruteforce
|
|
# Detects repeated authentication failures
|
|
|
|
type: leaky
|
|
name: secubox/luci-auth-bruteforce
|
|
description: "Detect bruteforce attempts on SecuBox/LuCI web interface"
|
|
filter: "evt.Meta.log_type == 'luci_auth' && evt.Meta.auth_success == 'false'"
|
|
groupby: evt.Meta.source_ip
|
|
capacity: 5
|
|
leakspeed: 30s
|
|
blackhole: 5m
|
|
labels:
|
|
service: secubox
|
|
type: bruteforce
|
|
remediation: true
|