gandalf/secubox-openwrt
gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7975b22ca3
secubox-openwrt/package/secubox/secubox-app-crowdsec/files/acquis.d/openwrt-firewall.yaml
CyberMind-FR 252341e045 feat: Add complete CrowdSec integration for OpenWrt 24.10+ 
New packages:
- secubox-crowdsec-setup: Automated installation script with:
  - Prerequisites verification (RAM, flash, OpenWrt version)
  - syslog-ng4 configuration for log forwarding
  - CAPI registration and hub setup
  - nftables firewall bouncer configuration
  - Backup/rollback, repair, and uninstall modes

- luci-app-secubox-crowdsec: LuCI dashboard with:
  - Service status and statistics dashboard
  - Active decisions (bans) management
  - Security alerts viewer
  - Collections and bouncers management
  - UCI-based settings configuration

Enhanced existing packages:
- luci-app-crowdsec-dashboard: Added acquisition configuration wizard
- secubox-app-crowdsec: Improved defaults and configuration

Documentation:
- CROWDSEC-OPENWRT-24.md with architecture, installation, and troubleshooting

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 17:58:17 +01:00

41 lines
1.2 KiB
YAML
Raw Blame History

# OpenWrt Firewall Logs Acquisition
# This configuration monitors iptables/nftables firewall logs
#
# Required collections:
# cscli collections install crowdsecurity/iptables
#
# The crowdsecurity/iptables collection provides:
# - crowdsecurity/iptables-logs parser (for -j LOG entries)
# - crowdsecurity/iptables-scan-multi_ports scenario (port scan detection)
#
# To enable firewall logging in OpenWrt, add LOG rules to your firewall config:
#
# For nftables (OpenWrt 22.03+):
# nft add rule inet fw4 input counter log prefix "fw4-INPUT: " drop
#
# For iptables (legacy):
# iptables -A INPUT -j LOG --log-prefix "iptables-INPUT: "
#
# Or via /etc/config/firewall:
# config rule
# option name 'Log-Dropped'
# option src 'wan'
# option dest '*'
# option proto 'all'
# option target 'LOG'
# option log_prefix 'fw-DROP: '
#
# Firewall logs are typically written to kernel log (kern.log)
# or syslog depending on system configuration.
# Kernel/firewall log file acquisition
filenames:
- /var/log/kern.log
- /var/log/firewall.log
labels:
type: syslog
---
# Alternative: If firewall logs go to main syslog
# The openwrt-syslog.yaml acquisition will capture them
# as long as the iptables collection parser is installed
Reference in New Issue View Git Blame Copy Permalink