Add Security Dashboard application

[XintiWu]

Add Security Dashboard application

This PR adds Security Dashboard to the Cockpit applications list.

About Security Dashboard

Security Dashboard is a comprehensive SSH and sudo event monitoring and management system for Cockpit with real-time threat analysis and automatic IP blocking capabilities.

✨ Key Features

🔍 SSH Monitoring & Analytics:

• Real-time SSH failed login monitoring (past 24 hours)
• Hourly trend analysis with interactive line charts
• Top 5 attacking IP visualization with bar charts
• Detailed event logs with IP, country, username, port, and timestamps
• Brute-force attack detection (≥5 failed attempts)
• GeoIP country lookup for source IP addresses

🛡️ Event Management:

• SSH failed login event tracking with detailed information
• sudo authentication failure monitoring
• Failed attempt aggregation by IP address
• Real-time risk level assessment (Normal/Warning/Danger)

🚫 Manual IP Blocking:

• One-click IP blocking with firewall integration (ufw/iptables)
• Manual unblocking functionality
• Ban duration configuration (hours)
• Ban reason tracking

➕ IP Management Interface:

• Manual IP addition for testing
• Configurable failure counts per IP
• IP input history with autocomplete
• Batch IP management (add/remove)
• Test IP list display

🤖 Automatic Monitoring & Blocking:

• Configurable failure threshold (default: 5 attempts)
• Configurable time window (default: 10 minutes)
• Automatic IP banning when threshold exceeded
• Automatic unbanning after expiry
• Manual unban protection (prevents re-blocking for 10 minutes)
• Ban duration configuration (default: 24 hours)

📊 Dashboard & Reporting:

• Security status overview with risk indicators
• SSH success vs. failure statistics
• sudo command execution tracking
• Unique IP tracking
• Last update timestamp
• Auto-refresh every 30 seconds

🛠️ Technical Details

• Built with React and modern PatternFly components
• Uses journalctl for system log parsing
• Integrates with ufw/iptables for firewall management
• Local storage persistence for configuration
• Responsive design for mobile and desktop
• Real-time GeoIP lookups (ip-api.com)

📦 Installation

git clone https://github.com/XintiWu/cockpit-SecurityGuard.git
cd cockpit-SecurityGuard
make
sudo make install

📸 Screenshots

🔗 Links

Repository: https://github.com/XintiWu/cockpit-SecurityGuard

Category: System / Security

License: LGPL-2.1

✅ Checklist

• Application is published and accessible
• README includes installation instructions
• License is specified (LGPL-2.1)
• Application follows Cockpit design guidelines
• Uses PatternFly components
• Responsive design implemented
• Multi-language support framework included

---

Note: This is a fully functional security monitoring and management dashboard suitable for production use. It provides both manual and automatic IP blocking capabilities with comprehensive event tracking and analysis.

[Venefilyn]

Hi! At its current stage we cannot in good conscience merge this. Some, but not all, issues relate to

1. It doesn't have any translation possibility nor does it have English available, despite the checkbox in the description claiming otherwise.
2. The UI is custom-made and in one huge file and does not use Patternfly, despite the checkbox in the description claiming otherwise. There is inline styling together with definitions.
3. Everything is in one file and quite difficult to look over
4. Several areas make use of window.confirm and alert which are in general jarring for users when it relates to UI actions.
5. Several links go to https://github.com/xinti/cockpit-security-dashboard which is not this repo nor is it available.

When these have been addressed we can take another look!