9%
Page 1
PAGE 1 — POSTER RECTO
⚙️ System Architecture
Official Source + Local Overlay + Management CTL
SOURCE
📦
Official OpenWrt Packages
Upstream feeds · opkg repositories · Signed manifests · Kernel modules
opkg feeds.conf Makefile PKG_HASH ✅ upstream
⬇ embed & verify signature
OVERLAY
🧩
SecuBox Local Overlay
Custom configs · UCI defaults · Patches · LuCI apps · Module enable/disable · Firewall rules
/etc/secubox/ overlay.d/ uci-defaults patches/ 🔒 local-only
⬇ merge overlay → effective config
CTL
🎛️
secubox-ctl
CLI management · Module lifecycle · Status · Sync overlay · Update · Rollback · Diagnostics
enable disable status sync update rollback diag
⬇ apply · restart · validate
RUNTIME
🔥
Active Services Stack
CrowdSec · WAF MITM · Vortex DNS · nftables · WireGuard Mesh · Netdata · Suricata
crowdsec mitmproxy vortex-dns wireguard netdata nftables
⬇ telemetry · alerts · health
OUTPUT
Protected Network + Mesh Intel
Clean traffic · Shared threat intelligence · P2P alerts · Monitoring dashboards · Logs
🛡 filtered 📡 mesh-shared 📊 monitored 🔐 E2E
🔄 Deployment Workflow
📥
FETCH
Pull official pkgs
verify signatures
🧩
OVERLAY
Merge local
configs & patches
🎛️
CTL
secubox-ctl
enable · sync
🔥
ACTIVATE
Services start
rules applied
🌐
MESH
Join network
share intel P2P
secubox-ctl status # 📊 show all modules
secubox-ctl enable crowdsec waf vortex-dns # 🟢 activate modules
secubox-ctl sync --overlay /etc/secubox/overlay.d/ # 🔄 merge configs
secubox-ctl update --verify-sig # 📦 update + check hash
secubox-ctl rollback v0.17 # ⏪ safe rollback
secubox-ctl diag --full # 🩺 health check
OVERLAY ACTIVE
UPSTREAM SYNCED
35 MODULES
Page 2
PAGE 2 — DOSSIER VERSO
SecuBox Dossier A0 + Architecture · CyberMind.FR · Février 2026 9%
Scroll = zoom · Drag = pan · Double-click = zoom in · 0 = fit