diff --git a/content/posts/commits/2026-04-04-commit-fb7c5ff.md b/content/posts/commits/2026-04-04-commit-fb7c5ff.md new file mode 100644 index 0000000..088d625 --- /dev/null +++ b/content/posts/commits/2026-04-04-commit-fb7c5ff.md @@ -0,0 +1,77 @@ +--- +title: "[bojemoi] feat: Ollama AI template gen, C2 proxy_proto, ZAP throttle, vulnx removal" +date: 2026-04-04T00:23:54+02:00 +draft: false +tags: ["commit", "bojemoi", "main"] +categories: ["Git Activity"] +summary: "Commit fb7c5ff par Betty dans bojemoi" +author: "Betty" +--- + +## Commit `fb7c5ff` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Author** | Betty | +| **Hash** | `fb7c5ffb383f76bef73929f3d716a83cbf252e23` | + + +### Description + +Ollama × Nuclei AI (option 1): +- nuclei_ai.py: NucleiAI class with suggest_tags(), analyze_findings(), + generate_templates() (up to 2 custom YAML templates per scan context) +- main.py: scan_details field in ScanRequest, AI template pre-scan pass, + merge results, pyyaml added to pip install +- thearm_nuclei: enrich_tags() via Ollama, submit_scan() passes scan_details +- 51-service-ollama.yml: placement via node.labels.nvidia.vgpu instead of hostname + +C2 redirector Proxy Protocol (real client IPs in redirector_hits): +- nginx.conf: listen 443 ssl proxy_protocol, log $proxy_protocol_addr +- provision-redirector.sh: --port 443:443/tcp:proxy_proto +- thearm_logpull: FLY_API_TOKEN env var (fix broken --access-token flag), + level_re parser (fix rfind(']') bug finding wrong bracket) + +ZAP/Faraday CPU fix (periodic 100% CPU on meta-69): +- zap_scanner.py: time.sleep(0.15) throttle between Faraday POSTs +- ZAP_CONCURRENCY 3→1, resource limits on zaproxy (2CPU/4G), + zap-scanner (0.5CPU/256M), faraday (1.5CPU/2G) + +Housekeeping: +- startover.sh: force-restart nuclei-api after borodino deploy +- Remove vulnx service (orphaned, superseded by nuclei) + +Co-Authored-By: Claude Sonnet 4.6 + +### Files Changed + +``` +M borodino/redirector/nginx.conf +M borodino/thearm_logpull +M borodino/thearm_nuclei +M oblast-1/zap_scanner.py +M samsonov/nuclei_api/main.py +A samsonov/nuclei_api/nuclei_ai.py +M scripts/provision-redirector.sh +M scripts/startover.sh +M stack/40-service-borodino.yml +M stack/51-service-ollama.yml +``` + +### Diff Summary + +``` + borodino/redirector/nginx.conf | 12 +- + borodino/thearm_logpull | 24 ++-- + borodino/thearm_nuclei | 82 ++++++++++- + oblast-1/zap_scanner.py | 1 + + samsonov/nuclei_api/main.py | 52 ++++++- + samsonov/nuclei_api/nuclei_ai.py | 298 +++++++++++++++++++++++++++++++++++++++ + scripts/provision-redirector.sh | 2 +- + scripts/startover.sh | 6 + + stack/40-service-borodino.yml | 79 ++++------- + stack/51-service-ollama.yml | 4 +- + 10 files changed, 482 insertions(+), 78 deletions(-) +```