f1bb2a92e7
Security API: - /api/admin/security — aggregates security log into per-IP threat intel (hit count, exploit scans, login fails, paths probed, threat level) - /api/admin/security/ban — manual ban/unban via fail2ban (logs MANUAL_BAN/MANUAL_UNBAN to security log) Threat Intel tab in /logs: - Summary stats: Critical IPs, High Threat, Currently Banned - Per-IP cards showing: threat level, hit count, scan count, paths probed - Critical IPs have red border, high threat amber - One-click "Ban 24h" button per IP (calls fail2ban-client banip) - One-click "Unban" for currently banned IPs - Banned IPs shown at reduced opacity - LAN IPs (192.168.*) filtered out fail2ban tuning: - llm-team-exploit findtime: 600s → 3600s (catch slow scanners) - llm-team-exploit maxretry: 3 → 2 (more aggressive) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>