PHPackages cybear-care/laravel-security - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. cybear-care/laravel-security ActiveLibrary cybear-care/laravel-security ============================ Enterprise-grade web application security for Laravel applications with centralized management dashboard integration 01PHP Since Sep 21Pushed 7mo agoCompare [ Source](https://github.com/CyBearCare/laravel-security)[ Packagist](https://packagist.org/packages/cybear-care/laravel-security)[ RSS](/packages/cybear-care-laravel-security/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) Cybear Laravel Security Package - Installation Guide ==================================================== [](#cybear-laravel-security-package---installation-guide) > **Complete setup guide for integrating Cybear security monitoring and protection into your Laravel application** 📋 Requirements -------------- [](#-requirements) - **PHP**: 8.1 or higher - **Laravel**: 10.0 or higher - **Database**: MySQL 5.7+, PostgreSQL 12+, or SQLite 3.8+ - **Cache**: Redis recommended (for optimal performance) - **Cybear Account**: Active API key from [Cybear Platform](https://cybear.care) 🚀 Installation Steps -------------------- [](#-installation-steps) ### Step 1: Install via Composer [](#step-1-install-via-composer) ``` composer require cybear-care/laravel-security ``` ### Step 2: Run the Interactive Setup [](#step-2-run-the-interactive-setup) The package includes an interactive setup command that handles most configuration automatically: ``` php artisan cybear:setup ``` This command will: - ✅ Prompt for your Cybear API key - ✅ Update your `.env` file with configuration - ✅ Publish configuration files - ✅ Run database migrations - ✅ Sync initial WAF rules from Cybear platform - ✅ Test API connectivity **That's it!** The package is now installed and active. --- 🔧 Manual Configuration (Optional) --------------------------------- [](#-manual-configuration-optional) If you prefer manual setup or need custom configuration: ### 1. Publish Configuration Files [](#1-publish-configuration-files) ``` php artisan vendor:publish --tag=cybear-config ``` ### 2. Add Environment Variables [](#2-add-environment-variables) Add these variables to your `.env` file: ``` # Required - Get from your Cybear dashboard CYBEAR_API_KEY=your_api_key_here CYBEAR_API_ENDPOINT=https://api.cybear.care # WAF Configuration (Optional) CYBEAR_WAF_ENABLED=true CYBEAR_WAF_MODE=monitor # or 'enforce' for blocking # Audit Logging (Optional) CYBEAR_AUDIT_ENABLED=true CYBEAR_AUDIT_LOG_REQUESTS=true CYBEAR_AUDIT_RETENTION_DAYS=90 # Data Collection (Optional) CYBEAR_COLLECTORS_AUTO_SCHEDULE=true CYBEAR_COLLECTORS_INTERVAL=hourly # Rate Limiting (Optional) CYBEAR_RATE_LIMIT_ENABLED=true CYBEAR_RATE_LIMIT_RPM=60 CYBEAR_RATE_LIMIT_RPH=1000 ``` ### 3. Run Database Migrations [](#3-run-database-migrations) ``` php artisan migrate ``` ### 4. Sync WAF Rules [](#4-sync-waf-rules) ``` php artisan cybear:sync ``` --- ✅ What Happens Automatically ---------------------------- [](#-what-happens-automatically) ### 🛡️ **WAF Protection** (Immediate) [](#️-waf-protection-immediate) - **Auto-enabled** on all `web` and `api` routes - **Real-time protection** against common attacks (SQL injection, XSS, etc.) - **Configurable modes**: `monitor` (log only) or `enforce` (block threats) - **No code changes required** ### 📊 **Audit Logging** (Immediate) [](#-audit-logging-immediate) - **Auto-enabled** on all `web` and `api` routes - **Comprehensive logging** of requests, security events, and authentication - **Automatic data sanitization** to protect sensitive information - **No code changes required** ### 🔄 **Data Collection** (Scheduled) [](#-data-collection-scheduled) - **Hourly collection** of security and application data - **Automatic transmission** to Cybear platform - **9 different collectors**: packages, environment, security, auth, database, filesystem, network, application, performance - **Configurable via environment variables** ### ⚡ **Rate Limiting** (Optional) [](#-rate-limiting-optional) - **Intelligent rate limiting** with multiple time windows - **IP and user-based tracking** - **Configurable limits** per minute/hour/day --- 🎛️ Available Commands --------------------- [](#️-available-commands) ### Core Commands [](#core-commands) ``` # Check system status and health php artisan cybear:status # Manual data collection and transmission php artisan cybear:collect # Sync latest WAF rules from platform php artisan cybear:sync # Test API connectivity php artisan cybear:test ``` ### Advanced Usage [](#advanced-usage) ``` # Collect specific data type php artisan cybear:collect --type=packages php artisan cybear:collect --type=security # Collect and send immediately php artisan cybear:collect --send # Force rule sync (bypass cache) php artisan cybear:sync --force # Detailed system status php artisan cybear:status --detailed ``` --- 🔧 Configuration Options ----------------------- [](#-configuration-options) ### WAF Configuration [](#waf-configuration) ``` // config/cybear.php 'waf' => [ 'enabled' => true, // Enable/disable WAF 'mode' => 'monitor', // 'monitor' or 'enforce' 'cache_rules' => true, // Cache rules for performance 'cache_ttl' => 3600, // Cache time in seconds 'challenge_enabled' => false, // Enable CAPTCHA challenges ], ``` ### Audit Logging Configuration [](#audit-logging-configuration) ``` 'audit' => [ 'enabled' => true, 'log_requests' => true, // Log HTTP requests 'log_responses' => false, // Log HTTP responses 'log_authentication' => true, // Log auth events 'excluded_routes' => [ // Skip logging for these routes 'telescope*', 'horizon*', '_debugbar*', ], 'retention_days' => 90, // Auto-cleanup after 90 days ], ``` ### Data Collection Configuration [](#data-collection-configuration) ``` 'collectors' => [ 'auto_schedule' => true, // Auto-schedule collection 'collection_interval' => 'hourly', // hourly, daily, weekly // Individual collector settings 'packages' => ['enabled' => true], 'security' => ['enabled' => true], 'environment' => ['enabled' => true], 'auth' => ['enabled' => true], 'database' => ['enabled' => true], 'filesystem' => ['enabled' => true], 'network' => ['enabled' => true], 'application' => ['enabled' => true], 'performance' => ['enabled' => true], ], ``` --- 🎯 Middleware Usage (Optional) ----------------------------- [](#-middleware-usage-optional) While middleware is auto-registered, you can also use it manually: ### Route-Specific Protection [](#route-specific-protection) ``` // Apply to specific routes Route::middleware(['cybear.waf'])->group(function () { Route::get('/admin', [AdminController::class, 'index']); }); // Apply audit logging only Route::middleware(['cybear.audit'])->group(function () { Route::post('/api/sensitive', [ApiController::class, 'sensitive']); }); // Apply rate limiting Route::middleware(['cybear.ratelimit'])->group(function () { Route::post('/api/public', [ApiController::class, 'public']); }); ``` ### Custom Middleware Groups [](#custom-middleware-groups) ``` // app/Http/Kernel.php protected $middlewareGroups = [ 'api' => [ // ... existing middleware 'cybear.waf', // Already auto-registered 'cybear.audit', // Already auto-registered 'cybear.ratelimit', ], ]; ``` --- 🔍 Verification & Testing ---------------------------- [](#-verification--testing) ### 1. Check Installation Status [](#1-check-installation-status) ``` php artisan cybear:status ``` Expected output: ``` 🔍 Cybear Security Status ✅ Configuration: Valid ✅ API Connection: Connected (response: 45ms) ✅ WAF Status: Active (monitor mode) ✅ Audit Logging: Active ✅ Data Collection: Scheduled (hourly) 📊 Last 24 Hours: - Total Requests: 1,247 - Blocked Requests: 0 - Security Events: 3 - Data Collections: 24 ``` ### 2. Test WAF Protection [](#2-test-waf-protection) ``` # This should trigger WAF detection curl "https://your-app.com/test?id=1' OR '1'='1" ``` ### 3. Verify Data Collection [](#3-verify-data-collection) ``` php artisan cybear:collect --type=packages ``` ### 4. Check Database Tables [](#4-check-database-tables) ``` php artisan tinker ``` ``` // Check if tables exist DB::table('cybear_audit_logs')->count(); DB::table('cybear_waf_rules')->count(); DB::table('cybear_collected_data')->count(); ``` --- 🚨 Troubleshooting ----------------- [](#-troubleshooting) ### API Connection Issues [](#api-connection-issues) ``` # Test API connectivity php artisan cybear:test # Check configuration php artisan config:show cybear ``` ### WAF Not Blocking Threats [](#waf-not-blocking-threats) 1. Check WAF mode: `CYBEAR_WAF_MODE=enforce` in `.env` 2. Verify rules are synced: `php artisan cybear:sync` 3. Check logs: `tail -f storage/logs/laravel.log` ### Data Collection Not Working [](#data-collection-not-working) 1. Verify scheduler is running: `php artisan schedule:list` 2. Run manual collection: `php artisan cybear:collect` 3. Check collector configuration in `config/cybear.php` ### Performance Issues [](#performance-issues) 1. Enable Redis caching for WAF rules 2. Adjust collection interval: `CYBEAR_COLLECTORS_INTERVAL=daily` 3. Exclude static assets from audit logging ### Migration Errors [](#migration-errors) ``` # If migrations fail, run individually php artisan migrate --path=/vendor/cybear-care/laravel-security/src/Database/Migrations ``` --- 🔄 Updating ---------- [](#-updating) ### Update Package [](#update-package) ``` composer update cybear-care/laravel-security ``` ### Sync New Features [](#sync-new-features) ``` php artisan cybear:sync php artisan vendor:publish --tag=cybear-config --force ``` --- 🎯 Production Deployment ----------------------- [](#-production-deployment) ### Performance Optimization [](#performance-optimization) ``` # Use Redis for caching CACHE_DRIVER=redis CYBEAR_WAF_CACHE_RULES=true CYBEAR_RATE_LIMIT_CACHE=redis # Optimize collection interval CYBEAR_COLLECTORS_INTERVAL=daily ``` ### Security Hardening [](#security-hardening) ``` # Enable enforcement mode CYBEAR_WAF_MODE=enforce # Enable all audit logging CYBEAR_AUDIT_LOG_REQUESTS=true CYBEAR_AUDIT_LOG_AUTH=true # Strict rate limiting CYBEAR_RATE_LIMIT_RPM=30 CYBEAR_RATE_LIMIT_RPH=500 ``` ### Monitoring [](#monitoring) - Monitor logs: `tail -f storage/logs/laravel.log | grep Cybear` - Check status: `php artisan cybear:status` - View dashboard: [Cybear Platform](https://cybear.care/dashboard) 🔐 Security Notice ----------------- [](#-security-notice) This package automatically protects your application, but remember: - Keep your Cybear API key secure - Regularly update the package for latest security patches - Monitor the Cybear dashboard for security alerts - Review audit logs for suspicious activity **Your Laravel application is now secured by Cybear! 🐻🛡️** ### Health Score 16 — LowBetter than 5% of packages Maintenance44 Moderate activity, may be stable Popularity1 Limited adoption so far Community8 Small or concentrated contributor base Maturity13 Early-stage or recently created project Bus Factor1 Top contributor holds 50% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/6ffae405419e180debafa7f4dbc01b62bf38d73f272769548e16d6d9b76e49d5?d=identicon)[cybear-care](/maintainers/cybear-care) --- Top Contributors [![arnoldasr](https://avatars.githubusercontent.com/u/87844946?v=4)](https://github.com/arnoldasr "arnoldasr (1 commits)")[![kibernautas](https://avatars.githubusercontent.com/u/49907666?v=4)](https://github.com/kibernautas "kibernautas (1 commits)") ### Embed Badge ![Health badge](/badges/cybear-care-laravel-security/health.svg) ``` [![Health](https://phpackages.com/badges/cybear-care-laravel-security/health.svg)](https://phpackages.com/packages/cybear-care-laravel-security) ``` PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)