crowdsec/wizard.sh

789 lines
23 KiB
Bash
Raw Permalink Normal View History

2022-06-21 12:53:51 +00:00
#!/bin/sh
2020-05-15 09:39:16 +00:00
2022-06-21 12:53:51 +00:00
# allow calling functions in an "if" statement
#shellcheck disable=SC2310
2020-05-15 09:39:16 +00:00
2022-06-21 12:53:51 +00:00
set -e
2022-06-21 12:53:51 +00:00
checkroot() {
#shellcheck disable=SC2312
if [ "$(id -u)" -ne 0 ]; then
log_err "Please run the wizard as root or with sudo"
exit 1
fi
}
2022-06-21 12:53:51 +00:00
interactive() {
if [ ! -t 0 ] || [ "$SILENT" = "true" ]; then
return 1
fi
return 0
}
2020-05-15 09:39:16 +00:00
SILENT="false"
DOCKER_MODE="false"
2020-05-15 09:39:16 +00:00
CROWDSEC_LIB_DIR="/var/lib/crowdsec"
2020-05-27 15:35:35 +00:00
CROWDSEC_USR_DIR="/usr/local/lib/crowdsec"
2020-05-15 09:39:16 +00:00
CROWDSEC_DATA_DIR="${CROWDSEC_LIB_DIR}/data"
CROWDSEC_DB_PATH="${CROWDSEC_DATA_DIR}/crowdsec.db"
CROWDSEC_PATH="/etc/crowdsec"
2022-06-21 12:53:51 +00:00
CROWDSEC_CONFIG_PATH="$CROWDSEC_PATH"
2020-05-15 09:39:16 +00:00
CROWDSEC_LOG_FILE="/var/log/crowdsec.log"
2021-03-11 10:18:09 +00:00
LAPI_LOG_FILE="/var/log/crowdsec_api.log"
2020-05-15 09:39:16 +00:00
CROWDSEC_BIN="./cmd/crowdsec/crowdsec"
CSCLI_BIN="./cmd/crowdsec-cli/cscli"
CLIENT_SECRETS="local_api_credentials.yaml"
LAPI_SECRETS="online_api_credentials.yaml"
BIN_INSTALL_PATH="/usr/local/bin"
CROWDSEC_BIN_INSTALLED="${BIN_INSTALL_PATH}/crowdsec"
2022-06-21 12:53:51 +00:00
if [ -f "/usr/bin/cscli" ]; then
CSCLI_BIN_INSTALLED="/usr/bin/cscli"
else
CSCLI_BIN_INSTALLED="${BIN_INSTALL_PATH}/cscli"
fi
2020-05-15 09:39:16 +00:00
2022-06-21 12:53:51 +00:00
ACQUIS_DIR="${CROWDSEC_CONFIG_PATH}/acquis.d"
ACQUIS_YAML="${CROWDSEC_CONFIG_PATH}/acquis.yaml"
2020-05-15 09:39:16 +00:00
SYSTEMD_PATH_FILE="/etc/systemd/system/crowdsec.service"
PATTERNS_FOLDER="config/patterns"
PATTERNS_PATH="${CROWDSEC_CONFIG_PATH}/patterns/"
ACTION=""
DEBUG_MODE="false"
FORCE_MODE="false"
2020-05-15 09:39:16 +00:00
2022-06-21 12:53:51 +00:00
PLUGIN_CONFIGURATION_SRC="./plugins/notifications"
PLUGIN_CONFIGURATION_DEST="/etc/crowdsec/notifications"
PLUGIN_BINARIES_SRC="./plugins/notifications"
PLUGIN_BINARIES_DEST="${CROWDSEC_USR_DIR}/plugins"
2022-06-21 12:53:51 +00:00
# XXX WTH should remove it later
2020-05-15 09:39:16 +00:00
BACKUP_DIR=$(mktemp -d)
2022-03-16 08:30:04 +00:00
rm -rf -- "$BACKUP_DIR"
2020-05-15 09:39:16 +00:00
2022-06-21 12:53:51 +00:00
set_colors() {
#shellcheck disable=SC2034
if [ ! -t 0 ]; then
# terminal is not interactive; no colors
FG_RED=""
FG_GREEN=""
FG_YELLOW=""
FG_BLUE=""
FG_MAGENTA=""
FG_CYAN=""
FG_WHITE=""
BOLD=""
RESET=""
elif tput sgr0 >/dev/null; then
# terminfo
FG_RED=$(tput setaf 1)
FG_GREEN=$(tput setaf 2)
FG_YELLOW=$(tput setaf 3)
FG_BLUE=$(tput setaf 4)
FG_MAGENTA=$(tput setaf 5)
FG_CYAN=$(tput setaf 6)
FG_WHITE=$(tput setaf 7)
BOLD=$(tput bold)
RESET=$(tput sgr0)
else
FG_RED=$(printf '%b' '\033[31m')
FG_GREEN=$(printf '%b' '\033[32m')
FG_YELLOW=$(printf '%b' '\033[33m')
FG_BLUE=$(printf '%b' '\033[34m')
FG_MAGENTA=$(printf '%b' '\033[35m')
FG_CYAN=$(printf '%b' '\033[36m')
FG_WHITE=$(printf '%b' '\033[37m')
BOLD=$(printf '%b' '\033[1m')
RESET=$(printf '%b' '\033[0m')
fi
}
#XXX logging is not consistent
2020-05-15 09:39:16 +00:00
log_info() {
msg=$1
date=$(date +%x:%X)
2022-06-21 12:53:51 +00:00
echo "${FG_BLUE}INFO${RESET}[${date}] crowdsec_wizard: ${msg}"
}
log_fatal() {
msg=$1
date=$(date +%x:%X)
2022-06-21 12:53:51 +00:00
echo "${FG_RED}FATA${RESET}[${date}] crowdsec_wizard: ${msg}" >&2
exit 1
2020-05-15 09:39:16 +00:00
}
log_warn() {
msg=$1
date=$(date +%x:%X)
2022-06-21 12:53:51 +00:00
echo "${FG_YELLOW}WARN${RESET}[${date}] crowdsec_wizard: ${msg}"
}
2020-05-15 09:39:16 +00:00
log_err() {
msg=$1
date=$(date +%x:%X)
2022-06-21 12:53:51 +00:00
echo "${FG_RED}ERR${RESET}[${date}] crowdsec_wizard: ${msg}" >&2
2020-05-15 09:39:16 +00:00
}
log_dbg() {
2022-06-21 12:53:51 +00:00
if [ "$DEBUG_MODE" = "true" ]; then
2020-05-15 09:39:16 +00:00
msg=$1
date=$(date +%x:%X)
2022-06-21 12:53:51 +00:00
echo "[${date}][${FG_YELLOW}DBG${RESET}] crowdsec_wizard: ${msg}" >&2
fi
}
2022-06-21 12:53:51 +00:00
crowdsec_service_stop() {
if command -v systemctl >/dev/null && systemctl is-active --quiet crowdsec; then
systemctl stop crowdsec.service
fi
}
2020-05-15 09:39:16 +00:00
2022-06-21 12:53:51 +00:00
crowdsec_service_disable() {
if command -v systemctl >/dev/null && systemctl is-enabled --quiet crowdsec; then
systemctl disable crowdsec.service
2020-05-15 09:39:16 +00:00
fi
2022-06-21 12:53:51 +00:00
}
2022-06-21 12:53:51 +00:00
crowdsec_service_restart() {
if command -v systemctl >/dev/null; then
systemctl restart crowdsec
fi
2020-05-15 09:39:16 +00:00
}
2022-06-21 12:53:51 +00:00
detect_cs_install() {
if [ -f "$CROWDSEC_BIN_INSTALLED" ]; then
log_warn "Crowdsec is already installed!"
echo ""
2022-06-21 12:53:51 +00:00
echo "We recommend to upgrade: sudo $0 --upgrade "
echo "If you want to install it anyway, please use '--force'."
echo ""
2022-06-21 12:53:51 +00:00
echo "Run: sudo $0 -i --force"
if [ "$FORCE_MODE" = "false" ]; then
exit 1
fi
fi
}
2022-06-21 12:53:51 +00:00
check_cs_version() {
CURRENT_CS_VERSION=$(crowdsec -version 2>&1 | grep version | grep -Eio 'v[0-9]+.[0-9]+.[0-9]+' | cut -c 2-)
2022-06-21 12:53:51 +00:00
NEW_CS_VERSION=$("$CROWDSEC_BIN" -version 2>&1 | grep version | grep -Eio 'v[0-9]+.[0-9]+.[0-9]+' | cut -c 2-)
CURRENT_MAJOR_VERSION=$(echo "$CURRENT_CS_VERSION" | cut -d'.' -f1)
CURRENT_MINOR_VERSION=$(echo "$CURRENT_CS_VERSION" | cut -d'.' -f2)
CURRENT_PATCH_VERSION=$(echo "$CURRENT_CS_VERSION" | cut -d'.' -f3)
NEW_MAJOR_VERSION=$(echo "$NEW_CS_VERSION" | cut -d'.' -f1)
NEW_MINOR_VERSION=$(echo "$NEW_CS_VERSION" | cut -d'.' -f2)
NEW_PATCH_VERSION=$(echo "$NEW_CS_VERSION" | cut -d'.' -f3)
if [ "$NEW_MAJOR_VERSION" -gt "$CURRENT_MAJOR_VERSION" ]; then
if [ "$FORCE_MODE" = "false" ]; then
log_warn "new version (${NEW_CS_VERSION}) is a major, please follow the documentation to upgrade!"
echo ""
exit 1
fi
2022-06-21 12:53:51 +00:00
elif [ "$NEW_MINOR_VERSION" -gt "$CURRENT_MINOR_VERSION" ]; then
log_warn "new version (${NEW_CS_VERSION}) is a minor upgrade!"
if [ "$ACTION" != "upgrade" ]; then
if [ "$FORCE_MODE" = "false" ]; then
echo ""
2022-06-21 12:53:51 +00:00
echo "We recommend to upgrade with: sudo $0 --upgrade"
echo "If you want to ${ACTION} anyway, please use '--force'."
echo ""
2022-06-21 12:53:51 +00:00
echo "Run: sudo $0 --${ACTION} --force"
exit 1
fi
fi
2022-06-21 12:53:51 +00:00
elif [ "$NEW_PATCH_VERSION" -gt "$CURRENT_PATCH_VERSION" ]; then
log_warn "new version (${NEW_CS_VERSION}) is a patch !"
if [ "$ACTION" != "binupgrade" ]; then
if [ "$FORCE_MODE" = "false" ]; then
echo ""
2022-06-21 12:53:51 +00:00
echo "We recommend to upgrade binaries only: sudo $0 --binupgrade"
echo "If you want to ${ACTION} anyway, please use '--force'."
echo ""
2022-06-21 12:53:51 +00:00
echo "Run: sudo $0 --${ACTION} --force"
exit 1
fi
fi
2022-06-21 12:53:51 +00:00
elif [ "$NEW_MINOR_VERSION" -eq "$CURRENT_MINOR_VERSION" ]; then
log_warn "new version (${NEW_CS_VERSION}) is same as current version (${CURRENT_CS_VERSION})!"
if [ "$FORCE_MODE" = "false" ]; then
echo ""
2022-06-21 12:53:51 +00:00
echo "We recommend to ${ACTION} only if it's an higher version."
echo "If it's an RC version (vX.X.X-rc) you can upgrade it using '--force'."
echo ""
2022-06-21 12:53:51 +00:00
echo "Run: sudo $0 --${ACTION} --force"
exit 1
fi
fi
}
2020-05-15 09:39:16 +00:00
install_crowdsec() {
2022-06-21 12:53:51 +00:00
mkdir -p "$CROWDSEC_DATA_DIR"
mkdir -p "$CROWDSEC_CONFIG_PATH/collections"
mkdir -p "$CROWDSEC_CONFIG_PATH/parsers"
mkdir -p "$CROWDSEC_CONFIG_PATH/patterns"
mkdir -p "$CROWDSEC_CONFIG_PATH/postoverflows"
mkdir -p "$CROWDSEC_CONFIG_PATH/scenarios"
(cd config && find patterns -maxdepth 1 -type f -exec install -m 0644 "{}" "${CROWDSEC_CONFIG_PATH}/{}" \; && cd ../)
install -m 0600 "./config/$CLIENT_SECRETS" "$CROWDSEC_CONFIG_PATH"
install -m 0600 "./config/$LAPI_SECRETS" "$CROWDSEC_CONFIG_PATH"
install -m 0600 ./config/config.yaml "$CROWDSEC_CONFIG_PATH"
install -m 0644 ./config/dev.yaml "$CROWDSEC_CONFIG_PATH"
install -m 0644 ./config/user.yaml "$CROWDSEC_CONFIG_PATH"
install -m 0644 ./config/profiles.yaml "$CROWDSEC_CONFIG_PATH"
install -m 0644 ./config/simulation.yaml "$CROWDSEC_CONFIG_PATH"
install -m 0644 ./config/console.yaml "$CROWDSEC_CONFIG_PATH"
mkdir -p "$CROWDSEC_CONFIG_PATH/hub"
install -m 0644 ./config/detect.yaml "${CROWDSEC_CONFIG_PATH}/hub"
#shellcheck disable=SC2016
DATA=${CROWDSEC_DATA_DIR} CFG=${CROWDSEC_CONFIG_PATH} envsubst '$CFG $DATA' <./config/user.yaml >"${CROWDSEC_CONFIG_PATH}/user.yaml" || log_fatal "unable to generate user configuration file"
if [ "$DOCKER_MODE" = "false" ]; then
#shellcheck disable=SC2016
CFG=${CROWDSEC_CONFIG_PATH} BIN=${CROWDSEC_BIN_INSTALLED} envsubst '$CFG $BIN' <./config/crowdsec.service >"$SYSTEMD_PATH_FILE" || log_fatal "unable to generate systemd file"
fi
2020-05-15 09:39:16 +00:00
install_bins
2022-06-21 12:53:51 +00:00
if [ "$DOCKER_MODE" = "false" ]; then
systemctl daemon-reload
fi
2020-05-15 09:39:16 +00:00
}
update_bins() {
log_info "Only upgrading binaries"
delete_bins
install_bins
log_info "Upgrade finished"
systemctl restart crowdsec || log_fatal "unable to restart crowdsec with systemctl"
2020-05-15 09:39:16 +00:00
}
update_full() {
2022-06-21 12:53:51 +00:00
if [ ! -f "$CROWDSEC_BIN" ]; then
log_err "Crowdsec binary '${CROWDSEC_BIN}' not found. Please build it with 'make build'"
exit
2020-05-15 09:39:16 +00:00
fi
2022-06-21 12:53:51 +00:00
if [ ! -f "$CSCLI_BIN" ]; then
log_err "Cscli binary '${CSCLI_BIN}' not found. Please build it with 'make build'"
exit
2020-05-15 09:39:16 +00:00
fi
log_info "Backing up existing configuration"
2022-06-21 12:53:51 +00:00
"$CSCLI_BIN_INSTALLED" config backup "$BACKUP_DIR"
log_info "Saving default database content if exist"
2022-06-21 12:53:51 +00:00
if [ -f "/var/lib/crowdsec/data/crowdsec.db" ]; then
cp /var/lib/crowdsec/data/crowdsec.db "${BACKUP_DIR}/crowdsec.db"
fi
2020-05-15 09:39:16 +00:00
log_info "Cleanup existing crowdsec configuration"
uninstall_crowdsec
log_info "Installing crowdsec"
install_crowdsec
log_info "Restoring configuration"
2022-06-21 12:53:51 +00:00
"$CSCLI_BIN_INSTALLED" hub update
"$CSCLI_BIN_INSTALLED" config restore "$BACKUP_DIR"
log_info "Restoring saved database if exist"
2022-06-21 12:53:51 +00:00
if [ -f "${BACKUP_DIR}/crowdsec.db" ]; then
cp "${BACKUP_DIR}/crowdsec.db" /var/lib/crowdsec/data/crowdsec.db
fi
2020-05-15 09:39:16 +00:00
log_info "Finished, restarting"
2022-06-21 12:53:51 +00:00
crowdsec_service_restart || log_fatal "Failed to restart crowdsec"
2020-05-15 09:39:16 +00:00
}
install_bins() {
log_dbg "Installing crowdsec binaries"
2022-06-21 12:53:51 +00:00
install -m 0755 "$CROWDSEC_BIN" "$CROWDSEC_BIN_INSTALLED" >/dev/null
install -m 0755 "$CSCLI_BIN" "$CSCLI_BIN_INSTALLED" >/dev/null
crowdsec_service_stop
install_plugins
symlink_bins
}
symlink_bins() {
2022-06-21 12:53:51 +00:00
if echo "$PATH" | grep -q "$BIN_INSTALL_PATH"; then
log_dbg "${BIN_INSTALL_PATH} found in PATH"
else
2022-06-21 12:53:51 +00:00
ln -s "$CSCLI_BIN_INSTALLED" /usr/bin/cscli
ln -s "$CROWDSEC_BIN_INSTALLED" /usr/bin/crowdsec
fi
2020-05-15 09:39:16 +00:00
}
delete_bins() {
log_info "Removing crowdsec binaries"
2022-06-21 12:53:51 +00:00
rm -f -- "$CROWDSEC_BIN_INSTALLED"
rm -f -- "$CSCLI_BIN_INSTALLED"
2020-05-15 09:39:16 +00:00
}
delete_plugins() {
2022-06-21 12:53:51 +00:00
rm -rf -- "$PLUGIN_BINARIES_DEST"
}
detect_only() {
"$CSCLI_BIN_INSTALLED" setup detect --yaml
}
edit_file() {
editor="$VISUAL"
if [ "$editor" = "" ]; then
#shellcheck disable=SC2153
editor="$EDITOR"
fi
if [ "$editor" = "" ]; then
if command -v nano >/dev/null; then
editor="nano"
elif command -v nano-tiny >/dev/null; then
editor="nano-tiny"
elif command -v vi >/dev/null; then
editor="vi"
else
echo "No editor found"
exit 1
fi
fi
"$editor" "$1"
}
detect_edit_validate() {
setup_yaml_path="$1"
while true; do
cat <<-EOT >"$setup_yaml_path"
#
# XXX detection timestamp, how to edit
# blah blah blah
#
# Out of safety, we recommend installing the parser 'crowdsecurity/whitelists'.
# It will prevent private IP addresses from being banned. It's an anti-lockout measure,
# feel free to remove it any time.
#
EOT
echo
"$CSCLI_BIN_INSTALLED" setup detect --yaml | tee -a "$setup_yaml_path"
#
# If the user asked for --unattended, or the script is not interactive,
# we use the detected setup without changes.
#
if ! interactive; then
return 0
fi
printf '%s ' "Crowdsec has detected these services. Do you want to edit the list now? (Y/n)"
read -r confirm
if echo "$confirm" | grep -q '^[Nn]'; then
return 0
fi
while true; do
edit_file "$setup_yaml_path"
if ! errors=$("$CSCLI_BIN_INSTALLED" setup validate "$setup_yaml_path" 2>/dev/null); then
echo
echo "The setup file has errors:"
echo
if [ "$errors" = "EOF" ]; then
errors="The file is empty. A 'setup:' section is required, even if it has no items."
fi
echo "$errors"
echo
printf '%s ' "[E]dit, [D]etect again, [Q]uit configuration? (E/d/q)"
read -r confirm
if echo "$confirm" | grep -q '^[Dd]'; then
break
fi
if echo "$confirm" | grep -q '^[Qq]'; then
rm -f "$setup_yaml_path"
return 1
fi
else
return 0
fi
done
done
}
# Pause until the user types <enter>
# unless the script is run in non-interactive mode.
ask_press_enter() {
if ! interactive; then
return 0
fi
printf "%s " "Press Enter to continue:" >&2
read -r key
}
2022-06-21 12:53:51 +00:00
# Check if we can proceed with the automatic detection and hub + acquisition configuration.
# If the script is interactive, we ask the user for confirmation when it makes sense.
#
# arguments: none
# return: 0 if we can proceed with the configuration, 1 if we should skip it.
safe_to_configure() {
# if "wizard.sh" is in ACQUIS_YAML, never detect
if grep -q 'wizard.sh' "$ACQUIS_YAML" 2>/dev/null; then
cat <<-EOT >&2
A previous version of Crowdsec has detected the running services and put
datasource configuration in the file $ACQUIS_YAML.
In this version, the same information goes in $ACQUIS_DIR, one
file per service.
If you want to run the automated service detection again, please remove the
relevant sections from $ACQUIS_YAML or rename the file, and run "$0 --configure"
again.
EOT
ask_press_enter
return 1
fi
# if acquis.yaml exists but has no wizard.sh, ask for confirmation (if
# interactive) before detecting
if [ -f "$ACQUIS_YAML" ]; then
if ! interactive; then
echo "Skipping automatic detection because $ACQUIS_YAML already exists." >&2
echo "Run \"$0 --configure\" to detect the services again." >&2
return 1
fi
cat <<-EOT >&2
A previous version of Crowdsec was already configured.
If you run the automated service detection now, it will create new acquisition
directives in $ACQUIS_DIR, in addition to the ones already in $ACQUIS_YAML.
When the configuration is done, please check the content of these files
to avoid duplicate log locations.
EOT
printf '%s ' "Do you want to run the service detection now? (y/N)"
read -r confirm
if echo "$confirm" | grep -q '^[Nn]'; then
return 1
fi
fi
return 0
}
detect_and_install_hub() {
if ! safe_to_configure; then
return 1
fi
tmp_dir=$(mktemp -d)
tmp_file="$tmp_dir/setup.yaml"
if ! detect_edit_validate "$tmp_file"; then
echo
echo "Exiting crowdsec configuration, you can run it again with '$0 --configure'" >&2
ask_press_enter
2022-06-21 12:53:51 +00:00
rm -f "$tmp_file"
rmdir "$tmp_dir"
return 1
fi
echo "Installing hub objects...."
"$CSCLI_BIN_INSTALLED" setup install-hub "$tmp_file"
mkdir -p "$ACQUIS_DIR"
2022-06-21 12:53:51 +00:00
echo "Generating acquisition files..."
"$CSCLI_BIN_INSTALLED" setup datasources "$tmp_file" --to-dir "$ACQUIS_DIR"
if [ ! -f "$ACQUIS_YAML" ]; then
cat <<-EOT >"$ACQUIS_YAML"
---
# Your datasource configuration goes here.
EOT
fi
2022-06-21 12:53:51 +00:00
echo "Done"
rm -f "$tmp_file"
rmdir "$tmp_dir"
}
install_plugins() {
for plugin in email http slack splunk; do
mkdir -p "$PLUGIN_BINARIES_DEST"
install -m 0755 "$PLUGIN_BINARIES_SRC/$plugin/notification-$plugin" "$PLUGIN_BINARIES_DEST/"
if [ "$DOCKER_MODE" = "false" ]; then
if [ -f "$PLUGIN_CONFIGURATION_DEST/$plugin/$plugin.yaml" ]; then
chmod 0600 "$PLUGIN_CONFIGURATION_DEST/$plugin/$plugin.yaml"
else
mkdir -p "$PLUGIN_CONFIGURATION_DEST/$plugin"
install -m 0600 "$PLUGIN_CONFIGURATION_SRC/$plugin/$plugin.yaml" "$PLUGIN_CONFIGURATION_DEST/$plugin/$plugin.yaml"
fi
fi
done
}
check_running_bouncers() {
2022-06-21 12:53:51 +00:00
# when uninstalling, check if the user still has bouncers
BOUNCERS_COUNT=$("$CSCLI_BIN" bouncers list -o=raw | tail -n +2 | wc -l)
if [ "$BOUNCERS_COUNT" -gt 0 ]; then
if [ "$FORCE_MODE" = "false" ]; then
echo "WARNING: You have at least one bouncer registered (cscli bouncers list)."
echo "WARNING: Uninstalling crowdsec with a running bouncer will leave it in an unpredictable state."
echo "WARNING: If you want to uninstall crowdsec, you should first uninstall the bouncers."
echo "Specify --force to bypass this restriction."
exit 1
2022-06-21 12:53:51 +00:00
fi
fi
}
2020-05-15 09:39:16 +00:00
# uninstall crowdsec and cscli
uninstall_crowdsec() {
2022-06-21 12:53:51 +00:00
crowdsec_service_stop
crowdsec_service_disable
# there is no way to know if the dashboard exists, so we have to ignore errors.
log_info "Removing dashboard..."
if "$CSCLI_BIN" dashboard remove -f -y; then
log_info "...done."
else
log_warn "...dashboard removal failed."
fi
2020-05-15 09:39:16 +00:00
delete_bins
2022-06-21 12:53:51 +00:00
rm -f -- "$CROWDSEC_LOG_FILE" "$LAPI_LOG_FILE" "$CROWDSEC_DB_PATH" "$SYSTEMD_PATH_FILE"
rm -rf -- "$CROWDSEC_LIB_DIR" "$CROWDSEC_USR_DIR"
2020-05-15 09:39:16 +00:00
log_info "crowdsec successfully uninstalled"
}
2022-06-21 12:53:51 +00:00
show_links() {
cat <<-EOT
Useful links to start with Crowdsec:
- Documentation : ${BOLD}https://doc.crowdsec.net/docs/getting_started/crowdsec_tour${RESET}
- Crowdsec Hub : ${BOLD}https://hub.crowdsec.net/${RESET}
- Open issues : https://github.com/crowdsecurity/crowdsec/issues
Useful commands to start with Crowdsec:
- sudo cscli metrics : https://doc.crowdsec.net/docs/observability/cscli
- sudo cscli decisions list : https://doc.crowdsec.net/docs/user_guides/decisions_mgmt
- sudo cscli hub list : https://doc.crowdsec.net/docs/user_guides/hub_mgmt
Next step: visualize all your alerts and explore our community CTI - ${BOLD}https://app.crowdsec.net${RESET}
CrowdSec alone will ${FG_YELLOW}${BOLD}not${RESET} block any IP address. If you want to block them, you must use a bouncer.
You can find them on ${BOLD}https://hub.crowdsec.net/browse/#bouncers${RESET}
EOT
}
2020-05-15 09:39:16 +00:00
main() {
2022-06-21 12:53:51 +00:00
if [ "$1" = "install" ] || [ "$1" = "configure" ] || [ "$1" = "detect" ]; then
if ! command -v envsubst >/dev/null; then
log_fatal "envsubst binary is needed to use do a full install with the wizard, exiting..."
fi
fi
2022-06-21 12:53:51 +00:00
if [ "$1" = "binupgrade" ]; then
checkroot
check_cs_version
2020-05-15 09:39:16 +00:00
update_bins
2022-06-21 12:53:51 +00:00
return 0
2020-05-15 09:39:16 +00:00
fi
2022-06-21 12:53:51 +00:00
if [ "$1" = "upgrade" ]; then
checkroot
check_cs_version
2020-05-15 09:39:16 +00:00
update_full
2022-06-21 12:53:51 +00:00
return 0
2020-05-15 09:39:16 +00:00
fi
2022-06-21 12:53:51 +00:00
if [ "$1" = "configure" ]; then
checkroot
"$CSCLI_BIN_INSTALLED" hub update
detect_and_install_hub
crowdsec_service_restart
show_links
return 0
fi
2022-06-21 12:53:51 +00:00
if [ "$1" = "noop" ]; then
return 0
fi
2022-06-21 12:53:51 +00:00
if [ "$1" = "uninstall" ]; then
checkroot
check_running_bouncers
2020-05-15 09:39:16 +00:00
uninstall_crowdsec
2022-06-21 12:53:51 +00:00
return 0
2020-05-15 09:39:16 +00:00
fi
2022-06-21 12:53:51 +00:00
if [ "$1" = "bininstall" ]; then
checkroot
log_info "checking existing crowdsec install"
detect_cs_install
2020-05-15 09:39:16 +00:00
log_info "installing crowdsec"
install_crowdsec
2022-06-21 12:53:51 +00:00
show_links
return 0
2020-05-15 09:39:16 +00:00
fi
2022-06-21 12:53:51 +00:00
if [ "$1" = "install" ]; then
checkroot
log_info "checking if crowdsec is installed"
detect_cs_install
2022-06-21 12:53:51 +00:00
# Run "make release" before installing (as non-root) in order to have the binary and then install crowdsec as root
2020-05-15 09:39:16 +00:00
log_info "installing crowdsec"
install_crowdsec
log_dbg "configuring ${CSCLI_BIN_INSTALLED}"
2020-05-15 09:39:16 +00:00
2022-06-21 12:53:51 +00:00
if ! "$CSCLI_BIN_INSTALLED" hub update >/dev/null 2>&1; then
log_err "fail to update crowdsec hub. exiting"
2020-05-15 09:39:16 +00:00
exit 1
fi
2022-06-21 12:53:51 +00:00
"$CSCLI_BIN_INSTALLED" hub update
2020-05-15 09:39:16 +00:00
# install patterns/ folder
log_dbg "Installing patterns"
2022-06-21 12:53:51 +00:00
mkdir -p "$PATTERNS_PATH"
2020-05-15 09:39:16 +00:00
cp "./${PATTERNS_FOLDER}/"* "${PATTERNS_PATH}/"
2022-06-21 12:53:51 +00:00
# register api
"$CSCLI_BIN_INSTALLED" machines add --force "$(cat /etc/machine-id)" -a -f "${CROWDSEC_CONFIG_PATH}/${CLIENT_SECRETS}" || log_fatal "unable to add machine to the local API"
log_dbg "Crowdsec LAPI registered"
"$CSCLI_BIN_INSTALLED" capi register || log_fatal "unable to register to the Central API"
log_dbg "Crowdsec CAPI registered"
detect_and_install_hub
systemctl enable -q crowdsec >/dev/null || log_fatal "unable to enable crowdsec"
systemctl start crowdsec >/dev/null || log_fatal "unable to start crowdsec"
log_info "enabling and starting crowdsec daemon"
2020-05-15 09:39:16 +00:00
2022-06-21 12:53:51 +00:00
show_links
return 0
2020-05-15 09:39:16 +00:00
fi
2022-06-21 12:53:51 +00:00
if [ "$1" = "detect" ]; then
detect_only
fi
2020-05-15 09:39:16 +00:00
}
usage() {
2022-06-21 12:53:51 +00:00
echo "Usage:"
echo " ./wizard.sh -h Display this help message."
echo " ./wizard.sh -c|--configure Detect running services and install hub objects + acquis files"
echo " ./wizard.sh -d|--detect Detect running services and print the result"
echo " ./wizard.sh -i|--install Assisted installation of crowdsec/cscli and hub objects"
echo " ./wizard.sh --bininstall Install binaries and empty config, no wizard."
echo " ./wizard.sh --uninstall Uninstall crowdsec/cscli"
echo " ./wizard.sh --binupgrade Upgrade crowdsec/cscli binaries"
echo " ./wizard.sh --upgrade Perform a full upgrade and try to migrate configs"
echo " ./wizard.sh --unattended Install in unattended mode, no question will be asked and defaults will be followed"
echo " ./wizard.sh --docker-mode Will install crowdsec without systemd and generate random machine-id"
echo " ./wizard.sh -n|--noop Do nothing"
}
if [ $# -eq 0 ]; then
usage
exit 0
2020-05-15 09:39:16 +00:00
fi
2022-06-21 12:53:51 +00:00
while [ $# -gt 0 ]; do
2020-05-15 09:39:16 +00:00
key="${1}"
case ${key} in
--uninstall)
ACTION="uninstall"
shift #past argument
;;
--binupgrade)
ACTION="binupgrade"
shift #past argument
;;
--upgrade)
ACTION="upgrade"
shift #past argument
;;
2022-06-21 12:53:51 +00:00
-i | --install)
2020-05-15 09:39:16 +00:00
ACTION="install"
shift # past argument
;;
--bininstall)
ACTION="bininstall"
shift # past argument
;;
--docker-mode)
DOCKER_MODE="true"
ACTION="bininstall"
shift # past argument
;;
2022-06-21 12:53:51 +00:00
-c | --configure)
ACTION="configure"
shift # past argument
;;
2022-06-21 12:53:51 +00:00
-d | --detect)
2020-05-15 09:39:16 +00:00
ACTION="detect"
shift # past argument
;;
2022-06-21 12:53:51 +00:00
-n | --noop)
ACTION="noop"
shift # past argument
;;
2020-05-15 09:39:16 +00:00
--unattended)
SILENT="true"
ACTION="install"
shift
;;
2022-06-21 12:53:51 +00:00
-f | --force)
FORCE_MODE="true"
shift
2022-06-21 12:53:51 +00:00
;;
-v | --verbose)
2020-05-15 09:39:16 +00:00
DEBUG_MODE="true"
shift
2022-06-21 12:53:51 +00:00
;;
-h | --help)
2020-05-15 09:39:16 +00:00
usage
exit 0
;;
2022-06-21 12:53:51 +00:00
*) # unknown option
2020-05-15 09:39:16 +00:00
log_err "Unknown argument ${key}."
usage
exit 1
;;
esac
done
2022-06-21 12:53:51 +00:00
set_colors
main "$ACTION"
exit 0