From b576fd7c66eab52d25aa0ba0b1e65aabdd9d8545 Mon Sep 17 00:00:00 2001 From: sabban <15465465+sabban@users.noreply.github.com> Date: Mon, 18 Oct 2021 15:58:07 +0200 Subject: [PATCH 1/5] fix perms --- debian/postinst | 18 ++++++++++++++++-- rpm/SPECS/crowdsec.spec | 11 +++++++++-- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/debian/postinst b/debian/postinst index 26279bce7..51667136a 100644 --- a/debian/postinst +++ b/debian/postinst @@ -28,9 +28,23 @@ if [ "$1" = configure ]; then set -e COLLECTIONS=true fi + + if [[ -f /etc/crowdsec/local_api_credentials.yaml ]] ; then + chmod 600 /etc/crowdsec/local_api_credentials.yaml + fi + + if [[ ! -f /etc/crowdsec/online_api_credentials.yaml ]]; then + chmod 600 /etc/crowdsec/online_api_credentials.yaml + fi + if [[ ! -f /etc/crowdsec/local_api_credentials.yaml ]] || [[ ! -f /etc/crowdsec/online_api_credentials.yaml ]]; then - touch /etc/crowdsec/local_api_credentials.yaml - touch /etc/crowdsec/online_api_credentials.yaml + if [[ ! -f /etc/crowdsec/local_api_credentials.yaml ]] ; then + install -m 600 /dev/null /etc/crowdsec/local_api_credentials.yaml + fi + if [[ ! -f /etc/crowdsec/online_api_credentials.yaml ]] ; then + install -m 600 /dev/null /etc/crowdsec/online_api_credentials.yaml + fi + db_input medium crowdsec/lapi || true db_go || true diff --git a/rpm/SPECS/crowdsec.spec b/rpm/SPECS/crowdsec.spec index 9576baf6f..11d3ff0e2 100644 --- a/rpm/SPECS/crowdsec.spec +++ b/rpm/SPECS/crowdsec.spec @@ -155,8 +155,8 @@ if [ $1 == 1 ]; then set +e fi if [ ! -f "%{_sysconfdir}/crowdsec/online_api_credentials.yaml" ] && [ ! -f "%{_sysconfdir}/crowdsec/local_api_credentials.yaml" ] ; then - touch %{_sysconfdir}/crowdsec/online_api_credentials.yaml - touch %{_sysconfdir}/crowdsec/local_api_credentials.yaml + install -m 600 /dev/null %{_sysconfdir}/crowdsec/online_api_credentials.yaml + install -m 600 /dev/null %{_sysconfdir}/crowdsec/local_api_credentials.yaml cscli capi register cscli machines add -a fi @@ -180,6 +180,13 @@ elif [ $1 == 2 ] && [ -d /var/lib/crowdsec/backup ]; then rm -rf /var/lib/crowdsec/backup fi + if [[ -f %{_sysconfdir}/crowdsec/online_api_credentials.yaml ]] ; then + chmod 600 %{_sysconfdir}/crowdsec/online_api_credentials.yaml + fi + + if [[ -f %{_sysconfdir}/crowdsec/local_api_credentials.yaml ]] ; then + chmod 600 %{_sysconfdir}/crowdsec/local_api_credentials.yaml + fi fi %systemd_post %{name}.service From c41234e6e18e2a5c06728e4ef3c0daf7bfff07ab Mon Sep 17 00:00:00 2001 From: sabban <15465465+sabban@users.noreply.github.com> Date: Mon, 18 Oct 2021 17:15:28 +0200 Subject: [PATCH 2/5] typo --- debian/postinst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/postinst b/debian/postinst index 51667136a..4705b8df4 100644 --- a/debian/postinst +++ b/debian/postinst @@ -33,7 +33,7 @@ if [ "$1" = configure ]; then chmod 600 /etc/crowdsec/local_api_credentials.yaml fi - if [[ ! -f /etc/crowdsec/online_api_credentials.yaml ]]; then + if [[ -f /etc/crowdsec/online_api_credentials.yaml ]]; then chmod 600 /etc/crowdsec/online_api_credentials.yaml fi From 2e146ea3fcfa32e24cf2312f6e3f2890aa418df1 Mon Sep 17 00:00:00 2001 From: sabban <15465465+sabban@users.noreply.github.com> Date: Mon, 13 Dec 2021 17:37:37 +0100 Subject: [PATCH 3/5] update to use debian/install files --- debian/rules | 8 -------- 1 file changed, 8 deletions(-) diff --git a/debian/rules b/debian/rules index 18ba25ad9..a9fdb1d42 100755 --- a/debian/rules +++ b/debian/rules @@ -37,14 +37,6 @@ override_dh_auto_install: install -m 551 plugins/notifications/http/notification-http debian/crowdsec/usr/lib/crowdsec/plugins/ install -m 551 plugins/notifications/splunk/notification-splunk debian/crowdsec/usr/lib/crowdsec/plugins/ - cp plugins/notifications/slack/slack.yaml debian/crowdsec/etc/crowdsec/notifications/ - cp plugins/notifications/http/http.yaml debian/crowdsec/etc/crowdsec/notifications/ - cp plugins/notifications/splunk/splunk.yaml debian/crowdsec/etc/crowdsec/notifications/ - cp cmd/crowdsec/crowdsec debian/crowdsec/usr/bin cp cmd/crowdsec-cli/cscli debian/crowdsec/usr/bin cp wizard.sh debian/crowdsec/usr/share/crowdsec - cp config/config.yaml debian/crowdsec/etc/crowdsec/config.yaml - cp config/simulation.yaml debian/crowdsec/etc/crowdsec/simulation.yaml - cp config/profiles.yaml debian/crowdsec/etc/crowdsec/profiles.yaml - cp -a config/patterns debian/crowdsec/etc/crowdsec From c8ec37ea4e9a46d0883dbde64c091d4b2939a460 Mon Sep 17 00:00:00 2001 From: sabban <15465465+sabban@users.noreply.github.com> Date: Mon, 13 Dec 2021 17:41:25 +0100 Subject: [PATCH 4/5] add debian/install file --- debian/install | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 debian/install diff --git a/debian/install b/debian/install new file mode 100644 index 000000000..e92b76baa --- /dev/null +++ b/debian/install @@ -0,0 +1,11 @@ +config/config.yaml etc/crowdsec/ +config/profiles.yaml etc/crowdsec/ +config/simulation.yaml etc/crowdsec/ + +config/patterns/* etc/crowdsec/patterns +config/crowdsec.service lib/systemd/system + +# Referenced configs: +plugins/notifications/slack/slack.yaml etc/crowdsec/notifications/ +plugins/notifications/http/http.yaml etc/crowdsec/notifications/ +plugins/notifications/splunk/splunk.yaml debian/crowdsec/etc/crowdsec/notifications/ From efa06870c08a881413cb6e08de43a1d0f8468dad Mon Sep 17 00:00:00 2001 From: sabban <15465465+sabban@users.noreply.github.com> Date: Wed, 29 Dec 2021 11:53:44 +0100 Subject: [PATCH 5/5] add the ability for the wizard to work on raspbian --- wizard.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wizard.sh b/wizard.sh index febefba13..a858b470c 100755 --- a/wizard.sh +++ b/wizard.sh @@ -132,7 +132,7 @@ detect_services () { fi; done; done; - if [[ ${OSTYPE} == "linux-gnu" ]]; then + if [[ ${OSTYPE} == "linux-gnu" ]] || [[ ${OSTYPE} == "linux-gnueabihf" ]]; then DETECTED_SERVICES+=("linux") HMENU+=("linux" "on") else