diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 000000000..ee87a4b5e --- /dev/null +++ b/debian/changelog @@ -0,0 +1,87 @@ +crowdsec (1.0.13-3) UNRELEASED; urgency=medium + + * Fix small stuff + + -- Manuel Sabban Wed, 26 Apr 2021 09:30:14 +0100 + +crowdsec (1.0.13-2) UNRELEASED; urgency=medium + + * Fix version advertisement + + -- Manuel Sabban Wed, 26 Apr 2021 09:30:14 +0100 + +crowdsec (1.0.13-1) UNRELEASED; urgency=medium + + * Bump to 1.0.13 + + -- Manuel Sabban Wed, 26 Apr 2021 09:30:14 +0100 + +crowdsec (1.0.12-1) UNRELEASED; urgency=medium + + * Bump to 1.0.12 + + -- Manuel Sabban Wed, 07 Apr 2021 15:10:11 +0100 + +crowdsec (1.0.9-5) UNRELEASED; urgency=medium + + * Fix cleanup on remove --purge + + -- Manuel Sabban Wed, 23 Mar 2021 15:17:09 +0100 + +crowdsec (1.0.9-4) UNRELEASED; urgency=medium + + * Fix a bunch a bugs in package management + + -- Manuel Sabban Wed, 23 Mar 2021 15:17:09 +0100 + +crowdsec (1.0.9-3) UNRELEASED; urgency=medium + + * truly fix error generating acquis.yaml + + -- Manuel Sabban Wed, 10 Feb 2021 10:41:06 +0100 + +crowdsec (1.0.9-2) UNRELEASED; urgency=medium + + * fix error generating acquis.yaml + + -- Manuel Sabban Wed, 10 Feb 2021 10:41:06 +0100 + +crowdsec (1.0.9-1) UNRELEASED; urgency=medium + + * bump to 1.0.9 + + -- Manuel Sabban Wed, 10 Feb 2021 10:41:06 +0100 + +crowdsec (1.0.7-4) UNRELEASED; urgency=medium + + * fix crowdsec -version output + + -- Manuel Sabban Wed, 10 Feb 2021 10:41:06 +0100 + +crowdsec (1.0.7-3) UNRELEASED; urgency=medium + + * fix error when docker metabase doesn't exist + * fix crowdsec not stopped when uninstalling + + -- Manuel Sabban Wed, 10 Feb 2021 10:41:06 +0100 + +crowdsec (1.0.7-2) UNRELEASED; urgency=medium + + * remove stop metabase docker container + * purge removes the metabase container once and for all + + -- Manuel Sabban Wed, 10 Feb 2021 10:41:06 +0100 + +crowdsec (1.0.7-1) UNRELEASED; urgency=medium + + * debian package + * bump to 1.0.7 + + -- Manuel Sabban Wed, 10 Feb 2021 10:41:06 +0100 + +crowdsec (1.0.4-1) UNRELEASED; urgency=medium + + * debian package + * bump to 1.0.4 + + -- Manuel Sabban Mon, 08 Feb 2021 09:38:06 +0100 diff --git a/debian/compat b/debian/compat new file mode 100644 index 000000000..b4de39476 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +11 diff --git a/debian/control b/debian/control new file mode 100644 index 000000000..8f812de54 --- /dev/null +++ b/debian/control @@ -0,0 +1,7 @@ +Source: crowdsec +Maintainer: Crowdsec Team +Build-Depends: debhelper, jq, bash, git + +Package: crowdsec +Architecture: any +Description: Crowdsec - An open-source, lightweight agent to detect and respond to bad behaviours. It also automatically benefits from our global community-wide IP reputation database diff --git a/debian/crowdsec.service b/debian/crowdsec.service new file mode 100644 index 000000000..839da0d96 --- /dev/null +++ b/debian/crowdsec.service @@ -0,0 +1,17 @@ +[Unit] +Description=Crowdsec agent +After=syslog.target network.target remote-fs.target nss-lookup.target + +[Service] +Type=notify +Environment=LC_ALL=C LANG=C +PIDFile=/run/crowdsec.pid +ExecStartPre=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml -t +ExecStart=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml +#ExecStartPost=/bin/sleep 0.1 +ExecReload=/bin/kill -HUP $MAINPID +Restart=always +RestartSec=60 + +[Install] +WantedBy=multi-user.target diff --git a/debian/debhelper-build-stamp b/debian/debhelper-build-stamp new file mode 100644 index 000000000..f4af9149d --- /dev/null +++ b/debian/debhelper-build-stamp @@ -0,0 +1 @@ +crowdsec diff --git a/debian/patches/fix-wizard.patch b/debian/patches/fix-wizard.patch new file mode 100644 index 000000000..616e6c67f --- /dev/null +++ b/debian/patches/fix-wizard.patch @@ -0,0 +1,91 @@ +generate acquis.yaml directly in place +Index: crowdsec/wizard.sh +=================================================================== +--- crowdsec.orig/wizard.sh ++++ crowdsec/wizard.sh +@@ -41,7 +41,6 @@ + fi + + ACQUIS_PATH="${CROWDSEC_CONFIG_PATH}" +-TMP_ACQUIS_FILE="tmp-acquis.yaml" + ACQUIS_TARGET="${ACQUIS_PATH}/acquis.yaml" + + PID_DIR="${CROWDSEC_RUN_DIR}" +@@ -265,30 +264,30 @@ + shift + local files=("${@}") + +- echo "#Generated acquisition file - wizard.sh (service: ${service}) / files : ${files[@]}" >> ${TMP_ACQUIS_FILE} ++ echo "#Generated acquisition file - wizard.sh (service: ${service}) / files : ${files[@]}" >> ${ACQUIS_TARGET} + +- echo "filenames:" >> ${TMP_ACQUIS_FILE} ++ echo "filenames:" >> ${ACQUIS_TARGET} + for fd in ${files[@]}; do +- echo " - ${fd}" >> ${TMP_ACQUIS_FILE} ++ echo " - ${fd}" >> ${ACQUIS_TARGET} + done +- echo "labels:" >> ${TMP_ACQUIS_FILE} +- echo " "${log_input_tags[${service}]} >> ${TMP_ACQUIS_FILE} +- echo "---" >> ${TMP_ACQUIS_FILE} +- log_dbg "tmp acquisition file generated to: ${TMP_ACQUIS_FILE}" ++ echo "labels:" >> ${ACQUIS_TARGET} ++ echo " "${log_input_tags[${service}]} >> ${ACQUIS_TARGET} ++ echo "---" >> ${ACQUIS_TARGET} ++ log_dbg "acquisition file generated to: ${ACQUIS_TARGET}" + } + + genyamljournal() { + local service="${1}" + shift + +- echo "#Generated acquisition file - wizard.sh (service: ${service}) / files : ${files[@]}" >> ${TMP_ACQUIS_FILE} ++ echo "#Generated acquisition file - wizard.sh (service: ${service}) / files : ${files[@]}" >> ${ACQUIS_TARGET} + +- echo "journalctl_filter:" >> ${TMP_ACQUIS_FILE} +- echo " - _SYSTEMD_UNIT="${service}".service" >> ${TMP_ACQUIS_FILE} +- echo "labels:" >> ${TMP_ACQUIS_FILE} +- echo " "${log_input_tags[${service}]} >> ${TMP_ACQUIS_FILE} +- echo "---" >> ${TMP_ACQUIS_FILE} +- log_dbg "tmp acquisition file generated to: ${TMP_ACQUIS_FILE}" ++ echo "journalctl_filter:" >> ${ACQUIS_TARGET} ++ echo " - _SYSTEMD_UNIT="${service}".service" >> ${ACQUIS_TARGET} ++ echo "labels:" >> ${ACQUIS_TARGET} ++ echo " "${log_input_tags[${service}]} >> ${ACQUIS_TARGET} ++ echo "---" >> ${ACQUIS_TARGET} ++ log_dbg "acquisition file generated to: ${ACQUIS_TARGET}" + } + + genacquisition() { +@@ -569,7 +568,6 @@ + ${CSCLI_BIN_INSTALLED} hub update + install_collection + genacquisition +- mv "${TMP_ACQUIS_FILE}" "${ACQUIS_TARGET}" + + return + fi +@@ -628,7 +626,6 @@ + + # Generate acquisition file and move it to the right folder + genacquisition +- mv "${TMP_ACQUIS_FILE}" "${ACQUIS_TARGET}" + log_info "acquisition file path: ${ACQUIS_TARGET}" + # Install collections according to detected services + log_dbg "Installing needed collections ..." +@@ -656,7 +653,6 @@ + + if [[ "$1" == "detect" ]]; + then +- rm -f "${TMP_ACQUIS_FILE}" + detect_services + if [[ ${DETECTED_SERVICES} == "" ]] ; then + log_err "No detected or selected services, stopping." +@@ -664,8 +660,7 @@ + fi; + log_info "Found ${#DETECTED_SERVICES[@]} supported services running:" + genacquisition +- cat "${TMP_ACQUIS_FILE}" +- rm "${TMP_ACQUIS_FILE}" ++ cat "${ACQUIS_TARGET}" + return + fi diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 000000000..ca1451cb0 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +fix-wizard.patch diff --git a/debian/postinst b/debian/postinst new file mode 100644 index 000000000..55c5c1cf3 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,90 @@ +#!/bin/bash + +COLLECTIONS=false +set -e + +# Source debconf library. +. /usr/share/debconf/confmodule + +if [ "$1" = configure ]; then + if [[ ! -d /var/lib/crowdsec/data ]]; then + mkdir -p /var/lib/crowdsec/data + fi + + if [[ -d /var/lib/crowdsec/backup ]]; then + cscli config restore /var/lib/crowdsec/backup/backup.config + rm -rf /var/lib/crowdsec/backup + /usr/bin/cscli hub update + /usr/bin/cscli hub upgrade + systemctl start crowdsec + fi + + . /usr/share/crowdsec/wizard.sh -n + if ! [[ -f /etc/crowdsec/config.yaml ]]; then + echo Creating crowdsec configuration in /etc/crowdsec + cp -a /usr/share/crowdsec/config/* /etc/crowdsec + + echo Creating /etc/crowdsec/acquis.yaml + set +e + SILENT=true detect_services + SILENT=true genacquisition + set -e + COLLECTIONS=true + fi + if [[ ! -f /etc/crowdsec/local_api_credentials.yaml ]] || [[ ! -f /etc/crowdsec/online_api_credentials.yaml ]]; then + touch /etc/crowdsec/local_api_credentials.yaml + touch /etc/crowdsec/online_api_credentials.yaml + db_input medium crowdsec/lapi || true + db_go || true + + db_get crowdsec/lapi + LAPI=$RET + + if [ "$LAPI" = true ]; then + db_input medium crowdsec/capi || true + db_go || true + + db_get crowdsec/capi + CAPI=$RET + + cscli machines add -a + + if [ "$CAPI" = true ]; then + cscli capi register + fi + + else + db_input medium crowdsec/lapi_host || true + db_go || true + + db_get crowdsec/lapi_host + LAPI_HOST=$RET + sed -i "s/127.0.0.1:8080/$LAPI_HOST/g" /etc/crowdsec/config.yaml + fi + fi + echo Updating hub + /usr/bin/cscli hub update + if [ $COLLECTIONS=true ]; then + set +e + CSCLI_BIN_INSTALLED="/usr/bin/cscli" SILENT=true install_collection + set -e + fi + + + if [[ -f /var/lib/crowdsec/data/crowdsec.db.backup ]]; then + cp /var/lib/crowdsec/data/crowdsec.db.backup /var/lib/crowdsec/data/crowdsec.db + rm -f /var/lib/crowdsec/data/crowdsec.db.backup + fi + + systemctl --quiet is-enabled crowdsec || systemctl unmask crowdsec && systemctl enable crowdsec + + if [ -z "$(ss -nlt 'sport = 8080' | grep -v ^State)" ]; then + systemctl start crowdsec + else + echo "Not attempting to start crowdsec, port 8080 is already used" + echo "This port is configured through /etc/crowdsec/config.yaml and /etc/crowdsec/local_api_credentials.yaml" + fi +fi + + +echo "You always can run the configuration again interactively using '/usr/share/crowdsec/wizard.sh -c" diff --git a/debian/postrm b/debian/postrm new file mode 100644 index 000000000..61a95eed2 --- /dev/null +++ b/debian/postrm @@ -0,0 +1,4 @@ +if [ "$1" = "purge" ]; then + find /etc/crowdsec -maxdepth 1 -mindepth 1 | grep -v "bouncer" | xargs rm -rf || echo "" + rm -rf /var/lib/crowdsec +fi diff --git a/debian/preinst b/debian/preinst new file mode 100644 index 000000000..e8520629b --- /dev/null +++ b/debian/preinst @@ -0,0 +1,43 @@ +#!/bin/bash + +set -e + +# Source debconf library. +. /usr/share/debconf/confmodule + + +OLD_MAJOR_VERSION=$(echo $2 | cut -d'.' -f1) +OLD_MINOR_VERSION=$(echo $2 | cut -d'.' -f2) +OLD_PATCH_VERSION=$(echo $2 | cut -d'.' -f3|cut -d'-' -f1) + +NEW_MAJOR_VERSION=$(echo $3 | cut -d'.' -f1) +NEW_MINOR_VERSION=$(echo $3 | cut -d'.' -f2) +NEW_PATCH_VERSION=$(echo $3 | cut -d'.' -f3|cut -d'-' -f1) + + + +if [ "$1" = upgrade ]; then + + OLD_MAJOR_VERSION=$(echo $2 | cut -d'.' -f1) + OLD_MINOR_VERSION=$(echo $2 | cut -d'.' -f2) + OLD_PATCH_VERSION=$(echo $2 | cut -d'.' -f3|cut -d'-' -f1) + + NEW_MAJOR_VERSION=$(echo $3 | cut -d'.' -f1) + NEW_MINOR_VERSION=$(echo $3 | cut -d'.' -f2) + NEW_PATCH_VERSION=$(echo $3 | cut -d'.' -f3|cut -d'-' -f1) + + + if [[ $OLD_MAJOR_VERSION -eq "1" ]] && [[ $OLD_MINOR_VERSION -eq "0" ]] && [[ $OLD_PATCH_VERSION -lt "9" ]]; then + if [[ -f /var/lib/crowdsec/data/crowdsec.db ]]; then + cp /var/lib/crowdsec/data/crowdsec.db /var/lib/crowdsec/data/crowdsec.db.backup + fi + fi + + if [[ $NEW_MAJOR_VERSION -gt $OLD_MAJOR_VERSION ]]; then + echo "Stopping crowdsec" + systemctl stop crowdsec || true + cscli config backup /var/lib/crowdsec/backup + fi +fi + +echo "You always can run the configuration again interactively using '/usr/share/crowdsec/wizard.sh -c" diff --git a/debian/prerm b/debian/prerm new file mode 100644 index 000000000..eb4eb4ed7 --- /dev/null +++ b/debian/prerm @@ -0,0 +1,9 @@ +if [ "$1" = "remove" ]; then + cscli dashboard remove -f -y || true + systemctl stop crowdsec + systemctl disable crowdsec +fi + +if [ "$1" = "upgrade" ]; then + systemctl stop crowdsec +fi \ No newline at end of file diff --git a/debian/rules b/debian/rules new file mode 100755 index 000000000..09bb60b9c --- /dev/null +++ b/debian/rules @@ -0,0 +1,37 @@ +#!/usr/bin/make -f + +export DEB_VERSION=$(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ') +export BUILD_VERSION=v${DEB_VERSION}-debian-pragmatic +export GO111MODULE=on + +# LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=$(BUILD_VERSION) \ +# -X github.com/crowdsecurity/crowdsec/pkg/cwversion.BuildDate=$(BUILD_TIMESTAMP) \ +# -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Codename=$(BUILD_CODENAME) \ +# -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Tag=$(BUILD_TAG) \ +# -X github.com/crowdsecurity/crowdsec/pkg/cwversion.GoVersion=$(BUILD_GOVERSION)" + +%: + dh $@ + +override_dh_auto_clean: +override_dh_auto_test: +override_dh_auto_build: +override_dh_auto_install: +# mkdir /tmp/go +# echo $(go version) +# echo $($GOCMD version) +# cd cmd/crowdsec && GOROOT=/tmp/go GO111MODULE=on $(GOBUILD) $(LD_OPTS) -o $(CROWDSEC_BIN) -v && cd .. +# cd cmd/crowdsec-cli && GOROOT=/tmp/go GO111MODULE=on $(GOBUILD) $(LD_OPTS) -o cscli -v && cd .. + make + mkdir -p debian/crowdsec/usr/bin + mkdir -p debian/crowdsec/etc/crowdsec + mkdir -p debian/crowdsec/usr/share/crowdsec + mkdir -p debian/crowdsec/etc/crowdsec/hub/ + mkdir -p debian/crowdsec/usr/share/crowdsec/config + cp cmd/crowdsec/crowdsec debian/crowdsec/usr/bin + cp cmd/crowdsec-cli/cscli debian/crowdsec/usr/bin + cp wizard.sh debian/crowdsec/usr/share/crowdsec + cp config/config.yaml debian/crowdsec/usr/share/crowdsec/config/config.yaml + cp config/simulation.yaml debian/crowdsec/usr/share/crowdsec/config/simulation.yaml + cp config/profiles.yaml debian/crowdsec/usr/share/crowdsec/config/profiles.yaml + cp -a config/patterns debian/crowdsec/usr/share/crowdsec/config diff --git a/debian/templates b/debian/templates new file mode 100644 index 000000000..44ed33003 --- /dev/null +++ b/debian/templates @@ -0,0 +1,23 @@ +Template: crowdsec/lapi +Type: boolean +Default: true +Description: Do you want to run the local API server ? + A local API is required to run crowdsec, but another installation can be used. + . + If you don't know what to do, consider answer yes. + +Template: crowdsec/lapi_host +Type: string +Default: 127.0.0.1:8080 +Description: Address of the local API server + A local API is required to run crowdsec, but another installation can be used. + . + Please add the address of the local API server + +Template: crowdsec/capi +Type: boolean +Default: true +Description: Do you want to the centralized remote API server ? + To share information with other crowdsec you can register to the centralized remote API server. + . + If you don't know what to do, consider answer yes. \ No newline at end of file diff --git a/rpm/SOURCES/80-crowdsec.preset b/rpm/SOURCES/80-crowdsec.preset new file mode 100644 index 000000000..13f910d99 --- /dev/null +++ b/rpm/SOURCES/80-crowdsec.preset @@ -0,0 +1,3 @@ +# This file is part of crowdsec + +enable crowdsec.service \ No newline at end of file diff --git a/rpm/SOURCES/config.patch b/rpm/SOURCES/config.patch new file mode 100644 index 000000000..2277403ed --- /dev/null +++ b/rpm/SOURCES/config.patch @@ -0,0 +1,10 @@ +--- config/config.yaml-orig 2021-05-10 20:52:35.540560498 +0200 ++++ config/config.yaml 2021-05-10 20:54:36.909254007 +0200 +@@ -16,6 +16,7 @@ + parser_routines: 1 + cscli: + output: human ++ hub_branch: master + db_config: + log_level: info + type: sqlite diff --git a/rpm/SOURCES/crowdsec.unit.patch b/rpm/SOURCES/crowdsec.unit.patch new file mode 100644 index 000000000..74635ac48 --- /dev/null +++ b/rpm/SOURCES/crowdsec.unit.patch @@ -0,0 +1,14 @@ +--- config/crowdsec.service-orig 2021-06-29 09:35:15.945984145 +0200 ++++ config/crowdsec.service 2021-06-29 09:35:45.338024681 +0200 +@@ -5,9 +5,9 @@ + [Service] + Type=notify + Environment=LC_ALL=C LANG=C +-PIDFile=/var/run/crowdsec.pid +-ExecStartPre=/usr/local/bin/crowdsec -c /etc/crowdsec/config.yaml -t +-ExecStart=/usr/local/bin/crowdsec -c /etc/crowdsec/config.yaml ++PIDFile=/run/crowdsec.pid ++ExecStartPre=/usr//bin/crowdsec -c /etc/crowdsec/config.yaml -t ++ExecStart=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml + #ExecStartPost=/bin/sleep 0.1 + ExecReload=/bin/kill -HUP $MAINPID diff --git a/rpm/SOURCES/fix-wizard.patch b/rpm/SOURCES/fix-wizard.patch new file mode 100644 index 000000000..616e6c67f --- /dev/null +++ b/rpm/SOURCES/fix-wizard.patch @@ -0,0 +1,91 @@ +generate acquis.yaml directly in place +Index: crowdsec/wizard.sh +=================================================================== +--- crowdsec.orig/wizard.sh ++++ crowdsec/wizard.sh +@@ -41,7 +41,6 @@ + fi + + ACQUIS_PATH="${CROWDSEC_CONFIG_PATH}" +-TMP_ACQUIS_FILE="tmp-acquis.yaml" + ACQUIS_TARGET="${ACQUIS_PATH}/acquis.yaml" + + PID_DIR="${CROWDSEC_RUN_DIR}" +@@ -265,30 +264,30 @@ + shift + local files=("${@}") + +- echo "#Generated acquisition file - wizard.sh (service: ${service}) / files : ${files[@]}" >> ${TMP_ACQUIS_FILE} ++ echo "#Generated acquisition file - wizard.sh (service: ${service}) / files : ${files[@]}" >> ${ACQUIS_TARGET} + +- echo "filenames:" >> ${TMP_ACQUIS_FILE} ++ echo "filenames:" >> ${ACQUIS_TARGET} + for fd in ${files[@]}; do +- echo " - ${fd}" >> ${TMP_ACQUIS_FILE} ++ echo " - ${fd}" >> ${ACQUIS_TARGET} + done +- echo "labels:" >> ${TMP_ACQUIS_FILE} +- echo " "${log_input_tags[${service}]} >> ${TMP_ACQUIS_FILE} +- echo "---" >> ${TMP_ACQUIS_FILE} +- log_dbg "tmp acquisition file generated to: ${TMP_ACQUIS_FILE}" ++ echo "labels:" >> ${ACQUIS_TARGET} ++ echo " "${log_input_tags[${service}]} >> ${ACQUIS_TARGET} ++ echo "---" >> ${ACQUIS_TARGET} ++ log_dbg "acquisition file generated to: ${ACQUIS_TARGET}" + } + + genyamljournal() { + local service="${1}" + shift + +- echo "#Generated acquisition file - wizard.sh (service: ${service}) / files : ${files[@]}" >> ${TMP_ACQUIS_FILE} ++ echo "#Generated acquisition file - wizard.sh (service: ${service}) / files : ${files[@]}" >> ${ACQUIS_TARGET} + +- echo "journalctl_filter:" >> ${TMP_ACQUIS_FILE} +- echo " - _SYSTEMD_UNIT="${service}".service" >> ${TMP_ACQUIS_FILE} +- echo "labels:" >> ${TMP_ACQUIS_FILE} +- echo " "${log_input_tags[${service}]} >> ${TMP_ACQUIS_FILE} +- echo "---" >> ${TMP_ACQUIS_FILE} +- log_dbg "tmp acquisition file generated to: ${TMP_ACQUIS_FILE}" ++ echo "journalctl_filter:" >> ${ACQUIS_TARGET} ++ echo " - _SYSTEMD_UNIT="${service}".service" >> ${ACQUIS_TARGET} ++ echo "labels:" >> ${ACQUIS_TARGET} ++ echo " "${log_input_tags[${service}]} >> ${ACQUIS_TARGET} ++ echo "---" >> ${ACQUIS_TARGET} ++ log_dbg "acquisition file generated to: ${ACQUIS_TARGET}" + } + + genacquisition() { +@@ -569,7 +568,6 @@ + ${CSCLI_BIN_INSTALLED} hub update + install_collection + genacquisition +- mv "${TMP_ACQUIS_FILE}" "${ACQUIS_TARGET}" + + return + fi +@@ -628,7 +626,6 @@ + + # Generate acquisition file and move it to the right folder + genacquisition +- mv "${TMP_ACQUIS_FILE}" "${ACQUIS_TARGET}" + log_info "acquisition file path: ${ACQUIS_TARGET}" + # Install collections according to detected services + log_dbg "Installing needed collections ..." +@@ -656,7 +653,6 @@ + + if [[ "$1" == "detect" ]]; + then +- rm -f "${TMP_ACQUIS_FILE}" + detect_services + if [[ ${DETECTED_SERVICES} == "" ]] ; then + log_err "No detected or selected services, stopping." +@@ -664,8 +660,7 @@ + fi; + log_info "Found ${#DETECTED_SERVICES[@]} supported services running:" + genacquisition +- cat "${TMP_ACQUIS_FILE}" +- rm "${TMP_ACQUIS_FILE}" ++ cat "${ACQUIS_TARGET}" + return + fi diff --git a/rpm/SPECS/crowdsec.spec b/rpm/SPECS/crowdsec.spec new file mode 100644 index 000000000..ea92f2682 --- /dev/null +++ b/rpm/SPECS/crowdsec.spec @@ -0,0 +1,180 @@ + +Name: crowdsec +Version: %(echo $VERSION) +Release: %(echo $PACKAGE_NUMBER)%{?dist} +Summary: Crowdsec - An open-source, lightweight agent to detect and respond to bad behaviours. It also automatically benefits from our global community-wide IP reputation database + +License: MIT +URL: https://crowdsec.net +Source0: https://github.com/crowdsecurity/%{name}/archive/v%(echo $VERSION).tar.gz +Source1: 80-%{name}.preset +Patch0: crowdsec.unit.patch +Patch1: fix-wizard.patch +Patch2: config.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: git +BuildRequires: golang >= 1.14 +BuildRequires: make +BuildRequires: jq +BuildRequires: systemd +%{?fc33:BuildRequires: systemd-rpm-macros} +%{?fc34:BuildRequires: systemd-rpm-macros} + +%define debug_package %{nil} + +%description + +%define version_number %(echo $VERSION) +%define releasever %(echo $RELEASEVER) +%global local_version v%{version_number}-%{releasever}-rpm +%global name crowdsec +%global __mangle_shebangs_exclude_from /usr/bin/env + +%prep +%setup -q -T -b 0 + +%patch0 +%patch1 +%patch2 + +%build +BUILD_VERSION=%{local_version} make + +%install +rm -rf %{buildroot} +mkdir -p %{buildroot}/etc/crowdsec/hub +mkdir -p %{buildroot}/etc/crowdsec/patterns +mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/data +mkdir -p %{buildroot}%{_presetdir} +install -m 755 -D cmd/crowdsec/crowdsec %{buildroot}%{_bindir}/%{name} +install -m 755 -D cmd/crowdsec-cli/cscli %{buildroot}%{_bindir}/cscli +install -m 755 -D wizard.sh %{buildroot}/usr/share/crowdsec/wizard.sh +install -m 644 -D config/crowdsec.service %{buildroot}%{_unitdir}/%{name}.service +install -m 644 -D config/patterns/* -t %{buildroot}%{_sysconfdir}/crowdsec/patterns +install -m 644 -D config/config.yaml %{buildroot}%{_sysconfdir}/crowdsec +install -m 644 -D config/simulation.yaml %{buildroot}%{_sysconfdir}/crowdsec +install -m 644 -D config/profiles.yaml %{buildroot}%{_sysconfdir}/crowdsec +install -m 644 -D %{SOURCE1} %{buildroot}%{_presetdir} + +%clean +rm -rf %{buildroot} + +%files +%defattr(-,root,root,-) +/usr/bin/%{name} +/usr/bin/cscli +/usr/share/%{name}/wizard.sh +%{_sysconfdir}/%{name}/patterns/linux-syslog +%{_sysconfdir}/%{name}/patterns/ruby +%{_sysconfdir}/%{name}/patterns/nginx +%{_sysconfdir}/%{name}/patterns/junos +%{_sysconfdir}/%{name}/patterns/cowrie_honeypot +%{_sysconfdir}/%{name}/patterns/redis +%{_sysconfdir}/%{name}/patterns/firewalls +%{_sysconfdir}/%{name}/patterns/paths +%{_sysconfdir}/%{name}/patterns/java +%{_sysconfdir}/%{name}/patterns/postgresql +%{_sysconfdir}/%{name}/patterns/bacula +%{_sysconfdir}/%{name}/patterns/mcollective +%{_sysconfdir}/%{name}/patterns/rails +%{_sysconfdir}/%{name}/patterns/haproxy +%{_sysconfdir}/%{name}/patterns/nagios +%{_sysconfdir}/%{name}/patterns/mysql +%{_sysconfdir}/%{name}/patterns/ssh +%{_sysconfdir}/%{name}/patterns/tcpdump +%{_sysconfdir}/%{name}/patterns/exim +%{_sysconfdir}/%{name}/patterns/bro +%{_sysconfdir}/%{name}/patterns/modsecurity +%{_sysconfdir}/%{name}/patterns/aws +%{_sysconfdir}/%{name}/patterns/smb +%{_sysconfdir}/%{name}/patterns/mongodb +%config(noreplace) %{_sysconfdir}/%{name}/config.yaml +%config(noreplace) %{_sysconfdir}/%{name}/simulation.yaml +%config(noreplace) %{_sysconfdir}/%{name}/profiles.yaml +%config(noreplace) %{_presetdir}/80-%{name}.preset + +%{_unitdir}/%{name}.service + +%ghost %{_sysconfdir}/%{name}/hub/.index.json +%ghost %{_localstatedir}/log/%{name}.log +%dir /var/lib/%{name}/data/ + +%ghost %{_sysconfdir}/crowdsec/local_api_credentials.yaml +%ghost %{_sysconfdir}/crowdsec/online_api_credentials.yaml +%ghost %{_sysconfdir}/crowdsec/acquis.yaml + +%pre + +#systemctl stop crowdsec || true + +if [ $1 == 2 ];then + if [[ ! -d /var/lib/crowdsec/backup ]]; then + cscli config backup /var/lib/crowdsec/backup + fi +fi + + +%post -p /bin/bash + +if [ $1 == 1 ]; then + + if [ ! -f "/var/lib/crowdsec/data/crowdsec.db" ] ; then + touch /var/lib/crowdsec/data/crowdsec.db + fi + + echo $SHELL + . /usr/share/crowdsec/wizard.sh -n + + echo Creating acquisition configuration + if [ ! -f "/etc/crowsec/acquis.yaml" ] ; then + set +e + SILENT=true detect_services + SILENT=true genacquisition + set +e + fi + if [ ! -f "%{_sysconfdir}/crowdsec/online_api_credentials.yaml" ] && [ ! -f "%{_sysconfdir}/crowdsec/local_api_credentials.yaml" ] ; then + touch %{_sysconfdir}/crowdsec/online_api_credentials.yaml + touch %{_sysconfdir}/crowdsec/local_api_credentials.yaml + cscli capi register + cscli machines add -a + fi + if [ ! -f "%{_sysconfdir}/crowdsec/online_api_credentials.yaml" ] ; then + touch %{_sysconfdir}/crowdsec/online_api_credentials.yaml + cscli capi register + fi + if [ ! -f "%{_sysconfdir}/crowdsec/local_api_credentials.yaml" ] ; then + touch %{_sysconfdir}/crowdsec/local_api_credentials.yaml + cscli machines add -a + fi + + cscli hub update + CSCLI_BIN_INSTALLED="/usr/bin/cscli" SILENT=true install_collection + + systemctl start crowdsec || echo "crowdsec is not started" + +elif [ $1 == 2 ] && [ -d /var/lib/crowdsec/backup ]; then + cscli config restore /var/lib/crowdsec/backup + if [ $? == 0 ]; then + rm -rf /var/lib/crowdsec/backup + fi + +fi + +%systemd_post %{name}.service + +%preun + +#systemctl stop crowdsec || echo "crowdsec was not started" + +%systemd_preun %{name}.service + +%postun + +%systemd_postun_with_restart %{name}.service + +#systemctl stop crowdsec || echo "crowdsec was not started" + +%changelog +* Tue Feb 16 2021 Manuel Sabban +- First initial packaging