beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #1 from crowdsecurity/rename_config

Browse source 
Rename config, avoid `/etc/crowdsec/crowdsec/`
This commit is contained in:
Thibault "bui" Koechlin 2020-05-15 12:30:55 +02:00 committed by GitHub
parent f4c72cd3ca 16c283246e
commit 7cfa560ca8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 8 additions and 218 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
Dockerfile
View file

@ -1,73 +0,0 @@
############################
# STEP 1 build executable binary
############################
FROM golang:alpine AS builder
RUN apk update && apk add make gettext gcc g++
WORKDIR $GOPATH/src/JohnDoeCrowdSec/granola
# COPY the source
COPY ./ .
RUN make build
RUN make install
RUN cp ./docker/docker.yaml /etc/crowdsec/docker.yaml
RUN cp ./docker/acquis.yaml /etc/crowdsec/crowdsec/
############################
# STEP 2
############################
FROM alpine:latest
COPY --from=builder /usr/local/bin/crowdsec /usr/local/bin/crowdsec
COPY --from=builder /usr/local/bin/cscli /usr/local/bin/cscli
COPY --from=builder /etc/crowdsec /etc/crowdsec
COPY --from=builder /var/run/crowdsec /var/run/crowdsec
RUN apk add --update bash rsyslog && rm -rf /var/cache/apk/*
###########################
##### Prepare rsyslog #####
###########################
RUN mkdir -p /etc/rsyslog.d/
RUN mkdir -p /var/spool/rsyslog/
RUN mkdir -p /var/log/rsyslog
RUN touch /var/log/syslog
EXPOSE 514 514
COPY ./docker/rsyslog.conf /etc/rsyslog.conf
###########################################
###### Configure crowdsec ###########
###########################################
RUN cscli config token "6ba94afde0fbf41310f7191934bc1d920245c9f1"
RUN cscli config installdir "/etc/crowdsec/crowdsec/"
RUN cscli config dbpath "/var/run/crowdsec/crowdsec.db"
RUN cscli update
RUN cscli install collection crowdsec/base-http-scenarios
RUN cscli install collection crowdsec/linux
RUN cscli install collection crowdsec/nginx
RUN cscli install collection crowdsec/sshd
######################################
## Wrapper to launch multi services ##
######################################
COPY ./docker/wrapper.sh .
RUN chmod +x ./wrapper.sh
ENTRYPOINT ["./wrapper.sh"]

6
cmd/crowdsec-cli/config.go
View file

@ -29,11 +29,11 @@ type cliConfig struct {
func interactiveCfg() error {
var err error
reader := bufio.NewReader(os.Stdin)
fmt.Print("crowdsec installation directory (default: /etc/crowdsec/crowdsec/): ")
fmt.Print("crowdsec installation directory (default: /etc/crowdsec/config/): ")
config.InstallFolder, err = reader.ReadString('\n')
config.InstallFolder = strings.Replace(config.InstallFolder, "\n", "", -1) //CRLF to LF (windows)
if config.InstallFolder == "" {
config.InstallFolder = "/etc/crowdsec/crowdsec/"
config.InstallFolder = "/etc/crowdsec/config/"
}
if err != nil {
log.Fatalf("failed to read input : %v", err.Error())
@ -131,7 +131,7 @@ If no commands are specified, config is in interactive mode.`,
var cmdConfigInstalldir = &cobra.Command{
Use: "installdir [value]",
Short: `Configure installation directory`,
Long: `Configure the installation directory of crowdsec, such as /etc/crowdsec/crowdsec/`,
Long: `Configure the installation directory of crowdsec, such as /etc/crowdsec/config/`,
Args: cobra.ExactArgs(1),
Run: func(cmd *cobra.Command, args []string) {
config.InstallFolder = args[0]

2
cmd/crowdsec-cli/doc/cwcli_config_installdir.md
View file

@ -4,7 +4,7 @@ Configure installation directory
### Synopsis
Configure the installation directory of crowdsec, such as /etc/crowdsec/crowdsec/
Configure the installation directory of crowdsec, such as /etc/crowdsec/config/
```
cscli config installdir [value] [flags]

2
cmd/crowdsec/Makefile
View file

@ -7,7 +7,7 @@ GOGET=$(GOCMD) get
CROWDSEC_BIN=crowdsec
PREFIX?="/"
CFG_PREFIX = $(PREFIX)"/etc/crowdsec/crowdsec/"
CFG_PREFIX = $(PREFIX)"/etc/crowdsec/config/"
BIN_PREFIX = $(PREFIX)"/usr/local/bin/"
DATA_PREFIX = $(PREFIX)"/var/run/crowdsec/"
PID_DIR = $(PREFIX)"/var/run/"

32
docker/README.md
View file

@ -1,32 +0,0 @@
# Crowdwatch with docker
## Getting Started
Go in the main folder of crowdsec (if you are in the folder `docker/` please `cd ..`)
- Build the docker image
```
docker build -t crowdsec .
```
- Run the docker
```
docker run -d -p 514:514 --name crowdsec -v /var/run/crowdsec/crowdsec.db:/var/run/crowdsec/crowdsec.db crowdsec
```
:warning: Be sure that your ban plugin will get decision from the db located in `/var/run/crowdsec/crowdsec.db` on your host.
## TODO:
- Be sure that bans are applied on the host
- Check that the sqlite db is created by crowdsec in the docker and read by the ban plugin on the host
- Forward traffic to the docker syslog (127.0.0.1:514) and check that logs are correctly parsed

4
docker/acquis.yaml
View file

@ -1,4 +0,0 @@
filenames:
- /var/log/syslog
labels:
type: syslog

15
docker/docker.yaml
View file

@ -1,15 +0,0 @@
working_dir: /tmp/
data_dir: /var/run/crowdsec/
config_dir: /etc/crowdsec
pid_dir: /var/run/
log_dir: /var/log/
log_mode: stdout
log_level: debug
profiling: false
sqlite_path: /var/run/crowdsec/crowdsec.db
apimode: false
daemon: false
prometheus: true
#for prometheus agent / golang debugging
http_listen: 127.0.0.1:6060

44
docker/rsyslog.conf
View file

@ -1,44 +0,0 @@
#################
#### MODULES ####
#################
# Uncomment out the following lines and comment out everything else to get debugging for variables
# *.* /var/log/debugfmt;RSYSLOG_DebugFormat
module(load="imudp")
module(load="imtcp")
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
global(net.enableDNS="off")
###########################
# Input Parameters
###########################
input(type="imtcp" port="514")
input(type="imudp" port="514")
###########################
#### Central log stuff ####
###########################
$template RemoteLogs, "/var/log/syslog"
*.* ?RemoteLogs
& ~

42
docker/wrapper.sh
View file

@ -1,42 +0,0 @@
#!/bin/sh
CROWDSEC="crowdsec"
SYSLOG_NG="rsyslogd"
# Start the second process
rsyslogd -n -f /etc/rsyslog.conf &
status=$?
if [ $status -ne 0 ]; then
echo "Failed to start ${SYSLOG_NG}: $status"
exit $status
fi
# Start the first process
/usr/local/bin/crowdsec -c /etc/crowdsec/docker.yaml &
status=$?
if [ $status -ne 0 ]; then
echo "Failed to start ${CROWDSEC}: $status"
exit $status
fi
# Naive check runs checks once a minute to see if either of the processes exited.
# This illustrates part of the heavy lifting you need to do if you want to run
# more than one service in a container. The container exits with an error
# if it detects that either of the processes has exited.
# Otherwise it loops forever, waking up every 60 seconds
while sleep 60; do
ps aux |grep ${CROWDSEC} |grep -q -v grep
PROCESS_1_STATUS=$?
ps aux |grep ${SYSLOG_NG} |grep -q -v grep
PROCESS_2_STATUS=0
# If the greps above find anything, they exit with 0 status
# If they are not both 0, then something is wrong
if [ $PROCESS_1_STATUS -ne 0 -o $PROCESS_2_STATUS -ne 0 ]; then
echo "One of the processes has already exited."
exit 1
fi
done

2
pkg/leakybucket/tests/simple-leaky-uniq-w-buckets_state/in-buckets_state.json
View file

@ -105,7 +105,7 @@
"Profiling": false,
"OverflowFilter": "",
"BucketName": "lingering-river",
"Filename": "/home/bui/github/crowdsec/crowdsec/pkg/leakybucket/tests/simple-leaky-uniq-w-buckets_state/bucket.yaml"
"Filename": "/home/bui/github/crowdsec/config/pkg/leakybucket/tests/simple-leaky-uniq-w-buckets_state/bucket.yaml"
},
"Duration": 40000000000,
"Profiling": false

4
wizard.sh
View file

@ -19,7 +19,7 @@ CROWDSEC_PLUGIN_DIR="${CROWDSEC_LIB_DIR}/plugins"
CROWDSEC_PLUGIN_BACKEND_DIR="${CROWDSEC_PLUGIN_DIR}/backend"
CROWDSEC_DB_PATH="${CROWDSEC_DATA_DIR}/crowdsec.db"
CROWDSEC_CONFIG_PATH="/etc/crowdsec"
CROWDSEC_CONFIG_PATH="${CROWDSEC_CONFIG_PATH}/crowdsec"
CROWDSEC_CONFIG_PATH="${CROWDSEC_CONFIG_PATH}/config"
CROWDSEC_LOG_FILE="/var/log/crowdsec.log"
CROWDSEC_BACKEND_FOLDER="/etc/crowdsec/plugins/backend"
@ -462,7 +462,7 @@ main() {
# api register
${CSCLI_BIN_INSTALLED} api register >> /etc/crowdsec/crowdsec/api.yaml || ${CSCLI_BIN_INSTALLED} api reset >> /etc/crowdsec/crowdsec/api.yaml || log_err "unable to register, skipping crowdsec api registration"
${CSCLI_BIN_INSTALLED} api register >> /etc/crowdsec/config/api.yaml || ${CSCLI_BIN_INSTALLED} api reset >> /etc/crowdsec/config/api.yaml || log_err "unable to register, skipping crowdsec api registration"
log_info "Crowdsec api registered"