Merge pull request #1 from crowdsecurity/rename_config
Rename config, avoid `/etc/crowdsec/crowdsec/`
This commit is contained in:
commit
7cfa560ca8
73
Dockerfile
73
Dockerfile
|
@ -1,73 +0,0 @@
|
||||||
############################
|
|
||||||
# STEP 1 build executable binary
|
|
||||||
############################
|
|
||||||
|
|
||||||
FROM golang:alpine AS builder
|
|
||||||
|
|
||||||
RUN apk update && apk add make gettext gcc g++
|
|
||||||
|
|
||||||
|
|
||||||
WORKDIR $GOPATH/src/JohnDoeCrowdSec/granola
|
|
||||||
|
|
||||||
# COPY the source
|
|
||||||
COPY ./ .
|
|
||||||
|
|
||||||
RUN make build
|
|
||||||
|
|
||||||
RUN make install
|
|
||||||
|
|
||||||
RUN cp ./docker/docker.yaml /etc/crowdsec/docker.yaml
|
|
||||||
RUN cp ./docker/acquis.yaml /etc/crowdsec/crowdsec/
|
|
||||||
|
|
||||||
############################
|
|
||||||
# STEP 2
|
|
||||||
############################
|
|
||||||
|
|
||||||
FROM alpine:latest
|
|
||||||
|
|
||||||
COPY --from=builder /usr/local/bin/crowdsec /usr/local/bin/crowdsec
|
|
||||||
COPY --from=builder /usr/local/bin/cscli /usr/local/bin/cscli
|
|
||||||
|
|
||||||
|
|
||||||
COPY --from=builder /etc/crowdsec /etc/crowdsec
|
|
||||||
COPY --from=builder /var/run/crowdsec /var/run/crowdsec
|
|
||||||
|
|
||||||
RUN apk add --update bash rsyslog && rm -rf /var/cache/apk/*
|
|
||||||
|
|
||||||
###########################
|
|
||||||
##### Prepare rsyslog #####
|
|
||||||
###########################
|
|
||||||
|
|
||||||
RUN mkdir -p /etc/rsyslog.d/
|
|
||||||
RUN mkdir -p /var/spool/rsyslog/
|
|
||||||
RUN mkdir -p /var/log/rsyslog
|
|
||||||
RUN touch /var/log/syslog
|
|
||||||
|
|
||||||
EXPOSE 514 514
|
|
||||||
|
|
||||||
COPY ./docker/rsyslog.conf /etc/rsyslog.conf
|
|
||||||
|
|
||||||
###########################################
|
|
||||||
###### Configure crowdsec ###########
|
|
||||||
###########################################
|
|
||||||
|
|
||||||
RUN cscli config token "6ba94afde0fbf41310f7191934bc1d920245c9f1"
|
|
||||||
RUN cscli config installdir "/etc/crowdsec/crowdsec/"
|
|
||||||
RUN cscli config dbpath "/var/run/crowdsec/crowdsec.db"
|
|
||||||
|
|
||||||
RUN cscli update
|
|
||||||
|
|
||||||
RUN cscli install collection crowdsec/base-http-scenarios
|
|
||||||
RUN cscli install collection crowdsec/linux
|
|
||||||
RUN cscli install collection crowdsec/nginx
|
|
||||||
RUN cscli install collection crowdsec/sshd
|
|
||||||
|
|
||||||
######################################
|
|
||||||
## Wrapper to launch multi services ##
|
|
||||||
######################################
|
|
||||||
|
|
||||||
COPY ./docker/wrapper.sh .
|
|
||||||
RUN chmod +x ./wrapper.sh
|
|
||||||
|
|
||||||
ENTRYPOINT ["./wrapper.sh"]
|
|
||||||
|
|
|
@ -29,11 +29,11 @@ type cliConfig struct {
|
||||||
func interactiveCfg() error {
|
func interactiveCfg() error {
|
||||||
var err error
|
var err error
|
||||||
reader := bufio.NewReader(os.Stdin)
|
reader := bufio.NewReader(os.Stdin)
|
||||||
fmt.Print("crowdsec installation directory (default: /etc/crowdsec/crowdsec/): ")
|
fmt.Print("crowdsec installation directory (default: /etc/crowdsec/config/): ")
|
||||||
config.InstallFolder, err = reader.ReadString('\n')
|
config.InstallFolder, err = reader.ReadString('\n')
|
||||||
config.InstallFolder = strings.Replace(config.InstallFolder, "\n", "", -1) //CRLF to LF (windows)
|
config.InstallFolder = strings.Replace(config.InstallFolder, "\n", "", -1) //CRLF to LF (windows)
|
||||||
if config.InstallFolder == "" {
|
if config.InstallFolder == "" {
|
||||||
config.InstallFolder = "/etc/crowdsec/crowdsec/"
|
config.InstallFolder = "/etc/crowdsec/config/"
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("failed to read input : %v", err.Error())
|
log.Fatalf("failed to read input : %v", err.Error())
|
||||||
|
@ -131,7 +131,7 @@ If no commands are specified, config is in interactive mode.`,
|
||||||
var cmdConfigInstalldir = &cobra.Command{
|
var cmdConfigInstalldir = &cobra.Command{
|
||||||
Use: "installdir [value]",
|
Use: "installdir [value]",
|
||||||
Short: `Configure installation directory`,
|
Short: `Configure installation directory`,
|
||||||
Long: `Configure the installation directory of crowdsec, such as /etc/crowdsec/crowdsec/`,
|
Long: `Configure the installation directory of crowdsec, such as /etc/crowdsec/config/`,
|
||||||
Args: cobra.ExactArgs(1),
|
Args: cobra.ExactArgs(1),
|
||||||
Run: func(cmd *cobra.Command, args []string) {
|
Run: func(cmd *cobra.Command, args []string) {
|
||||||
config.InstallFolder = args[0]
|
config.InstallFolder = args[0]
|
||||||
|
|
|
@ -4,7 +4,7 @@ Configure installation directory
|
||||||
|
|
||||||
### Synopsis
|
### Synopsis
|
||||||
|
|
||||||
Configure the installation directory of crowdsec, such as /etc/crowdsec/crowdsec/
|
Configure the installation directory of crowdsec, such as /etc/crowdsec/config/
|
||||||
|
|
||||||
```
|
```
|
||||||
cscli config installdir [value] [flags]
|
cscli config installdir [value] [flags]
|
||||||
|
|
|
@ -7,7 +7,7 @@ GOGET=$(GOCMD) get
|
||||||
|
|
||||||
CROWDSEC_BIN=crowdsec
|
CROWDSEC_BIN=crowdsec
|
||||||
PREFIX?="/"
|
PREFIX?="/"
|
||||||
CFG_PREFIX = $(PREFIX)"/etc/crowdsec/crowdsec/"
|
CFG_PREFIX = $(PREFIX)"/etc/crowdsec/config/"
|
||||||
BIN_PREFIX = $(PREFIX)"/usr/local/bin/"
|
BIN_PREFIX = $(PREFIX)"/usr/local/bin/"
|
||||||
DATA_PREFIX = $(PREFIX)"/var/run/crowdsec/"
|
DATA_PREFIX = $(PREFIX)"/var/run/crowdsec/"
|
||||||
PID_DIR = $(PREFIX)"/var/run/"
|
PID_DIR = $(PREFIX)"/var/run/"
|
||||||
|
|
|
@ -1,32 +0,0 @@
|
||||||
# Crowdwatch with docker
|
|
||||||
|
|
||||||
|
|
||||||
## Getting Started
|
|
||||||
|
|
||||||
Go in the main folder of crowdsec (if you are in the folder `docker/` please `cd ..`)
|
|
||||||
|
|
||||||
|
|
||||||
- Build the docker image
|
|
||||||
|
|
||||||
```
|
|
||||||
docker build -t crowdsec .
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
- Run the docker
|
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
docker run -d -p 514:514 --name crowdsec -v /var/run/crowdsec/crowdsec.db:/var/run/crowdsec/crowdsec.db crowdsec
|
|
||||||
```
|
|
||||||
|
|
||||||
:warning: Be sure that your ban plugin will get decision from the db located in `/var/run/crowdsec/crowdsec.db` on your host.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## TODO:
|
|
||||||
|
|
||||||
- Be sure that bans are applied on the host
|
|
||||||
- Check that the sqlite db is created by crowdsec in the docker and read by the ban plugin on the host
|
|
||||||
- Forward traffic to the docker syslog (127.0.0.1:514) and check that logs are correctly parsed
|
|
|
@ -1,4 +0,0 @@
|
||||||
filenames:
|
|
||||||
- /var/log/syslog
|
|
||||||
labels:
|
|
||||||
type: syslog
|
|
|
@ -1,15 +0,0 @@
|
||||||
working_dir: /tmp/
|
|
||||||
data_dir: /var/run/crowdsec/
|
|
||||||
config_dir: /etc/crowdsec
|
|
||||||
pid_dir: /var/run/
|
|
||||||
log_dir: /var/log/
|
|
||||||
log_mode: stdout
|
|
||||||
log_level: debug
|
|
||||||
profiling: false
|
|
||||||
sqlite_path: /var/run/crowdsec/crowdsec.db
|
|
||||||
apimode: false
|
|
||||||
daemon: false
|
|
||||||
prometheus: true
|
|
||||||
#for prometheus agent / golang debugging
|
|
||||||
http_listen: 127.0.0.1:6060
|
|
||||||
|
|
|
@ -1,44 +0,0 @@
|
||||||
#################
|
|
||||||
#### MODULES ####
|
|
||||||
#################
|
|
||||||
# Uncomment out the following lines and comment out everything else to get debugging for variables
|
|
||||||
# *.* /var/log/debugfmt;RSYSLOG_DebugFormat
|
|
||||||
|
|
||||||
module(load="imudp")
|
|
||||||
module(load="imtcp")
|
|
||||||
|
|
||||||
###########################
|
|
||||||
#### GLOBAL DIRECTIVES ####
|
|
||||||
###########################
|
|
||||||
|
|
||||||
#
|
|
||||||
# Use traditional timestamp format.
|
|
||||||
# To enable high precision timestamps, comment out the following line.
|
|
||||||
#
|
|
||||||
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
|
|
||||||
|
|
||||||
#
|
|
||||||
# Where to place spool and state files
|
|
||||||
#
|
|
||||||
$WorkDirectory /var/spool/rsyslog
|
|
||||||
|
|
||||||
#
|
|
||||||
# Include all config files in /etc/rsyslog.d/
|
|
||||||
#
|
|
||||||
$IncludeConfig /etc/rsyslog.d/*.conf
|
|
||||||
global(net.enableDNS="off")
|
|
||||||
|
|
||||||
###########################
|
|
||||||
# Input Parameters
|
|
||||||
###########################
|
|
||||||
|
|
||||||
input(type="imtcp" port="514")
|
|
||||||
input(type="imudp" port="514")
|
|
||||||
|
|
||||||
###########################
|
|
||||||
#### Central log stuff ####
|
|
||||||
###########################
|
|
||||||
|
|
||||||
$template RemoteLogs, "/var/log/syslog"
|
|
||||||
*.* ?RemoteLogs
|
|
||||||
& ~
|
|
|
@ -1,42 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
CROWDSEC="crowdsec"
|
|
||||||
SYSLOG_NG="rsyslogd"
|
|
||||||
|
|
||||||
|
|
||||||
# Start the second process
|
|
||||||
rsyslogd -n -f /etc/rsyslog.conf &
|
|
||||||
status=$?
|
|
||||||
if [ $status -ne 0 ]; then
|
|
||||||
echo "Failed to start ${SYSLOG_NG}: $status"
|
|
||||||
exit $status
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# Start the first process
|
|
||||||
/usr/local/bin/crowdsec -c /etc/crowdsec/docker.yaml &
|
|
||||||
status=$?
|
|
||||||
if [ $status -ne 0 ]; then
|
|
||||||
echo "Failed to start ${CROWDSEC}: $status"
|
|
||||||
exit $status
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# Naive check runs checks once a minute to see if either of the processes exited.
|
|
||||||
# This illustrates part of the heavy lifting you need to do if you want to run
|
|
||||||
# more than one service in a container. The container exits with an error
|
|
||||||
# if it detects that either of the processes has exited.
|
|
||||||
# Otherwise it loops forever, waking up every 60 seconds
|
|
||||||
|
|
||||||
while sleep 60; do
|
|
||||||
ps aux |grep ${CROWDSEC} |grep -q -v grep
|
|
||||||
PROCESS_1_STATUS=$?
|
|
||||||
ps aux |grep ${SYSLOG_NG} |grep -q -v grep
|
|
||||||
PROCESS_2_STATUS=0
|
|
||||||
# If the greps above find anything, they exit with 0 status
|
|
||||||
# If they are not both 0, then something is wrong
|
|
||||||
if [ $PROCESS_1_STATUS -ne 0 -o $PROCESS_2_STATUS -ne 0 ]; then
|
|
||||||
echo "One of the processes has already exited."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
done
|
|
|
@ -105,7 +105,7 @@
|
||||||
"Profiling": false,
|
"Profiling": false,
|
||||||
"OverflowFilter": "",
|
"OverflowFilter": "",
|
||||||
"BucketName": "lingering-river",
|
"BucketName": "lingering-river",
|
||||||
"Filename": "/home/bui/github/crowdsec/crowdsec/pkg/leakybucket/tests/simple-leaky-uniq-w-buckets_state/bucket.yaml"
|
"Filename": "/home/bui/github/crowdsec/config/pkg/leakybucket/tests/simple-leaky-uniq-w-buckets_state/bucket.yaml"
|
||||||
},
|
},
|
||||||
"Duration": 40000000000,
|
"Duration": 40000000000,
|
||||||
"Profiling": false
|
"Profiling": false
|
||||||
|
|
|
@ -19,7 +19,7 @@ CROWDSEC_PLUGIN_DIR="${CROWDSEC_LIB_DIR}/plugins"
|
||||||
CROWDSEC_PLUGIN_BACKEND_DIR="${CROWDSEC_PLUGIN_DIR}/backend"
|
CROWDSEC_PLUGIN_BACKEND_DIR="${CROWDSEC_PLUGIN_DIR}/backend"
|
||||||
CROWDSEC_DB_PATH="${CROWDSEC_DATA_DIR}/crowdsec.db"
|
CROWDSEC_DB_PATH="${CROWDSEC_DATA_DIR}/crowdsec.db"
|
||||||
CROWDSEC_CONFIG_PATH="/etc/crowdsec"
|
CROWDSEC_CONFIG_PATH="/etc/crowdsec"
|
||||||
CROWDSEC_CONFIG_PATH="${CROWDSEC_CONFIG_PATH}/crowdsec"
|
CROWDSEC_CONFIG_PATH="${CROWDSEC_CONFIG_PATH}/config"
|
||||||
CROWDSEC_LOG_FILE="/var/log/crowdsec.log"
|
CROWDSEC_LOG_FILE="/var/log/crowdsec.log"
|
||||||
CROWDSEC_BACKEND_FOLDER="/etc/crowdsec/plugins/backend"
|
CROWDSEC_BACKEND_FOLDER="/etc/crowdsec/plugins/backend"
|
||||||
|
|
||||||
|
@ -462,7 +462,7 @@ main() {
|
||||||
|
|
||||||
|
|
||||||
# api register
|
# api register
|
||||||
${CSCLI_BIN_INSTALLED} api register >> /etc/crowdsec/crowdsec/api.yaml || ${CSCLI_BIN_INSTALLED} api reset >> /etc/crowdsec/crowdsec/api.yaml || log_err "unable to register, skipping crowdsec api registration"
|
${CSCLI_BIN_INSTALLED} api register >> /etc/crowdsec/config/api.yaml || ${CSCLI_BIN_INSTALLED} api reset >> /etc/crowdsec/config/api.yaml || log_err "unable to register, skipping crowdsec api registration"
|
||||||
log_info "Crowdsec api registered"
|
log_info "Crowdsec api registered"
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue