diff --git a/tests/config-templates/acquis.yaml b/tests/config-templates/acquis.yaml deleted file mode 100644 index cc3631f3e..000000000 --- a/tests/config-templates/acquis.yaml +++ /dev/null @@ -1,16 +0,0 @@ -filenames: - - /var/log/nginx/*.log - - ./tests/nginx/nginx.log -#this is not a syslog log, indicate which kind of logs it is -labels: - type: nginx ---- -filenames: - - /var/log/auth.log - - /var/log/syslog -labels: - type: syslog ---- -filename: /var/log/apache2/*.log -labels: - type: apache2 diff --git a/tests/config-templates/config.yaml b/tests/config-templates/config.yaml deleted file mode 100644 index 90d176ba5..000000000 --- a/tests/config-templates/config.yaml +++ /dev/null @@ -1,54 +0,0 @@ -common: - daemonize: false - # pid_dir: /var/run/ - log_media: file - log_level: info - log_dir: ${LOG_DIR} - working_dir: . -config_paths: - config_dir: ${CONFIG_DIR} - data_dir: ${DATA_DIR} - simulation_path: ${CONFIG_DIR}/simulation.yaml - hub_dir: ${CONFIG_DIR}/hub/ - index_path: ${CONFIG_DIR}/hub/.index.json - notification_dir: ${CONFIG_DIR}/notifications/ - plugin_dir: ${PLUGIN_DIR} -crowdsec_service: - acquisition_path: ${CONFIG_DIR}/acquis.yaml - parser_routines: 1 -cscli: - output: human -db_config: - log_level: info - type: sqlite - db_path: ${DATA_DIR}/crowdsec.db - #user: - #password: - #db_name: - #host: - #port: - flush: - max_items: 5000 - max_age: 7d -plugin_config: - user: nobody # plugin process would be ran on behalf of this user - group: nogroup # plugin process would be ran on behalf of this group -api: - client: - insecure_skip_verify: false - credentials_path: ${CONFIG_DIR}/local_api_credentials.yaml - server: - log_level: info - listen_uri: 127.0.0.1:8080 - profiles_path: ${CONFIG_DIR}/profiles.yaml - console_path: ${CONFIG_DIR}/console.yaml - online_client: # Central API credentials (to push signals and receive bad IPs) - credentials_path: ${CONFIG_DIR}/online_api_credentials.yaml -# tls: -# cert_file: ${CONFIG_DIR}/ssl/cert.pem -# key_file: ${CONFIG_DIR}/ssl/key.pem -prometheus: - enabled: true - level: full - listen_addr: 127.0.0.1 - listen_port: 6060 diff --git a/tests/config-templates/local_api_credentials.yaml b/tests/config-templates/local_api_credentials.yaml deleted file mode 100644 index 10a09ff6f..000000000 --- a/tests/config-templates/local_api_credentials.yaml +++ /dev/null @@ -1 +0,0 @@ -url: http://127.0.0.1:8080 \ No newline at end of file diff --git a/tests/config-templates/notifications/dummy.yaml b/tests/config-templates/notifications/dummy.yaml deleted file mode 100644 index 8288a9c8a..000000000 --- a/tests/config-templates/notifications/dummy.yaml +++ /dev/null @@ -1,22 +0,0 @@ -type: dummy # Don't change -name: dummy_default # Must match the registered plugin in the profile - -# One of "trace", "debug", "info", "warn", "error", "off" -log_level: info - -# group_wait: # Time to wait collecting alerts before relaying a message to this plugin, eg "30s" -# group_threshold: # Amount of alerts that triggers a message before has expired, eg "10" -# max_retry: # Number of attempts to relay messages to plugins in case of error -# timeout: # Time to wait for response from the plugin before considering the attempt a failure, eg "10s" - -#------------------------- -# plugin-specific options - -# The following template receives a list of models.Alert objects -# The output goes in the logs and to a text file, if defined -format: | - {{.|toJson}} - -# -# output_file: # notifications will be appended here. optional - diff --git a/tests/config-templates/notifications/email.yaml b/tests/config-templates/notifications/email.yaml deleted file mode 100644 index 212362015..000000000 --- a/tests/config-templates/notifications/email.yaml +++ /dev/null @@ -1,38 +0,0 @@ -type: email # Don't change -name: email_default # Must match the registered plugin in the profile - -# One of "trace", "debug", "info", "warn", "error", "off" -log_level: info - -# group_wait: # Time to wait collecting alerts before relaying a message to this plugin, eg "30s" -# group_threshold: # Amount of alerts that triggers a message before has expired, eg "10" -# max_retry: # Number of attempts to relay messages to plugins in case of error -timeout: 20s # Time to wait for response from the plugin before considering the attempt a failure, eg "10s" - -#------------------------- -# plugin-specific options - -# The following template receives a list of models.Alert objects -# The output goes in the email message body -format: | - {{range . -}} - {{$alert := . -}} - {{range .Decisions -}} - {{.Value}} will get {{.Type}} for next {{.Duration}} for triggering {{.Scenario}} on machine {{$alert.MachineID}}. Shodan - {{end -}} - {{end -}} - -smtp_host: # example: smtp.gmail.com -smtp_username: # Replace with your actual username -smtp_password: # Replace with your actual password -smtp_port: # Common values are any of [25, 465, 587, 2525] -auth_type: # Valid choices are "none", "crammd5", "login", "plain" -sender_email: # example: foo@gmail.com -email_subject: "CrowdSec Notification" -receiver_emails: -# - email1@gmail.com -# - email2@gmail.com - -# One of "ssltls", "none" -encryption_type: ssltls - diff --git a/tests/config-templates/notifications/http.yaml b/tests/config-templates/notifications/http.yaml deleted file mode 100644 index 8c93487b0..000000000 --- a/tests/config-templates/notifications/http.yaml +++ /dev/null @@ -1,30 +0,0 @@ -type: http # Don't change -name: http_default # Must match the registered plugin in the profile - -# One of "trace", "debug", "info", "warn", "error", "off" -log_level: info - -# group_wait: # Time to wait collecting alerts before relaying a message to this plugin, eg "30s" -# group_threshold: # Amount of alerts that triggers a message before has expired, eg "10" -# max_retry: # Number of attempts to relay messages to plugins in case of error -# timeout: # Time to wait for response from the plugin before considering the attempt a failure, eg "10s" - -#------------------------- -# plugin-specific options - -# The following template receives a list of models.Alert objects -# The output goes in the http request body -format: | - {{.|toJson}} - -# The plugin will make requests to this url, eg: https://www.example.com/ -url: - -# Any of the http verbs: "POST", "GET", "PUT"... -method: POST - -# headers: -# Authorization: token 0x64312313 - -# skip_tls_verification: # true or false. Default is false - diff --git a/tests/config-templates/notifications/slack.yaml b/tests/config-templates/notifications/slack.yaml deleted file mode 100644 index 69c5cece0..000000000 --- a/tests/config-templates/notifications/slack.yaml +++ /dev/null @@ -1,30 +0,0 @@ -type: slack # Don't change -name: slack_default # Must match the registered plugin in the profile - -# One of "trace", "debug", "info", "warn", "error", "off" -log_level: info - -# group_wait: # Time to wait collecting alerts before relaying a message to this plugin, eg "30s" -# group_threshold: # Amount of alerts that triggers a message before has expired, eg "10" -# max_retry: # Number of attempts to relay messages to plugins in case of error -# timeout: # Time to wait for response from the plugin before considering the attempt a failure, eg "10s" - -#------------------------- -# plugin-specific options - -# The following template receives a list of models.Alert objects -# The output goes in the slack message -format: | - {{range . -}} - {{$alert := . -}} - {{range .Decisions -}} - {{if $alert.Source.Cn -}} - :flag-{{$alert.Source.Cn}}: will get {{.Type}} for next {{.Duration}} for triggering {{.Scenario}} on machine '{{$alert.MachineID}}'. {{end}} - {{if not $alert.Source.Cn -}} - :pirate_flag: will get {{.Type}} for next {{.Duration}} for triggering {{.Scenario}} on machine '{{$alert.MachineID}}'. {{end}} - {{end -}} - {{end -}} - - -webhook: - diff --git a/tests/config-templates/notifications/splunk.yaml b/tests/config-templates/notifications/splunk.yaml deleted file mode 100644 index 9cc871843..000000000 --- a/tests/config-templates/notifications/splunk.yaml +++ /dev/null @@ -1,21 +0,0 @@ -type: splunk # Don't change -name: splunk_default # Must match the registered plugin in the profile - -# One of "trace", "debug", "info", "warn", "error", "off" -log_level: info - -# group_wait: # Time to wait collecting alerts before relaying a message to this plugin, eg "30s" -# group_threshold: # Amount of alerts that triggers a message before has expired, eg "10" -# max_retry: # Number of attempts to relay messages to plugins in case of error -# timeout: # Time to wait for response from the plugin before considering the attempt a failure, eg "10s" - -#------------------------- -# plugin-specific options - -# The following template receives a list of models.Alert objects -# The output goes in the splunk notification -format: | - {{.|toJson}} - -url: -token: diff --git a/tests/config-templates/online_api_credentials.yaml b/tests/config-templates/online_api_credentials.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/tests/config-templates/profiles.yaml b/tests/config-templates/profiles.yaml deleted file mode 100644 index f4945b7a0..000000000 --- a/tests/config-templates/profiles.yaml +++ /dev/null @@ -1,13 +0,0 @@ -name: default_ip_remediation -#debug: true -filters: - - Alert.Remediation == true && Alert.GetScope() == "Ip" -decisions: - - type: ban - duration: 4h -# notifications: -# - slack_default # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this. -# - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this. -# - http_default # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this. -# - email_default # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this. -on_success: break diff --git a/tests/config-templates/simulation.yaml b/tests/config-templates/simulation.yaml deleted file mode 100644 index e9c689993..000000000 --- a/tests/config-templates/simulation.yaml +++ /dev/null @@ -1,4 +0,0 @@ -simulation: off -# exclusions: -# - crowdsecurity/ssh-bf - \ No newline at end of file diff --git a/tests/instance-data b/tests/instance-data index 91449db84..1980cb4ee 100755 --- a/tests/instance-data +++ b/tests/instance-data @@ -42,22 +42,45 @@ remove_init_data() { rm -rf -- "${CONFIG_DIR:?}"/* "${DATA_DIR:?}"/* } +config_generate() { + cp ../config/acquis.yaml "${CONFIG_DIR}/" + cp ../config/profiles.yaml "${CONFIG_DIR}/" + cp ../config/simulation.yaml "${CONFIG_DIR}/" + cp ../config/local_api_credentials.yaml "${CONFIG_DIR}/" + cp ../config/online_api_credentials.yaml "${CONFIG_DIR}/" + + cp ../plugins/notifications/http/http.yaml "${CONFIG_DIR}/notifications/" + cp ../plugins/notifications/email/email.yaml "${CONFIG_DIR}/notifications/" + cp ../plugins/notifications/slack/slack.yaml "${CONFIG_DIR}/notifications/" + cp ../plugins/notifications/splunk/splunk.yaml "${CONFIG_DIR}/notifications/" + cp ../plugins/notifications/dummy/dummy.yaml "${CONFIG_DIR}/notifications/" + + yq ' + .common.daemonize=false | + del(.common.pid_dir) | + .common.log_dir=strenv(LOG_DIR) | + .config_paths.config_dir=strenv(CONFIG_DIR) | + .config_paths.data_dir=strenv(DATA_DIR) | + .config_paths.simulation_path=strenv(CONFIG_DIR)+"/simulation.yaml" | + .config_paths.hub_dir=strenv(CONFIG_DIR)+"/hub/" | + .config_paths.index_path=strenv(CONFIG_DIR)+"/hub/.index.json" | + .config_paths.notification_dir=strenv(CONFIG_DIR)+"/notifications/" | + .config_paths.plugin_dir=strenv(PLUGIN_DIR) | + .crowdsec_service.acquisition_path=strenv(CONFIG_DIR)+"/acquis.yaml" | + .db_config.db_path=strenv(DATA_DIR)+"/crowdsec.db" | + .api.client.credentials_path=strenv(CONFIG_DIR)+"/local_api_credentials.yaml" | + .api.server.profiles_path=strenv(CONFIG_DIR)+"/profiles.yaml" | + .api.server.console_path=strenv(CONFIG_DIR)+"/console.yaml" | + .api.server.online_client.credentials_path=strenv(CONFIG_DIR)+"/online_api_credentials.yaml" + ' <../config/config.yaml >"${CONFIG_DIR}/config.yaml" +} + make_init_data() { remove_init_data mkdir -p "${CONFIG_DIR}/notifications" - envsubst < "./config-templates/acquis.yaml" > "${CONFIG_DIR}/acquis.yaml" - envsubst < "./config-templates/config.yaml" > "${CONFIG_DIR}/config.yaml" - envsubst < "./config-templates/simulation.yaml" > "${CONFIG_DIR}/simulation.yaml" - envsubst < "./config-templates/local_api_credentials.yaml" > "${CONFIG_DIR}/local_api_credentials.yaml" - envsubst < "./config-templates/online_api_credentials.yaml" > "${CONFIG_DIR}/online_api_credentials.yaml" - envsubst < "./config-templates/profiles.yaml" > "${CONFIG_DIR}/profiles.yaml" - envsubst < "./config-templates/notifications/http.yaml" > "${CONFIG_DIR}/notifications/http.yaml" - envsubst < "./config-templates/notifications/email.yaml" > "${CONFIG_DIR}/notifications/email.yaml" - envsubst < "./config-templates/notifications/slack.yaml" > "${CONFIG_DIR}/notifications/slack.yaml" - envsubst < "./config-templates/notifications/splunk.yaml" > "${CONFIG_DIR}/notifications/splunk.yaml" - envsubst < "./config-templates/notifications/dummy.yaml" > "${CONFIG_DIR}/notifications/dummy.yaml" + config_generate mkdir -p "${CONFIG_DIR}/hub" "${BIN_DIR}/cscli" machines add githubciXXXXXXXXXXXXXXXXXXXXXXXX --auto