beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
1240 commits 83 branches 177 tags 151 MiB
Commit graph

314 commits

Author SHA1 Message Date
blotus 1e018bdaf8
Wait for both api and agent chans if necessary when daemonize is false or running on windows (#2155) 2023-04-04 15:16:48 +02:00
mmetc 38ab6be7c2
Allow feature.yml to change available subcommands (#2156) 2023-04-03 10:11:56 +02:00
mmetc ea6401ce09
CI: Static builds by default; replace bincover with go -cover from 1.20 (#2150) 
* Makefile: build static binaries only
* Replace bincover with go -cover from 1.20
* CI: Fix timing issue between lapi and agent containers
 2023-03-30 15:05:09 +02:00
blotus 61bea26486
Add transform configuration option for acquisition (#2144) 2023-03-29 16:04:17 +02:00
blotus 1095f6c875
use expr.Function for custom functions instead of passing them in the env (#2133) 2023-03-28 10:49:01 +02:00
blotus 91eb39cff6
New PAPI commands: reauth + force_pull (#2129) 2023-03-21 14:06:19 +01:00
Thibault "bui" Koechlin a74e424d53
support ip and cidr based whitelists for capi and 3rd party blocklists (#2132) 
* support ip and cidr based whitelists for capi and 3rd party blocklist
 2023-03-21 11:50:10 +01:00
AlteredCoder e61a464951
Fix cscli explain when running from testenv (#2114) 
* Fix cscli explain when running from testenv
 2023-03-15 10:26:40 +01:00
mmetc e161507d08
Lint (type inference): remove redundant type declarations (#2111) 2023-03-09 11:56:02 +01:00
mmetc 9faa49c7e8
Load lapi config for config show output (#2097) 
This adds URL and login parameters as it was intended.
Also rewrite configShow and displayOneAlert to use an embedded text/template for shorter code.
 2023-03-08 22:47:25 +01:00
Thibault "bui" Koechlin 9d5aaf5ea2
add --origin to cscli decisions delete (#2109) 2023-03-08 18:29:20 +01:00
Thibault "bui" Koechlin 5b0fe4b7f1
support for regexps result cache (#2104) 
* support for regexps result cache : gcache + xxhash

Co-authored-by: Marco Mariani <marco@crowdsec.net>
 2023-03-08 16:07:49 +01:00
blotus 16a3be49e2
do not try to load PAPI is url is not set (#2099) 2023-03-06 15:38:58 +01:00
blotus e27a0a0e14
display source in alerts list when an alert has multiple decisions (#2098) 2023-03-06 13:51:57 +01:00
blotus b2c2c5ac59
add papi_url in credentials file when enabling console_management, and remove it when disabling console_management (#2095) 2023-03-03 17:03:21 +01:00
blotus 85ab9c68a2
Add cscli papi status and cscli papi sync (#2091) 2023-03-03 13:46:28 +01:00
mmetc f6d6c5bb2b
Add tests and typo fixes (#2092) 2023-03-03 11:06:27 +01:00
mmetc a6bb2cf5e1
Fix log destination in one-shot mode (#2084) 2023-03-01 17:00:04 +01:00
Manuel Sabban 60b3f63851
ugly workaround to fix the tests (#2080) 
* ugly workaround to fix the tests

* add comments

---------

Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2023-02-28 17:05:11 +01:00
Manuel Sabban 39a4a256fd
fix the way acquisition is stopped (#2069) 
* fix the way acquisition is stopped by draining inputLineChan before terminating it.

---------

Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2023-02-27 11:21:25 +01:00
Laurence Jones 75d8b821ff
Explain successful parsers only (#2063) 
* Add option to filter down explain to successful parsers useful for me who has every collection installed

* Altered naming conventions so it makes more sense when reading
 2023-02-24 13:49:17 +00:00
mmetc b7d1e2c483
replace log.Fatal -> fmt.Errorf (#2058) 2023-02-20 15:05:42 +01:00
blotus 83c3818504
Do not try to refresh JWT token when doing a login request (#2059) 2023-02-16 16:16:26 +01:00
Thibault "bui" Koechlin 1d7d377f8b
changes following BL tests (#2038) 
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
 2023-02-08 10:35:21 +01:00
Cristian Nitescu 987f119c4b
v3 capi and blocklists links support (#2019) 
* v3 model generation

* v3 model generation

* comms

* fixes after master merge

* missing reader close

* use constants defined for types

---------

Co-authored-by: bui <thibault@crowdsec.net>
 2023-02-06 14:06:14 +01:00
mmetc b6be18ca65
cscli setup (#1923) 
Detect running services and generate acquisition configuration
 2023-02-06 07:33:04 +01:00
Thibault "bui" Koechlin e927717fa0
Polling API Integration (#1715) 
Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: he2ss <hamza.essahely@gmail.com>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
 2023-01-31 14:47:44 +01:00
mmetc d369656b26
agent: fix message when -dsn is provided without -type (#2009) 2023-01-20 16:14:26 +01:00
mmetc e5833699c0
cscli config feature-flags (#2006) 2023-01-20 09:32:10 +01:00
mmetc 4bffc0df21
break in smaller functions cscli hub, hubtest, notifications, parsers, scenarios, simulation (#2004) 2023-01-19 13:29:36 +01:00
mmetc 7bb74b9664
refact cscli decisions (#2003) 2023-01-19 11:02:00 +01:00
Thibault "bui" Koechlin 4f29ce2ee7
CTI API Helpers in expr (#1851) 
* Add CTI API helpers in expr
* Allow profiles to have an `on_error` option to profiles

Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
 2023-01-19 08:45:50 +01:00
Marco Mariani 47dbfa770d configure logging earlier 2023-01-18 15:15:18 +01:00
Marco Mariani 91b0f8fee1 load custom configuration paths when agent is disabled 2023-01-18 15:15:18 +01:00
Marco Mariani 2e91a82aa7 load feature.yaml as soon as possible 2023-01-18 15:15:18 +01:00
Marco Mariani b603bdfccc cscli refact: extracted New.*Cmd from alerts, capi, dashboard; removed (some) globals 2023-01-18 11:09:28 +01:00
mmetc 51800132cd
improve feature flag logging (#1986) 
For cscli: it should provide a terse output, not nag users with configuration details. Although it's usually important that cscli and crowdsec have the same enabled features, having it list them every time the command is invoked can be too much.

For crowdsec: when features are set from the environment, it's too early to log where we should. So we can use log.Debug at activation time, and list them again once logging is configured.

 - wrap some functions in csconfig for convenience and DRY
 - for each enabled feature, log.Debug
 - log all enabled features once as Info (crowdsec) or Debug (cscli)
 - file does not exist -> log.Trace
 2023-01-13 13:42:42 +01:00
mmetc 157589d31e
cscli explain: add crowdsec path option (#1983) 2023-01-12 17:04:28 +01:00
Thibault "bui" Koechlin 6fb962a941
Allow parsers to capture data for future enrichment (#1969) 
* Allow parsers to capture data in a cache, that can be later accessed via expr helpers (fake multi-line support)
 2023-01-11 15:01:02 +01:00
mmetc cd4dabde0e
silence yaml.local explicitly in cscli, keep in crowdsec/bouncer logs (#1981) 2023-01-11 09:50:46 +01:00
mmetc c4deaf0994
cscli: avoid initializing the db configuration twice (#1982) 2023-01-11 09:50:12 +01:00
AlteredCoder 185f9ad541
Alert context (#1895) 
Co-authored-by: bui <thibault@crowdsec.net>
 2023-01-04 16:50:02 +01:00
mmetc 59f6610721
separate cscli cobra constructors: lapi, machines, bouncers, postoverflows (#1945) 2022-12-30 10:13:52 +01:00
mmetc 6efc2688b1
simplify feature flags (#1947) 
Now checking for a feature flag is a one liner,
with no need to control errors.

if fflag.Crowdsec.CscliSetup.IsEnabled() {
   ...
}
 2022-12-26 14:23:41 +01:00
mmetc c022eb1b86
remove ignored flag "-m" in "cscli machines delete" (it takes a positional argument) (#1943) 2022-12-23 17:13:20 +01:00
mmetc ef3a130d54
Cscli config refactoring (#1934) 2022-12-22 12:22:55 +01:00
mmetc 5d2c99bb17
runtime feature flag initialization 2022-12-21 17:19:20 +01:00
mmetc a32aa96752
feature flags (#1933) 
Package fflag provides a simple feature flag system.

 Feature names are lowercase and can only contain letters, numbers, undercores
 and dots.

 good: "foo", "foo_bar", "foo.bar"
 bad: "Foo", "foo-bar"

 A feature flag can be enabled by the user with an environment variable
 or by adding it to {ConfigDir}/feature.yaml

 I.e. CROWDSEC_FEATURE_FOO_BAR=true
 or in feature.yaml:
```
 ---
 - foo_bar
```

 If the variable is set to false, the feature can still be enabled
 in feature.yaml. Features cannot be disabled in the file.

 A feature flag can be deprecated or retired. A deprecated feature flag is
 still accepted but a warning is logged. A retired feature flag is ignored
 and an error is logged.

 A specific deprecation message is used to inform the user of the behavior
 that has been decided when the flag is/was finally retired.
 2022-12-20 16:11:51 +01:00
mmetc 6c19beb937
set cscli log timestamp to 24h (#1917) 2022-12-09 16:48:24 +01:00
blotus fdda940ac0
Add Kubernetes audit acquisition (#1767) 2022-12-06 13:47:29 +01:00