beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
1703 commits 83 branches 177 tags 151 MiB
Commit graph

60 commits

Author SHA1 Message Date
mmetc 5356ccc6cd
cron: spread server load when upgrading hub and data files (#2873) 2024-03-06 13:42:57 +01:00
mmetc 8e9e091656
systemd: check configuration before attempting reload (#2861) 2024-02-26 13:44:40 +01:00
Thibault "bui" Koechlin 19d36c0fb2
Support console options in console enroll (#2760) 
* make dev.yaml has a valid/default console path

* simplify and make more consistent help message about console opts

* allow enroll to specify options to enable

* allow 'all' shortcut for --enable
 2024-01-19 15:49:00 +01:00
Zafer Balkan e1932ff01e
Used asterisk for Defender Firewall log name (#2671) 
Log name is configurable. MD Docs recommend a log file per profile: https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/configure-logging?tabs=intune
 2023-12-20 10:28:40 +01:00
mmetc ffcab0b2bc
Refactor hub management and cscli commands (#2545) 2023-11-24 15:57:32 +01:00
mmetc 3c16139c44
Reduce log verbosity at startup (#2363) 
A configuration syntax test is performed every time the service is
started from systemd. The resulting error, if any, is shown on
journalctl logs.
This PR removes the unnecessary output in crowdsec.log generated by the
configuration test.
 2023-07-19 13:28:52 +02:00
mmetc 3b1f412e44
default config: simulation off -> false (yaml 1.2) (#2263) 2023-06-05 10:55:27 +02:00
blotus 8aca0ea860
update default windows acquisition configuration (#2195) 2023-05-12 13:47:01 +02:00
mmetc b6be18ca65
cscli setup (#1923) 
Detect running services and generate acquisition configuration
 2023-02-06 07:33:04 +01:00
AlteredCoder 185f9ad541
Alert context (#1895) 
Co-authored-by: bui <thibault@crowdsec.net>
 2023-01-04 16:50:02 +01:00
mmetc 38b37db55b
systemd: same restart options across deb, rpm, wizard (#1948) 2022-12-28 10:13:05 +01:00
mmetc fa0e590778
removed pid_dir (#1906) 2022-12-02 13:42:43 +01:00
mmetc f860a037b5
randomize metric push time (#1852) 2022-11-04 14:54:03 +01:00
mmetc 344b1dc559
fixed package tests w/wal, gitignore/typos (#1849) 2022-10-31 10:02:51 +01:00
mmetc df88f4e1e9
randomize pull, push and metric intervals; reload crowdsec only when hub changed (#1846) 2022-10-28 13:55:59 +02:00
Laurence Jones c1334b9a8b
Test if cscli is installed if so run hub update and reload (#1827) 2022-10-20 12:59:39 +01:00
Laurence Jones 24b540ecde
Cronjob via packages (#1820) 
* Final version
 2022-10-18 16:11:48 +01:00
mmetc 2b7e3ff1e7
warn if no acquisition files are found, acquisition_test refactoring, tests (#1816) 2022-10-17 17:32:08 +02:00
blotus 8decbe7670
Properly handle service shutdown on windows (#1662) 2022-07-13 11:54:12 +02:00
he2ss 3d6f015211
Add duration expr to add duration formula (#1556) 
* add duration expr to add duration formula
 2022-06-22 11:29:52 +02:00
blotus 0449ec1868
Windows Support (#1159) 2022-05-17 12:14:59 +02:00
Thibault "bui" Koechlin ddfe95e45d
user lumberjack rotate instead (#1492) 2022-04-28 17:19:03 +02:00
Shivam Sandbhor 023ac9e138
Add trusted IPs which have admin API access (#1352) 
* Add trusted IPs which have admin API access
 2022-03-16 17:28:34 +01:00
mmetc 81793fe8bf
dummy plugin (#1342) 2022-03-16 09:30:04 +01:00
Shivam Sandbhor 76e97303a5
Deprecate pid_file config (#1346) 
* Deprecate pid_file config

Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>

* Fix unit test

Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>

* Impl review suggestions.

Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
 2022-03-16 09:23:49 +01:00
blotus fb74b2fda7
Improve LAPI performance when under high load (#1273) 2022-02-17 17:52:04 +01:00
mmetc 8310c10ce3
console_config.yaml -> console.yaml (#1195) 2022-01-21 11:52:23 +01:00
Thibault "bui" Koechlin 6e92da76ad
lapi to capi : allow push of tainted/custom/manual decisions (#1154) 
* add console command to control signal sharing
* modify metrics endpoint to add lastpush

Co-authored-by: alteredCoder <kevin@crowdsec.net>
 2022-01-13 16:46:16 +01:00
Shivam Sandbhor a6e405422c
Add email notification plugin. (#1013) 
* Add email notification plugin.
* Add plugin binary to gitignore

Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
 2022-01-06 11:20:59 +01:00
mmetc 7ca3625706
removed legacy cron script (#1040) 2021-11-02 17:00:03 +01:00
he2ss db5ffb0040
Update test env (#987) 
* update test_env
 2021-09-24 18:06:30 +02:00
Cristian Nitescu 9d2cd58f31
#975 Mysql default parser: parse also lines with using password NO (#976) 2021-09-24 10:49:49 +02:00
Shivam Sandbhor b8e24a1e0b
Make plugin runner configurable and run only registered plugins (#944) 
* Make plugin runner configurable and run only registered plugins
 2021-09-08 11:36:42 +02:00
Manuel Sabban 1d955f4258
fix plugins directories (#942) 
* use usr over var for plugins
* add patch for debian directory
* patch rpm conf as well
* update directory structure
* modify config at build time
* use macros

Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2021-09-07 17:18:55 +02:00
ThinkChaos 448a227079
Minor changes to specific logs (#900) 
- Minor changes to specific logs
- Fix LAPI to not push signals to CAPI when disabled #907
 2021-08-25 18:30:05 +02:00
Thibault "bui" Koechlin 950759f6d6
Output plugins (#878) 
* Add plugin system for notifications (#857)
 2021-08-25 11:43:29 +02:00
AlteredCoder f2d14c8ca2
update the config.yaml file (#674) 2021-03-11 11:18:09 +01:00
Daniel B 09a63ab868
Remove pattern matching valid SSH disconnect (#668) 
Fixes #177
 2021-03-10 15:10:41 +01:00
Thibault "bui" Koechlin 22ada59393
Allow for acquisition files to be specified from a directory as well (#619) 
* allow a acquisition_dir in crowdsec's config + change the behaviour of config loading so that it's working with a list instead. keep backward compat with acquisition_path

* remove the default behaviour of 'guessing' acquis path if param isn't present, and error
 2021-02-17 13:55:36 +01:00
Thibault "bui" Koechlin e74f221044
Fix default configurations (#597) 
* fix default perms on SQLite file

* seed the prng securely

* fix defaults to enforce certificates verification

* ensure file is within path

* ensure the directory doesn't exist beforehand

* verify certificate by default

* disable http ip forward headers
 2021-02-02 14:15:13 +01:00
AlteredCoder 1c005d6923
fix systemctl env (#535) 
Co-authored-by: AlteredCoder <AlteredCoder>
 2020-12-14 17:44:24 +01:00
erenJag b6d73f48cd
Fix some bugs : update doc, codename and fix wizard (#522) 
* change localhost to 127.0.0.1 + fix uninstall in wizard
* remove beta from repo
 2020-12-08 12:45:36 +01:00
Thibault "bui" Koechlin 6dcc9e7810
change the hub branch for the upcoming release (#513) 2020-12-07 10:42:37 +01:00
AlteredCoder 8707140fb2
Fix documentation errors (#496) 2020-12-01 17:04:13 +01:00
Thibault "bui" Koechlin e5487aacdb
Doc fix install (#494) 2020-12-01 15:08:36 +01:00
Thibault "bui" Koechlin dbb420f79e
local api (#482) 
Co-authored-by: AlteredCoder
Co-authored-by: erenJag
 2020-11-30 10:37:17 +01:00
Thibault "bui" Koechlin 177480cff7
updated mysql plugin support (#135) 
* add support for plugin, support mysql & so on

* fix queries

Co-authored-by: erenJag <erenJag>
Co-authored-by: AlteredCoder <AlteredCoder>
 2020-07-16 16:05:03 +02:00
Thibault "bui" Koechlin 7fe6741df3
Simulation support (#136) 
* support simulation mode
 2020-07-16 15:59:09 +02:00
AlteredCoder 98297f741f don't profile in test env 2020-07-07 16:48:06 +02:00
AlteredCoder eef1847873
add whitelisted flag in signal occurence (#114) 2020-07-02 11:44:27 +02:00