beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
1703 commits 83 branches 177 tags 151 MiB
Commit graph

45 commits

Author SHA1 Message Date
Thibault "bui" Koechlin b1c09f7512
acquisition : take prometheus level into account (#2885) 
* properly take into account the aggregation level of prometheus metrics in acquisition
 2024-03-13 14:57:19 +01:00
mmetc e7ecea764e
pkg/csconfig: use yaml.v3; deprecate yaml.v2 for new code (#2867) 
* pkg/csconfig: use yaml.v3; deprecate yaml.v2 for new code
* yaml.v3: handle empty files
* Lint whitespace, errors
 2024-03-04 14:22:53 +01:00
mmetc 4160bb8102
refact "cscli decisions" (#2804) 
* refact "cscli decisions"
* CI: relax mysql test timing
* lint
 2024-02-01 22:36:21 +01:00
mmetc 4192af30d5
refact "cscli bouncers" (#2776) 2024-01-31 12:40:41 +01:00
Thibault "bui" Koechlin 8cca4346a5
Application Security Engine Support (#2273) 
Add a new datasource that:
- Receives HTTP requests from remediation components
- Apply rules on them to determine whether they are malicious or not
- Rules can be evaluated in-band (the remediation component will block the request directly) or out-band (the RC will let the request through, but crowdsec can still process the rule matches with scenarios)

The PR also adds support for 2 new hub items:
- appsec-configs: Configure the Application Security Engine (which rules to load, in which phase)
- appsec-rules: a rule that is added in the Application Security Engine (can use either our own format, or seclang)

---------

Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
 2023-12-07 12:21:04 +01:00
mmetc ffcab0b2bc
Refactor hub management and cscli commands (#2545) 2023-11-24 15:57:32 +01:00
mmetc 5cd4406f5e
typos/grammar (#2561) 2023-11-07 15:07:36 +01:00
mmetc 9ae8bd79c5
Refact pkg/csconfig tests (#2526) 
* remove unused method
* whitespace, redundant comments
* use test helpers
* move DumpConsoleConfig() from pkg/csconfig to cscli
* package doc header
* var -> const
* rename ./tests -> ./testdata
* shorter tests with more error checks
* lint/formatting
* use helpers; fix tests that didn't actually test
* lint; rename expectedResult -> expected
 2023-10-09 11:10:51 +02:00
mmetc ffadd42779
update dependency on go-cs-lib; drop the pkg/ part (#2393) 2023-07-28 16:35:08 +02:00
mmetc 396dcf8e6e
dependencies: replaced function calls to pkg/types, errors.Wrap (#2235) 
we now use a generic pointer function, and slowly remove the deprecated pkg/errors
 2023-06-01 16:31:56 +02:00
mmetc 534328ca30
decouple bouncer dependencies: use go-cs-lib/pkg/* (#2216) 
* decouple bouncer dependencies: use go-cs-lib/pkg/trace
* decouple bouncer dependencies: use go-cs-lib/pkg/version
* decouple bouncer dependencies: use go-cs-lib/pkg/yamlpatch
* decouple bouncer dependencies: use go-cs-lib/pkg/csstring
* unused import
 2023-05-23 10:52:47 +02:00
mmetc e1f5ed41df
Implement "cscli config show-yaml" (#2191) 2023-05-11 21:01:13 +02:00
mmetc 0c5d233563
Minor cleanup and dead code removal (#2166) 2023-04-12 16:57:38 +02:00
mmetc 47cc60bda9
allow use of literal $ in config.yaml (#2012) 2023-01-23 10:29:29 +01:00
Thibault "bui" Koechlin 4f29ce2ee7
CTI API Helpers in expr (#1851) 
* Add CTI API helpers in expr
* Allow profiles to have an `on_error` option to profiles

Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
 2023-01-19 08:45:50 +01:00
mmetc cd4dabde0e
silence yaml.local explicitly in cscli, keep in crowdsec/bouncer logs (#1981) 2023-01-11 09:50:46 +01:00
mmetc 02d2eab18c
update golangci-lint to 1.50 and fixes (#1828) 2022-10-26 15:11:37 +02:00
mmetc 4b3c9c2806
print cscli usage in color, fix windows terminal detection (#1801) 2022-10-13 12:28:24 +02:00
mmetc ddd75eae9a
cscli: new tables, --color yes|no|auto option (#1763) 2022-10-07 11:05:35 +02:00
mmetc 10585bfecc
enabled linters and fixes for: misspell, predeclared, unconvert, ineffassign, gosimple, govet (#1595) 2022-06-16 14:41:54 +02:00
mmetc 98f2ac5e7c
fix #1385: .yaml.local (#1497) 
Added support for .yaml.local files to override values in .yaml
 2022-05-18 10:08:37 +02:00
blotus fb74b2fda7
Improve LAPI performance when under high load (#1273) 2022-02-17 17:52:04 +01:00
mmetc 35eea39db7
allow Makefile to override /etc/crowdsec and /var/lib/crowdsec/data (#1221) 2022-02-01 10:34:53 +01:00
Shivam Sandbhor b8e24a1e0b
Make plugin runner configurable and run only registered plugins (#944) 
* Make plugin runner configurable and run only registered plugins
 2021-09-08 11:36:42 +02:00
AlteredCoder 1e899c2211
Refactor configuration management (#698) 2021-03-24 18:16:17 +01:00
registergoofy a8b16a66b1
truely don't try to send anything with empty online credentials configuration file (#657) 
* truely don't try to send anything with empty online credentials config file

Co-authored-by: AlteredCoder <AlteredCoder>
 2021-03-02 09:25:12 +01:00
AlteredCoder 8b504e9f67
improve logging in cscli and wizard (#643) 2021-02-25 11:20:36 +01:00
Thibault "bui" Koechlin 22ada59393
Allow for acquisition files to be specified from a directory as well (#619) 
* allow a acquisition_dir in crowdsec's config + change the behaviour of config loading so that it's working with a list instead. keep backward compat with acquisition_path

* remove the default behaviour of 'guessing' acquis path if param isn't present, and error
 2021-02-17 13:55:36 +01:00
Thibault "bui" Koechlin 7d93302e05
add a prometheus_uri option for cscli's config (#625) 
* add a prometheus_uri option for cscli's config, and update documentation

* specify min version
 2021-02-17 13:53:57 +01:00
Thibault "bui" Koechlin 7f40160f6e
only set logfile dir if media is file (#615) 2021-02-11 18:28:01 +01:00
blotus 260332c726
Add use_forwarded_for_headers configuration option for LAPI (#610) 
* Add use_forwarded_for_headers configuration option for LAPI

* update documentation
 2021-02-09 19:10:14 +01:00
AlteredCoder 22c4962768
don't load lapi creds when running only api (#608) 
Co-authored-by: AlteredCoder <AlteredCoder>
 2021-02-09 17:59:35 +01:00
AlteredCoder 359a9cb8ce
allow environment variable in configuration file (#601) 2021-02-04 17:17:01 +01:00
Thibault "bui" Koechlin e74f221044
Fix default configurations (#597) 
* fix default perms on SQLite file

* seed the prng securely

* fix defaults to enforce certificates verification

* ensure file is within path

* ensure the directory doesn't exist beforehand

* verify certificate by default

* disable http ip forward headers
 2021-02-02 14:15:13 +01:00
Thibault "bui" Koechlin dbb420f79e
local api (#482) 
Co-authored-by: AlteredCoder
Co-authored-by: erenJag
 2020-11-30 10:37:17 +01:00
Thibault "bui" Koechlin b2ef6a555c
add support for 'prometheus_mode' configuration directive that can be set to 'aggregation' to limit the cardinality of prometheus metrics (#192) 2020-08-24 11:51:50 +02:00
Thibault "bui" Koechlin d2ffb190f9
add a default configuration file if none is specified (#159) 2020-07-29 16:58:25 +02:00
AlteredCoder 794d3221d0
add tests in pkg/csconfig and improve pkg/exprhelpers tests (#150) 
* add tests for csconfig & improve exprhelpers tests
 2020-07-28 15:38:48 +02:00
Thibault "bui" Koechlin 7fe6741df3
Simulation support (#136) 
* support simulation mode
 2020-07-16 15:59:09 +02:00
Thibault "bui" Koechlin b9ae94b874
Sqlite : Support automatic db flushing (#91) 
* add support for sqlite retention : max_records, max_records_age

* reduce verbosity of cwhub
 2020-07-01 17:04:29 +02:00
Thibault "bui" Koechlin 5446857377
Add crowdsec reload + cscli metrics minor improvements (#79) 2020-06-19 13:57:44 +02:00
AlteredCoder 6757fa3cee merge 2020-05-24 18:15:59 +02:00
AlteredCoder 74dd723ebf fix 2020-05-22 18:24:54 +02:00
AlteredCoder f8821b8982 fix dev config 2020-05-22 18:22:43 +02:00
AlteredCoder 019c8d3e18 fix package config name 2020-05-22 17:45:08 +02:00
Renamed from pkg/config/crowdsec/config.go (Browse further)