beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
1641 commits 83 branches 177 tags 151 MiB
Commit graph

181 commits

Author SHA1 Message Date
alteredCoder e0bd4dc928 fix linter 2023-08-24 12:11:54 +02:00
bui 4846701ed5 logging 2023-08-21 15:34:18 +02:00
mmetc cd9d8f309d
CI: increase test sleep to fix flaky acquisition/file test under win (#2410) 
* CI: increase test sleep to attempt fix for flaky windows acquitition/file test

* wip
 2023-08-08 16:11:32 +02:00
Sebastien Blot a4ee1e717e
try re2 for @rx operator 2023-08-02 11:47:35 +02:00
alteredCoder 885c283097 remove debug 2023-08-01 10:58:36 +02:00
alteredCoder cbf06c25fb fix outofband evt generation 2023-08-01 10:34:43 +02:00
alteredCoder 353926ec91 add debug 2023-07-31 18:47:54 +02:00
alteredCoder 4332598cd1 add debug 2023-07-31 18:44:32 +02:00
alteredCoder da37b5566d update 2023-07-31 18:35:35 +02:00
Sebastien Blot 711f0474d9
merge from master 2023-07-31 17:05:25 +02:00
Sebastien Blot dd83bdea6b
revert previous bad merge 2023-07-31 17:00:06 +02:00
alteredCoder fc8a0ee9d4 update 2023-07-31 15:06:42 +02:00
bui 4a38cb5bbb logging 2023-07-31 14:47:48 +02:00
bui e4e2bb5504 switch to properly compiled regexp to be able to bail out early 2023-07-31 14:45:21 +02:00
bui a7cd86f725 allow to select what variables shouldd be tracked 2023-07-31 12:15:04 +02:00
mmetc ffadd42779
update dependency on go-cs-lib; drop the pkg/ part (#2393) 2023-07-28 16:35:08 +02:00
Sebastien Blot dd5e38a2c5
expose internal coraza vars in evt.Waap 2023-07-27 10:01:56 +02:00
Sebastien Blot 2f5a6fbb4f
wip 2023-07-27 09:22:26 +02:00
Sebastien Blot 792961d757
wip 2023-07-27 09:22:26 +02:00
Sebastien Blot 01ced8fb99
merge 2023-07-27 09:22:26 +02:00
alteredCoder 4993758b36 handle missing headers 2023-07-26 12:47:16 +02:00
bui 54fd2e4e70 fixed 2023-07-20 16:47:07 +02:00
alteredCoder 779ea2e262 fix 2023-07-19 18:19:14 +02:00
alteredCoder 472f40b9d4 fix 2023-07-19 18:18:24 +02:00
alteredCoder ab2c152627 reduce verbosity 2023-07-19 14:39:57 +02:00
alteredCoder 7d8c931d00 add loggers 2023-07-19 14:35:02 +02:00
alteredCoder 8ba692b115 debug 2023-07-19 12:02:38 +02:00
alteredCoder cd5cb55a7e debug 2023-07-19 11:57:14 +02:00
alteredCoder d946286e5c remove spew 2023-07-19 11:50:42 +02:00
alteredCoder e543523ba3 update ban remediation 2023-07-19 10:34:22 +02:00
bui f7eaefa518 up 2023-07-18 18:12:17 +02:00
Sebastien Blot ef4fe8f5d3
merge 2023-07-13 16:22:21 +02:00
blotus 57547c32c9
Aggregate WAF rules into a single event (#2350) 2023-07-13 16:20:04 +02:00
bui a6ba0e869c imp logging 2023-07-11 09:29:17 +02:00
bui 8baeb70998 add metrics 2023-07-10 18:00:19 +02:00
blotus f9ca14f010
add object key in src for S3 acquis (#2342) 2023-07-07 10:09:18 +02:00
blotus 1295de928a
Properly match new files on windows when doing file acquisition (#2329) 2023-07-06 14:45:38 +02:00
alteredCoder 84b6570554 Revert "Merge remote-tracking branch 'origin' into coraza_poc_acquis" 
This reverts commit 7098e971c7, reversing
changes made to 13512891e4.
 2023-07-04 18:46:20 +02:00
alteredCoder 7098e971c7 Merge remote-tracking branch 'origin' into coraza_poc_acquis 2023-07-04 17:42:39 +02:00
alteredCoder 13512891e4 add waf_routines 2023-07-04 17:36:56 +02:00
mmetc bd41f855cf
errors.Wrap -> fmt.Errorf (#2317) 2023-06-29 11:34:59 +02:00
mmetc 9beb5388cb
errors.Wrap -> fmt.Errorf; clean up imports (#2301) 2023-06-23 14:04:58 +02:00
mmetc 8bfeb7d90d
Update go dependencies (#2293) 
- update fatih/color (fix windows issue)
- update mongo-driver (fix build issue)
- go.mod: merge two "require" blocks
- update semver dependency (same version as indirect dep), fix test checks in cscli setup
- remove gotest.tools dependency (use testify, cstest)
- update x/ exp, mod, sys dependencies
 2023-06-22 11:31:41 +02:00
Sebastien Blot 3fe6e3be14
check for interruption and ignore empty messages 2023-06-16 16:52:01 +02:00
alteredCoder 877d4fc32d update 2023-06-16 14:23:53 +02:00
alteredCoder 07b60233db update waf 2023-06-16 12:19:44 +02:00
Sebastien Blot 9180ac7be9
wip 2023-06-15 22:51:57 +02:00
Sebastien Blot 805752dc62
wip 2023-06-13 17:08:48 +02:00
alteredCoder 40f65de7b9 optim 2023-06-13 16:31:30 +02:00
alteredCoder fa172bed56 up 2023-06-13 15:41:32 +02:00
Sebastien Blot a2e6359880
merge 2023-06-09 13:01:58 +02:00
Sebastien Blot c46e2ccdad
up 2023-06-09 13:00:43 +02:00
alteredCoder 61e1cc29d5 update 2023-06-08 17:45:21 +02:00
Sebastien Blot 415e2dc68d
merge 2023-06-08 11:22:16 +02:00
bui 739d086325 up 2023-06-07 14:12:42 +02:00
bui 30455a8eb6 progress 2023-06-07 13:45:36 +02:00
bui d123254949 wip 2023-06-06 18:28:06 +02:00
Thibault "bui" Koechlin ee8b31348b
Merge branch 'master' into coraza_poc_acquis 2023-06-06 18:23:59 +02:00
Sebastien Blot 4a7e26af02
wip 2023-06-05 19:33:03 +02:00
Sebastien Blot a7d80aacd6
merge coraza poc branch 2023-06-05 14:37:39 +02:00
Sebastien Blot 7078d79ce4
merge 2023-06-05 14:30:14 +02:00
Sebastien Blot 65884fb4be
wip 2023-06-05 14:22:35 +02:00
bui 44a5c81199 readme 2023-06-01 11:53:12 +02:00
bui 6d3b2b354b up 2023-05-29 14:03:10 +02:00
mmetc b2d3520519
decouple bouncer dependencies: use go-cs-lib in test code (#2229) 2023-05-25 15:37:44 +02:00
mmetc 025f14f879
merge system cert pool with own certs (#2226) 2023-05-25 10:10:58 +02:00
mmetc 534328ca30
decouple bouncer dependencies: use go-cs-lib/pkg/* (#2216) 
* decouple bouncer dependencies: use go-cs-lib/pkg/trace
* decouple bouncer dependencies: use go-cs-lib/pkg/version
* decouple bouncer dependencies: use go-cs-lib/pkg/yamlpatch
* decouple bouncer dependencies: use go-cs-lib/pkg/csstring
* unused import
 2023-05-23 10:52:47 +02:00
blotus 2701454f23
defaults to inotify to detect changes in file datasource to avoid too many call to stat() (#2181) 2023-05-09 10:03:55 +02:00
bui cacdcd75b6 use fork 2023-05-04 11:05:41 +02:00
bui 53c73a5e05 up 2023-05-04 10:26:04 +02:00
Sebastien Blot d335e74c81
wip 2023-05-03 16:35:28 +02:00
blotus 0279e549bd
check if the acquis tomb is dying while processing logs in replay mode for file/s3/docker (#2152) 2023-04-04 13:57:06 +02:00
Sebastien Blot 1d9891a244
wip 2023-04-04 11:49:00 +02:00
mmetc 3132aa54b7
Properly load k8s audit configuration (#2158) 2023-04-03 21:55:31 +02:00
mmetc 3fa555fb25
Rename k8s_audit to k8s-audit (easier to type, consistent with labels) (#2153) 2023-04-03 09:53:38 +02:00
blotus 61bea26486
Add transform configuration option for acquisition (#2144) 2023-03-29 16:04:17 +02:00
blotus 1095f6c875
use expr.Function for custom functions instead of passing them in the env (#2133) 2023-03-28 10:49:01 +02:00
mmetc d769fff1e8
File acquisition: log "file reopen" events instead of writing to stderr (#2139) 2023-03-24 11:24:36 +01:00
blotus dc38e5ac00
S3 acquisition datasource (#2130) 2023-03-21 13:54:52 +01:00
Thibault "bui" Koechlin 618be9ff68
properly update the time structure within event (#2122) 
* properly update the time structure within event to ensure it works in time-machine

* move LIVE and TIMEMACHINE to pkg/types : less code needs to import leakybucket package, and we avoid duplicating constants
 2023-03-16 16:25:50 +01:00
Manuel Sabban b451d190b7
try to make reproducible build work (#2119) 
Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2023-03-13 17:26:33 +01:00
mmetc e161507d08
Lint (type inference): remove redundant type declarations (#2111) 2023-03-09 11:56:02 +01:00
mmetc ba4396e52c
fix flaky parser unit test (#1985) 2023-01-12 17:03:25 +01:00
mmetc 2d81e751a1
fix parser test 2k23 (#1971) 2023-01-04 15:46:16 +01:00
blotus fdda940ac0
Add Kubernetes audit acquisition (#1767) 2022-12-06 13:47:29 +01:00
mmetc 4a6a9c4355
acquisition: validate datasources before configuration (static checks) (#1841) 
* acquisition: validate datasources before configuration (allow static configuration checks)

* remove comment

* import reviser, format

* error wrap
 2022-11-30 17:36:56 +01:00
mmetc 104f5d1fe6
lint: error handling cleanup (#1877) 2022-11-29 09:16:07 +01:00
mmetc 895691dad1
enabled linters: gocritic, nilerr (#1853) 2022-11-07 10:36:50 +01:00
mmetc 02d2eab18c
update golangci-lint to 1.50 and fixes (#1828) 2022-10-26 15:11:37 +02:00
mmetc 2088bb1f91
fix for #1839 (#1840) 2022-10-26 11:02:12 +02:00
mmetc 1d9f861f28
unit tests: always capture testcase variable -> allow parallel testing (#1797) 2022-10-10 10:48:26 +02:00
Manuel Sabban 83841d801c
fork dlog to ease debian packaging on official repos (#1790) 
Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2022-10-06 13:40:31 +02:00
Shivam Sandbhor 65c0b9ebcf
Simplify one shot tests (#1786) 2022-10-06 11:57:26 +02:00
Shivam Sandbhor b203b3f444
Fix flakey test in file_tests (#1783) 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
 2022-10-05 16:40:09 +02:00
mmetc 6120571421
fix & cleanup cloudwatch_test.go (#1780) 2022-10-04 09:48:59 +02:00
mmetc edced6818a
cleanup + fix flaky tests in file_test.go, apic_test.go (#1773) 2022-09-30 16:01:42 +02:00
blotus bfbe180101
Tighten windows sqlite database permissions (#1769) 2022-09-28 16:18:00 +02:00
Laurence Jones 21e5b0d6d0
Improvement: Docker one shot error message (#1666) 
* In one shot, user would only specify one container?
 2022-09-27 16:20:30 +02:00
Thibault "bui" Koechlin 9d199fd4a9
fix #1733 : add support for exclusion regexps (#1735) 
* allow to specify a list of regular expressions to skip some specific files
 2022-09-06 14:58:37 +02:00
mmetc 414282a2c9
golangci-lint 1.49 and related fixes (#1736) 2022-09-06 13:55:03 +02:00