beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
1600 commits 83 branches 177 tags 151 MiB
Commit graph

148 commits

Author SHA1 Message Date
mmetc 6507e8f4cd
cscli: don't print use_wal warning (#2794) 2024-01-30 11:07:53 +01:00
mmetc 8c75efdb2a
lint: disallow naked returns (#2771) 2024-01-24 17:31:34 +01:00
blotus 421ef3bf9c
add cpu-profile flag (#2723) 2024-01-16 11:40:29 +01:00
mmetc 0ef5f20aa7
bin/crowdsec: avoid writing errors twice when log_media=stdout (#2729) 
* bin/crowdsec: avoid writing errors twice when log_media=stdout
* lint
 2024-01-12 14:44:09 +01:00
blotus 5d5a1117e1
Send installed appsec rules as part of the scenarios on login (#2704) 2024-01-08 14:33:53 +01:00
Sebastien Blot ecd1a8bfed
Revert "Send installed appsec rules as part of the scenarios on login" 
This reverts commit f99f003a50.
 2024-01-08 10:54:39 +01:00
Sebastien Blot f99f003a50
Send installed appsec rules as part of the scenarios on login 2024-01-08 10:54:07 +01:00
mmetc 6e34d609b7
cscli: silence cwhub logger for non-hub related commands (#2675) 2023-12-19 17:20:09 +01:00
mmetc 4acb4f8df3
cwhub: context type (#2631) 
* add hub type "context"
* cscli lapi: log.Fatal -> fmt.Errorf; lint
* tests for context.yaml
* load console context from hub
* original & compiled context
* deprecate "cscli lapi context delete"
$ cscli lapi context delete
Command "delete" is deprecated, please manually edit the context file.
* cscli completion: add appsec-rules, appsec-configs, explain, hubtest
 2023-12-07 16:20:13 +01:00
Thibault "bui" Koechlin 8cca4346a5
Application Security Engine Support (#2273) 
Add a new datasource that:
- Receives HTTP requests from remediation components
- Apply rules on them to determine whether they are malicious or not
- Rules can be evaluated in-band (the remediation component will block the request directly) or out-band (the RC will let the request through, but crowdsec can still process the rule matches with scenarios)

The PR also adds support for 2 new hub items:
- appsec-configs: Configure the Application Security Engine (which rules to load, in which phase)
- appsec-rules: a rule that is added in the Application Security Engine (can use either our own format, or seclang)

---------

Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
 2023-12-07 12:21:04 +01:00
mmetc 90d3a21853
CI: use go 1.21.5 (#2640) 
* use go 1.21.5
* Simpler go:build directives
 2023-12-06 12:38:36 +01:00
mmetc 1ab4487b65
cscli hub list: show only non-empty tables with -o human 
* agent config: remove unused LintOnly bool
* Item.IsLocal() -> Item.State.IsLocal(); split method InstallStatus()
* cscli hub list: show only non-empty tables with -o human
 2023-12-05 13:38:52 +01:00
Laurence Jones 05c1825622
Add to dump after postoverflow so we can test within hubtest (#2511) 
Co-authored-by: Thibault "bui" Koechlin <thibault@crowdsec.net>
 2023-11-28 13:18:41 +00:00
mmetc ffcab0b2bc
Refactor hub management and cscli commands (#2545) 2023-11-24 15:57:32 +01:00
mmetc 9235f55c47
Refact pkg/cwhub (part 4) (#2518) 
* generalize function: GetInstalledItems, GetInstalledItemsAsString
* extracted function itemKey, happy path
* review comments / remove redundant; rename file to remove build tags
* remove unused fields in Item struct
* unix build tag
 2023-10-05 09:35:03 +02:00
Laurence Jones 702da0f59a
[enhancement] cscli explain --labels (#2461) 
* Add label support for explain and allow user to provide multiple labels

* Change my mind about empty string

* Add debug and im an idiot 😄
 2023-09-11 14:18:04 +01:00
mmetc b562103024
Make: build with debug symbols in func tests or if DEBUG=1; drop BUILD_VENDOR_FLAGS (#2443) 2023-08-28 15:58:26 +02:00
mmetc 2aa55e9444
move plugins/notifications/* to cmd/notification-* (#2429) 
This ensures keeping all dependencies in sync, and simplifies
packaging under freebsd/gentoo/etc because there is a single
vendor directory.
 2023-08-24 09:46:25 +02:00
mmetc caaed7c515
Timeout on shutdown while waiting for events to be flushed (#2423) 2023-08-16 21:03:15 +02:00
mmetc ffadd42779
update dependency on go-cs-lib; drop the pkg/ part (#2393) 2023-07-28 16:35:08 +02:00
mmetc 5cb7013575
Check cscli preconditions with crowdsec-cli/require package (#2388) 2023-07-27 17:02:20 +02:00
mmetc 1a6f12c88e
Build target for "make tidy" (#2378) 
The make tidy target runs "go mod tidy" in the root directory and all plugins.
 2023-07-26 10:24:37 +02:00
Manuel Sabban 9ac5aeda79
fix the ci by adding the ability to enforce event ordering (#2347) 
* fix the ci by adding the ability to enforce event ordering
 2023-07-20 11:41:30 +02:00
mmetc 3c16139c44
Reduce log verbosity at startup (#2363) 
A configuration syntax test is performed every time the service is
started from systemd. The resulting error, if any, is shown on
journalctl logs.
This PR removes the unnecessary output in crowdsec.log generated by the
configuration test.
 2023-07-19 13:28:52 +02:00
mmetc 9967d60987
errors.Wrap -> fmt.Errorf (#2333) 2023-07-06 10:14:45 +02:00
mmetc a910b7beca
non-fatal error if some datasource can't be run (i.e. journalctl but systemd is missing) (#2309) 
This on the other hand, gives a new fatal error when there are no valid datasources.
In the previous version, crowdsec kept running with just a warning if no
acquisition yaml or dir were specified.
 2023-06-27 10:13:13 +02:00
mmetc 62caffb102
update leakybucket readme (#2298) 2023-06-22 15:35:01 +02:00
mmetc fddf597040
errors.Wrap -> fmt.Errorf; clean up imports (#2297) 2023-06-22 15:01:34 +02:00
mmetc 4e2c9c185b
Implement "crowdsec -fatal" flag; change help message (#2266) 
The -trace...-fatal flags do not change the log destination but only the
verbosity. This change reflects that, and implements "-fatal" which was missing.
 2023-06-08 15:06:06 +02:00
mmetc 8da9d5eefd
don't log notification error if not running under systemd (#2274) 2023-06-08 15:04:48 +02:00
mmetc 9ccdddaab1
CI: refactor makefile for plugins and vendor target (#2256) 2023-06-05 23:15:18 +02:00
mmetc 2a8e97d558
show option -winsvc only under windows (#2258) 2023-06-05 13:49:31 +02:00
mmetc 1f9f81da70
makefiles: de-duplicate, simplify and remove unused code (#2222) 2023-05-25 10:32:05 +02:00
mmetc 534328ca30
decouple bouncer dependencies: use go-cs-lib/pkg/* (#2216) 
* decouple bouncer dependencies: use go-cs-lib/pkg/trace
* decouple bouncer dependencies: use go-cs-lib/pkg/version
* decouple bouncer dependencies: use go-cs-lib/pkg/yamlpatch
* decouple bouncer dependencies: use go-cs-lib/pkg/csstring
* unused import
 2023-05-23 10:52:47 +02:00
mmetc e1f5ed41df
Implement "cscli config show-yaml" (#2191) 2023-05-11 21:01:13 +02:00
mmetc 6b744884b0
Update deps to latest stable: go-systemd, tail, cobra, lumberjack, testify (#2164) 2023-04-12 16:58:11 +02:00
blotus 1e018bdaf8
Wait for both api and agent chans if necessary when daemonize is false or running on windows (#2155) 2023-04-04 15:16:48 +02:00
mmetc 38ab6be7c2
Allow feature.yml to change available subcommands (#2156) 2023-04-03 10:11:56 +02:00
mmetc ea6401ce09
CI: Static builds by default; replace bincover with go -cover from 1.20 (#2150) 
* Makefile: build static binaries only
* Replace bincover with go -cover from 1.20
* CI: Fix timing issue between lapi and agent containers
 2023-03-30 15:05:09 +02:00
blotus 61bea26486
Add transform configuration option for acquisition (#2144) 2023-03-29 16:04:17 +02:00
blotus 91eb39cff6
New PAPI commands: reauth + force_pull (#2129) 2023-03-21 14:06:19 +01:00
mmetc e161507d08
Lint (type inference): remove redundant type declarations (#2111) 2023-03-09 11:56:02 +01:00
Thibault "bui" Koechlin 5b0fe4b7f1
support for regexps result cache (#2104) 
* support for regexps result cache : gcache + xxhash

Co-authored-by: Marco Mariani <marco@crowdsec.net>
 2023-03-08 16:07:49 +01:00
mmetc a6bb2cf5e1
Fix log destination in one-shot mode (#2084) 2023-03-01 17:00:04 +01:00
Manuel Sabban 60b3f63851
ugly workaround to fix the tests (#2080) 
* ugly workaround to fix the tests

* add comments

---------

Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2023-02-28 17:05:11 +01:00
Manuel Sabban 39a4a256fd
fix the way acquisition is stopped (#2069) 
* fix the way acquisition is stopped by draining inputLineChan before terminating it.

---------

Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2023-02-27 11:21:25 +01:00
blotus 83c3818504
Do not try to refresh JWT token when doing a login request (#2059) 2023-02-16 16:16:26 +01:00
Thibault "bui" Koechlin e927717fa0
Polling API Integration (#1715) 
Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: he2ss <hamza.essahely@gmail.com>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
 2023-01-31 14:47:44 +01:00
mmetc d369656b26
agent: fix message when -dsn is provided without -type (#2009) 2023-01-20 16:14:26 +01:00
Thibault "bui" Koechlin 4f29ce2ee7
CTI API Helpers in expr (#1851) 
* Add CTI API helpers in expr
* Allow profiles to have an `on_error` option to profiles

Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
 2023-01-19 08:45:50 +01:00