beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
843 commits 83 branches 177 tags 151 MiB
Commit graph

321 commits

Author SHA1 Message Date
mmetc 40ab8fa738
Atoi() -> ParseInt() (#1256) 2022-02-14 14:00:42 +01:00
Shivam Sandbhor 76e3612088
Check log level before dumping resp (#1243) 
* Check log level before dumping resp
* Sleep longer in func tests

Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
 2022-02-08 15:40:01 +01:00
mmetc 5c7c12c62d
define cwversion.System (Platform) in "make static" too; show it with --version (#1238) 2022-02-04 13:02:45 +01:00
Thibault "bui" Koechlin dd53d19777
Make whitelist by expr debug level (#1236) 
* fix #616 : simply make it at debug level, so that the user can set his node to debug level if he really wants to see this. Otherwise it can be too spammy
 2022-02-03 17:04:18 +01:00
mmetc ad28a979e9
local control flow cleanup (#1215) 
removed redundant/unreachable returns, else branches, type declarations, unused variables
 2022-02-01 22:08:06 +01:00
mmetc 35eea39db7
allow Makefile to override /etc/crowdsec and /var/lib/crowdsec/data (#1221) 2022-02-01 10:34:53 +01:00
mmetc 8310c10ce3
console_config.yaml -> console.yaml (#1195) 2022-01-21 11:52:23 +01:00
mmetc 240e5ad3ab
remove trailing carriage return (#1194) 2022-01-21 11:35:21 +01:00
blotus 19323ba4aa
fix crash on upgrade with nil last push field (#1191) 2022-01-20 18:10:40 +01:00
AlteredCoder b93b8d9a2e
Support PGX (#1186) 
* Support PGX

* support sslmode
 2022-01-20 11:17:21 +01:00
Shivam Sandbhor 59a537514f
Check for errors before modifying proc attrs (#1181) 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
 2022-01-19 15:34:09 +01:00
Thibault "bui" Koechlin cc1ab8c50d
switch to utc time everywhere (#1167) 
* switch to utc time everywhere


Co-authored-by: alteredCoder <kevin@crowdsec.net>
 2022-01-19 14:56:05 +01:00
AlteredCoder b1a7ffb92f
fix postgreSQL count fail (#1184) 2022-01-19 14:50:53 +01:00
Thibault "bui" Koechlin c81fc87d4e
fix #1168 (#1179) 
* fix #1168
 2022-01-19 11:34:40 +01:00
Thibault "bui" Koechlin a88848009a
fix default perms for log file (#1177) 
* fix default perms
 2022-01-18 16:54:02 +01:00
Thibault "bui" Koechlin a17f150e5d
fix #1170 : display full message in debug mode when syslog cannot parse (#1176) 
* fix #1170 : display full message in debug mode when syslog cannot parse
 2022-01-18 09:54:01 +01:00
Thibault "bui" Koechlin 40ed810c0b
Gin upgrade (#1174) 
* upgrade gin / gin-jwt, and add a new 'trusted_proxies' option to provide trusted CIDRs
 2022-01-17 17:18:12 +01:00
Thibault "bui" Koechlin 6e92da76ad
lapi to capi : allow push of tainted/custom/manual decisions (#1154) 
* add console command to control signal sharing
* modify metrics endpoint to add lastpush

Co-authored-by: alteredCoder <kevin@crowdsec.net>
 2022-01-13 16:46:16 +01:00
blotus cc72800f50
Update LAPI swagger (#1155) 2022-01-11 16:45:34 +01:00
Thibault "bui" Koechlin 3bca25fd6d
lists support from central api (#1074) 
* lists support from central api

Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
 2022-01-11 14:31:51 +01:00
blotus 4a11060930
Kinesis datasource (#1147) 2022-01-11 14:19:43 +01:00
Thibault "bui" Koechlin 6c676c4869
fix #1131 : complain when validating unknown machine (#1146) 2022-01-05 13:50:04 +01:00
Shivam Sandbhor ba71c55492
Fix cscli inpsect json output (#1145) 
* Fix cscli inpsect json output
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
 2022-01-05 10:42:27 +01:00
Thibault "bui" Koechlin 8e3004ebb3
fix race condition on repetitive trigger buckets creation (#1144) 2022-01-04 14:02:07 +01:00
Shivam Sandbhor 6c4ec64ca9
Fix json output of cscli hub list (#1143) 
* Fix json output of cscli hub list
* Fix functional tests.

Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
 2022-01-04 11:49:23 +01:00
blotus f86ec1c389
Docker api version negotiation (#1135) 2021-12-30 12:21:49 +01:00
blotus 3105897f37
Allow to configure log rotation (#1130) 2021-12-28 11:59:03 +01:00
mmetc 7126f8f0ff
replaced &nbsp; (#1129) 2021-12-28 10:32:46 +01:00
AlteredCoder f86e0c0a5a
don't send decisions with negative duration to bouncers (#1117) 2021-12-21 10:23:30 +01:00
Sykursen 6a3adcff0e
Upgrade metabase to v41.5 (#1109) 2021-12-17 10:29:48 +01:00
Thibault "bui" Koechlin 106254f020
support for cancel_on (#1105) 
* cancel_on filter

* tests
 2021-12-17 09:56:02 +01:00
AlteredCoder d913ac160e
fix create alert bulk for decisions insertion (#1107) 
* fix create alert bulk for decisions insertion
 2021-12-16 18:26:19 +01:00
AlteredCoder 88d06260d7
add cscli decisions import (#1038) 
* add cscli decisions import

Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
Co-authored-by: bui <thibault@crowdsec.net>
 2021-12-15 11:39:37 +01:00
AlteredCoder 458dcd1979
add more helpers (#1091) 
* add more exprhelpers
 2021-12-14 11:07:40 +01:00
Thibault "bui" Koechlin e5204bc1b1
fix #1083 : do not update/overwrite 'not installed' collections sub-items on 'cscli XX upgrade' (#1089) 
* fix #1083 : do not update/overwrite 'not installed' collections sub-items on 'cscli XX upgrade'
 2021-12-13 19:31:16 +01:00
mmetc c7fb6a1428
enabled -> enabling (#1090) 2021-12-13 13:14:29 +01:00
Manuel Sabban 4e6f6fe3a2
log4j vuln fix for metabase (#1082) 
Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2021-12-13 10:19:20 +01:00
mmetc 7dee103b6e
typos of various nature (#1072) 2021-12-06 17:29:23 +01:00
AlteredCoder 4917aa23c9
Docker datasource (#1064) 
* add docker datasource
 2021-12-02 15:55:50 +01:00
blotus dd03d07355
optimize the flush function by deleting alerts based on their id (#1054) 2021-11-17 10:15:38 +01:00
he2ss 0652e9ed08
feature cscli|crowdsec add additional labels on crowdsec dsn run (#1053) 
* feature cscli|crowdsec add additional labels on crowdsec dsn run
 2021-11-17 10:08:46 +01:00
Thibault "bui" Koechlin 3c768490ba
fix #873 without breaking backward (#1052) 2021-11-15 14:16:18 +01:00
Kerma Gérald 37c2a10e21
Use math.MaxInt32 instead of math.MaxUint32 (#980) 
To fix 32 bits compilation in v1.2.0
https://github.com/crowdsecurity/crowdsec/issues/979

Signed-off-by: Kerma Gérald <gandalf@gk2.net>
 2021-11-15 12:14:04 +01:00
Thibault "bui" Koechlin 7362828a3b
add --failures to explain feature : only display failed lines (#1048) 
* add --failures to explain feature : only display failed lines

* no error no problem
 2021-11-08 18:01:43 +01:00
Thibault "bui" Koechlin 8b0527bf9d
add evt. (#1045) 2021-11-03 15:17:48 +01:00
AlteredCoder fb54388e93
Fix issue 1033 (#1034) 
* Fix issue 1033
 2021-11-02 12:16:33 +01:00
Thibault "bui" Koechlin d1ce543440
Improve explain (#1039) 
* improve explain feature

* nicer display for details, --verbose in favor of --debug for details
 2021-11-02 12:06:01 +01:00
Shivam Sandbhor cbada3d435
Allow using cloudwatch using iam role instead of hardcoded tokens (#1035) 2021-11-02 10:25:35 +01:00
mmetc f10187bd6d
typos (#1036) 2021-11-02 09:19:22 +01:00
Thibault "bui" Koechlin 2b2a11fec7
Extra syslog debug (#1030) 
* extra logging
 2021-11-01 20:55:03 +01:00
AlteredCoder cf57c89177
add name and alias in cscli console enroll (#950) 
* add name and alias in cscli console enroll
 2021-10-26 15:33:17 +02:00
blotus 25a2d528b0
Alerts flush: Optimization of the flush mechanism (batch and limit to one job) + add cscli alerts flush command (#1024) 
- Don't allow running more than one alert flush job at a time to prevent runaway CPU usage in some case. (fix High CPU after Upgrade to 1.2.0 #1022)
 - Add a cscli alerts flush command to manually flush the alerts in the database (fixes Improvement/Manual flush mechanism #1023 ).
 - Enable cascading deletion on alerts as we upgraded ent: Deleting an alert in the database will automatically delete all related decisions, events and meta
 - Add an index on alerts.id to try to improve flush performance with very big sqlite database.
- Flush alert now operates in batch
 2021-10-26 13:33:45 +02:00
Thibault "bui" Koechlin 3f99330b3d
Entgo 0.9 (#1018) 
* update entgo & sqlite to latest version

* schema update
 2021-10-22 16:15:57 +02:00
Shivam Sandbhor a7b1c02bd5
Fix bugs in cloudwatch acq (#991) 
* Fix bugs in cloudwatch acq

- Fix concurrent writes to map streamIndexes
- Fix multiple cases of modifying while iterating on slice.
- Fix order of fetching cloudwatch events.
- Remove `startup` hack.

Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>

* Fix cloudwatch tests

Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
 2021-10-22 10:35:05 +02:00
Thibault "bui" Koechlin 3bb2128bf4
fix sort :/ (#1007) 2021-10-12 19:16:24 +02:00
Thibault "bui" Koechlin 1bd6b8f7b9
Multiple fixes (#1006) 
* fix #1005 : timestamp in trigger timemachine buckets

* attempt at consistent bucket order for hubtest
 2021-10-12 14:09:17 +02:00
Thibault "bui" Koechlin 2961a0ed02
ensure machineID is included early enough into the alert (#1004) 2021-10-11 15:02:16 +02:00
blotus 2bc9f33e12
add ParseUri() expr helper (#994) 2021-10-08 16:50:31 +02:00
AlteredCoder 0ccc69696b
Break on success when alert already has decision (#997) (#999) 
* Break on success when alert already has decision (#997)

Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
 2021-10-05 11:30:34 +02:00
Thibault "bui" Koechlin af4bb350c0
hubtests revamp + cscli explain (#988) 
* New hubtest CI for scenarios/parsers from the hub
 * New `cscli explain` command to visualize parsers/scenarios pipeline

Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
Co-authored-by: he2ss <hamza.essahely@gmail.com>
Co-authored-by: Cristian Nitescu <cristian@crowdsec.net>
 2021-10-04 17:14:52 +02:00
Thibault "bui" Koechlin c2fd173d1e
fix node success logic (#993) 
* fix node success logic : only fail node on child failure if mother node has no successfull grok
 2021-09-28 17:58:07 +02:00
he2ss fb308d5596
fix plugins logging in right level (#990) 2021-09-28 14:44:21 +02:00
he2ss db5ffb0040
Update test env (#987) 
* update test_env
 2021-09-24 18:06:30 +02:00
blotus f0db3742de
fix usage of regex.Match in cloudwatch module (#986) 2021-09-23 13:52:05 +02:00
Shivam Sandbhor cca76da2d6
Fix crash if plugin config is broken (#964) 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
 2021-09-10 14:25:34 +02:00
he2ss e651379964
add jsonExtractUnescape Helper (#962) 
* add jsonExtractUnescape Helper
 2021-09-10 12:43:11 +02:00
AlteredCoder 5ae69aa293
fix stacktrace when mmdb file are not present (#935) 
* fix stacktrace when mmdb file are not present
 2021-09-09 16:27:30 +02:00
blotus 7a1b955ad1
use our fork of grokky (#953) 2021-09-09 14:46:16 +02:00
Shivam Sandbhor b8e24a1e0b
Make plugin runner configurable and run only registered plugins (#944) 
* Make plugin runner configurable and run only registered plugins
 2021-09-08 11:36:42 +02:00
Thibault "bui" Koechlin 0ad6165ed2
fix release drafter + readme + remove dead readme for acquis (#933) 2021-09-03 09:07:24 +02:00
Manuel Sabban d7d591ff84
update to use cdn for hub (#920) 
* update to use cdn for hub
* add cdn for version
* fix unit tests accodingly with new cdn

Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2021-09-02 15:17:37 +02:00
Thibault "bui" Koechlin bed90a832e
fix #919 : display error message (#929) 
* fix #919

* fix tests
 2021-09-02 12:46:32 +02:00
Thibault "bui" Koechlin 589cb72d41
enforce a bit more parsing for resillience (#928) 2021-09-02 12:34:20 +02:00
Shivam Sandbhor b40fd36607
Add plugin interface code in protobufs package (#921) 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
 2021-08-31 14:40:17 +02:00
Thibault "bui" Koechlin 68c11dd827
don't try to send/don't notify if plugin chan is nil (#923) 2021-08-31 14:39:32 +02:00
blotus b5d0d56a11
add support for --since in journalctl DSN (#917) 2021-08-31 12:40:22 +02:00
ThinkChaos 448a227079
Minor changes to specific logs (#900) 
- Minor changes to specific logs
- Fix LAPI to not push signals to CAPI when disabled #907
 2021-08-25 18:30:05 +02:00
Thibault "bui" Koechlin c188d401a3
Improve CAPI pull management (#871) 
* prepare for new consensus : thousands of ips

Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
 2021-08-25 11:45:29 +02:00
Thibault "bui" Koechlin 950759f6d6
Output plugins (#878) 
* Add plugin system for notifications (#857)
 2021-08-25 11:43:29 +02:00
Manuel Sabban 4dbbd4b3c4
Download datafile (#895) 
* add the ability to download datafile on cscli hub upgrade on files are missing
* fix stuff + lint
* fix error management

Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2021-08-19 09:08:20 +02:00
Shivam Sandbhor f64f20fd53
Document scope parameter for stream API (#897) 
Signed-off-by: Shivam Sandbhor <shivam@crowdsec.net>
 2021-08-18 16:05:56 +02:00
Nanik b0746fbc4d
fix: add /health endpoint (#881) 
* fix: add /health endpoint
 2021-08-18 09:06:01 +02:00
Thibault "bui" Koechlin 05ac3ca402
if profile is in debug, log debug even if it matched the profile (#894) 2021-08-17 16:50:16 +02:00
Thibault "bui" Koechlin 25ed1c265d
fix #885 : remove dead dependencies for plugin (#891) 2021-08-17 10:32:15 +02:00
Thibault "bui" Koechlin fc7369c4ea
Fix big serialized entries (#877) 
* bump serialized to 8k

* handle oversized serialized entry : progressively strip its size down
 2021-08-03 15:46:10 +02:00
Thibault "bui" Koechlin 01028d0a09
Goroutine leak hunt (#874) 
* close the writers of gin loggers + kill the tomb of httpServer

* body close defer
 2021-07-30 11:41:17 +02:00
blotus cedfca07c2
don't wait for acquis tomb if we have no sources (#868) 2021-07-28 08:58:44 +02:00
Thibault "bui" Koechlin b6ee006078
ensure decisions from CAPI have proper case (#848) 2021-07-02 11:23:46 +02:00
Thibault "bui" Koechlin 033c8e17e8
fix #842 #837 (#845) 
* fix #842 and move preflight checks tgth

* handle new container name

Co-authored-by: AlteredCoder <AlteredCoder>
 2021-07-01 18:15:22 +02:00
blotus 3994aec7fe
add console enroll command to cscli (#828) 2021-06-28 17:34:19 +02:00
Thibault "bui" Koechlin 7f0cac8ee6
add support for 'expression' (fix #822) in grok patterns (#830) 
* add support for 'expression' (fix #822) in grok patterns

* add tests
 2021-06-21 09:07:33 +02:00
Thibault "bui" Koechlin ce6a61df1c
Refactor Acquisition Interface (#773) 
* Add new acquisition interface + new modules (cloudwatch, syslog)

Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
 2021-06-11 09:53:53 +02:00
Thibault "bui" Koechlin 71c1d9431f
fix #823 : lower JsonExtract debug (#824) 
* lower key not found log level, fix #823
 2021-06-02 14:27:34 +02:00
Shivam Sandbhor f25d02a7c8
Allow bouncers to filter decisions by scope (#817) 
Signed-off-by: Shivam Sandbhor <shivam@crowdsec.net>
 2021-05-31 15:07:09 +02:00
Thibault "bui" Koechlin bf6b791420
fix #781 - avoid unconsistent body : do not send NbDeleted on error (#812) 2021-05-28 11:17:30 +02:00
blotus c1c76645a7
improve emoji for local configuration when listing (#811) 2021-05-28 11:11:53 +02:00
svesve 6693bff2f5
Add postgres sslmode option (#772) 
Co-authored-by: aleksandr.drozdin <aleksandr.drozdin@karuna.group>
 2021-05-19 17:03:23 +02:00
he2ss eb0bd70046
fix #787 : load simulation config at startup (#793) 
* fix #787 : load simulation config at startup
 2021-05-17 11:54:28 +02:00
Thibault "bui" Koechlin f881510f79
delete orphan nodes (fix #778) (#794) 
* delete orphan nodes (for #778 and partially #781)

* and do it as well for decisions
 2021-05-17 11:45:01 +02:00
AlteredCoder fd830b4293
Fix some bugs (#788) 
* fix config restore

* fix panic on middleware

Co-authored-by: AlteredCoder <AlteredCoder>
 2021-05-07 18:40:01 +02:00