a19748ae35
If you use a ./test/local directory, you need to create it again: $ make clean bats-build bats-fixture
89 lines
1.8 KiB
YAML
89 lines
1.8 KiB
YAML
# TODO: windows, use_time_machine, event support (see https://hub.crowdsec.net/author/crowdsecurity/collections/iis)
|
|
|
|
---
|
|
version: 1.0
|
|
|
|
detect:
|
|
apache2:
|
|
when:
|
|
- ProcessRunning("apache2")
|
|
install:
|
|
collections:
|
|
- crowdsecurity/apache2
|
|
datasource:
|
|
source: file
|
|
labels:
|
|
type: apache2
|
|
filenames:
|
|
- /var/log/apache2/*.log
|
|
- /var/log/*http*/*.log
|
|
- /var/log/httpd/*.log
|
|
|
|
apache2-systemd:
|
|
when:
|
|
- UnitFound("apache2.service")
|
|
- OS.ID != "centos"
|
|
install:
|
|
collections:
|
|
- crowdsecurity/apache2
|
|
datasource:
|
|
source: journalctl
|
|
journalctl_filter:
|
|
- "_SYSTEMD_UNIT=mock-apache2.service"
|
|
labels:
|
|
type: apache2
|
|
|
|
apache2-systemd-centos:
|
|
when:
|
|
- UnitFound("httpd.service")
|
|
- OS.ID == "centos"
|
|
install:
|
|
collections:
|
|
- crowdsecurity/apache2
|
|
datasource:
|
|
source: journalctl
|
|
journalctl_filter:
|
|
- "_SYSTEMD_UNIT=httpd.service"
|
|
|
|
ssh-systemd:
|
|
when:
|
|
- UnitFound("ssh.service") or UnitFound("ssh.socket")
|
|
install:
|
|
collections:
|
|
- crowdsecurity/apache2
|
|
datasource:
|
|
source: journalctl
|
|
journalctl_filter:
|
|
- "_SYSTEMD_UNIT=ssh.service"
|
|
labels:
|
|
type: syslog
|
|
|
|
linux:
|
|
when:
|
|
- OS.Family == "linux"
|
|
install:
|
|
collections:
|
|
- crowdsecurity/linux
|
|
datasource:
|
|
source: file
|
|
labels:
|
|
type: syslog
|
|
filenames:
|
|
- /var/log/syslog
|
|
- /var/log/kern.log
|
|
- /var/log/messages
|
|
|
|
freebsd:
|
|
when:
|
|
- OS.Family == "freebsd"
|
|
install:
|
|
collections:
|
|
- crowdsecurity/freebsd
|
|
|
|
windows:
|
|
when:
|
|
- OS.Family == "windows"
|
|
install:
|
|
collections:
|
|
- crowdsecurity/windows
|