diff options
| author | Kerma Gérald <gandalf@gk2.net> | 2021-07-29 17:36:58 +0200 |
|---|---|---|
| committer | Kerma Gérald <gandalf@gk2.net> | 2021-10-09 11:53:18 +0200 |
| commit | 8903d1b7ca403bcffaead372ac288213252d5d75 (patch) | |
| tree | 3012c8f49ff673368511ed7a580408e4e282693e /net | |
| parent | 6230feb790a5d5d4d5f239449158fdd4867586ee (diff) | |
crowdsec: initial package v1.2.0
/net/crowdsec/
Crowdsec - An open-source, lightweight agent to detect
and respond to bad behaviours.
It also automatically benefits from a global community-wide
IP reputation database.
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/crowdsec/Makefile | 153 | ||||
| -rw-r--r-- | net/crowdsec/files/crowdsec.config | 4 | ||||
| -rw-r--r-- | net/crowdsec/files/crowdsec.defaults | 26 | ||||
| -rwxr-xr-x | net/crowdsec/files/crowdsec.initd | 44 | ||||
| -rw-r--r-- | net/crowdsec/patches/001-fix_config_data_dir.patch | 20 | ||||
| -rw-r--r-- | net/crowdsec/patches/010-fix-32bits-compile.patch | 29 |
6 files changed, 276 insertions, 0 deletions
diff --git a/net/crowdsec/Makefile b/net/crowdsec/Makefile new file mode 100644 index 000000000..de22d2d4c --- /dev/null +++ b/net/crowdsec/Makefile @@ -0,0 +1,153 @@ +# SPDX-License-Identifier: MIT +# +# Copyright (C) 2021 Gerald Kerma +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=crowdsec +PKG_VERSION:=1.2.0 +PKG_RELEASE:=$(AUTORELEASE) + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/crowdsecurity/crowdsec +PKG_SOURCE_VERSION:=v$(PKG_VERSION) +PKG_SOURCE_DATE:=20210914 +PKG_MIRROR_HASH:=911af2c49c28596256c31ebb26b48c5ba9e6a0abdd46830e75e2cf4c0eff4256 + +PKG_LICENSE:=MIT +PKG_LICENSE_FILES:=LICENSE +PKG_MAINTAINER:=Gerald Kerma <gandalf@gk2.net> + +PKG_BUILD_DEPENDS:=golang/host +PKG_BUILD_PARALLEL:=1 +PKG_USE_MIPS16:=0 + +CWD_SYSTEM:=openwrt +CWD_BUILD_VERSION?=$(PKG_SOURCE_VERSION) +CWD_BUILD_GOVERSION:=$(shell go version | cut -d " " -f3 | sed -E 's/[go]+//g') +CWD_BUILD_CODENAME:=alphaga +CWD_BUILD_TIMESTAMP:=$(SOURCE_DATE_EPOCH) +CWD_BUILD_TAG:=openwrt + +CWD_VERSION_PKG:=github.com/crowdsecurity/crowdsec/pkg/cwversion + +GO_PKG:=github.com/crowdsecurity/crowdsec + +GO_PKG_LDFLAGS_X:=$(CWD_VERSION_PKG).Version=$(CWD_BUILD_VERSION) \ + $(CWD_VERSION_PKG).System=$(CWD_SYSTEM) \ + $(CWD_VERSION_PKG).BuildDate=$(CWD_BUILD_TIMESTAMP) \ + $(CWD_VERSION_PKG).Codename=$(CWD_BUILD_CODENAME) \ + $(CWD_VERSION_PKG).Tag=$(CWD_BUILD_TAG) \ + $(CWD_VERSION_PKG).GoVersion=$(CWD_BUILD_GOVERSION) + +GO_PKG_INSTALL_ALL:=1 + +include $(INCLUDE_DIR)/package.mk +include ../../lang/golang/golang-package.mk + +define Package/crowdsec/Default + SECTION:=net + CATEGORY:=Network + TITLE:=Crowdsec detection engine + URL:=https://crowdsec.net/ +endef + +define Package/crowdsec +$(call Package/crowdsec/Default) + DEPENDS:=$(GO_ARCH_DEPENDS) +endef + +define Package/golang-crowdsec-dev +$(call Package/crowdsec/Default) +$(call GoPackage/GoSubMenu) + TITLE+= (source files) + DEPENDS:=$(GO_ARCH_DEPENDS) + PKGARCH:=all +endef + +define Package/crowdsec/Default/description + Crowdsec - An open-source, lightweight agent to detect + and respond to bad behaviours. + It also automatically benefits from a global + community-wide IP reputation database. +endef + +define Package/crowdsec/description +$(call Package/crowdsec/Default/description) + + This package contains the main program. +endef + +define Package/golang-crowdsec-dev/description +$(call Package/crowdsec/Default/description) + + This package provides the source files for the program. +endef + +define Package/crowdsec/install + $(call GoPackage/Package/Install/Bin,$(1)) + + $(INSTALL_DIR) $(1)/etc/crowdsec + $(INSTALL_DIR) $(1)/etc/crowdsec/scenarios + $(INSTALL_DIR) $(1)/etc/crowdsec/postoverflows + $(INSTALL_DIR) $(1)/etc/crowdsec/collections + $(INSTALL_DIR) $(1)/etc/crowdsec/patterns + $(INSTALL_DIR) $(1)/etc/crowdsec/hub + + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/config.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/dev.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/user.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/acquis.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/profiles.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/simulation.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/local_api_credentials.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/online_api_credentials.yaml \ + $(1)/etc/crowdsec + + $(CP) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/patterns/* \ + $(1)/etc/crowdsec/patterns + + $(INSTALL_DIR) $(1)/srv/crowdsec/data/ + + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) \ + ./files/crowdsec.initd \ + $(1)/etc/init.d/crowdsec + + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) \ + ./files/crowdsec.config \ + $(1)/etc/config/crowdsec + + $(LN) /usr/bin/crowdsec-cli $(1)/usr/bin/cscli + + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_BIN) \ + ./files/crowdsec.defaults \ + $(1)/etc/uci-defaults/99_crowdsec +endef + +define Package/crowdsec/conffiles +/etc/crowdsec/ +/etc/config/crowdsec +endef + +$(eval $(call GoBinPackage,crowdsec)) +$(eval $(call BuildPackage,crowdsec)) diff --git a/net/crowdsec/files/crowdsec.config b/net/crowdsec/files/crowdsec.config new file mode 100644 index 000000000..2cfe57578 --- /dev/null +++ b/net/crowdsec/files/crowdsec.config @@ -0,0 +1,4 @@ +config crowdsec 'crowdsec' + option data_dir '/srv/crowdsec/data' + option db_path '/srv/crowdsec/data/crowdsec.db' + diff --git a/net/crowdsec/files/crowdsec.defaults b/net/crowdsec/files/crowdsec.defaults new file mode 100644 index 000000000..235061671 --- /dev/null +++ b/net/crowdsec/files/crowdsec.defaults @@ -0,0 +1,26 @@ +#!/bin/sh + +CONFIG=/etc/crowdsec/config.yaml +data_dir=`uci get "crowdsec.crowdsec.data_dir"` +sed -i "s,^\(\s*data_dir\s*:\s*\).*\$,\1$data_dir," $CONFIG +db_path=`uci get "crowdsec.crowdsec.db_path"` +sed -i "s,^\(\s*db_path\s*:\s*\).*\$,\1$db_path," $CONFIG + +# Create data dir & permissions if needed +if [ ! -d "${data_dir}" ]; then + mkdir -m 0755 -p "${data_dir}" +fi; + +if grep -q "login:" /etc/crowdsec/local_api_credentials.yaml; then + echo local API already registered... +else + cscli -c /etc/crowdsec/config.yaml machines add -a -f /etc/crowdsec/local_api_credentials.yaml +fi +if [ -s /etc/crowdsec/online_api_credentials.yaml ]; then + echo online API already registered... +else + cscli -c /etc/crowdsec/config.yaml capi register -f /etc/crowdsec/online_api_credentials.yaml +fi +cscli hub update && cscli collections install crowdsecurity/linux && cscli parsers install crowdsecurity/whitelists && cscli hub upgrade + +exit 0 diff --git a/net/crowdsec/files/crowdsec.initd b/net/crowdsec/files/crowdsec.initd new file mode 100755 index 000000000..81beac355 --- /dev/null +++ b/net/crowdsec/files/crowdsec.initd @@ -0,0 +1,44 @@ +#!/bin/sh /etc/rc.common +# (C) 2021 Gerald Kerma + +START=99 +USE_PROCD=1 +NAME=crowdsec +PROG=/usr/bin/crowdsec +CONFIG=/etc/crowdsec/config.yaml +RUNCONFDIR=/srv/crowdsec/data +VARCONFIGDIR=/var/etc/crowdsec +VARCONFIG=/var/etc/crowdsec/config.yaml + +service_triggers() { + procd_add_reload_trigger crowdsec +} + +init_config() { + config_load crowdsec + config_get data_dir crowdsec data_dir "${RUNCONFDIR}" + config_get db_path crowdsec db_path "${RUNCONFDIR}/crowdsec.db" + + # Create tmp dir & permissions if needed + if [ ! -d "${VARCONFIGDIR}" ]; then + mkdir -m 0755 -p "${VARCONFIGDIR}" + fi; + + cp $CONFIG $VARCONFIG + + sed -i "s,^\(\s*data_dir\s*:\s*\).*\$,\1$data_dir," $VARCONFIG + sed -i "s,^\(\s*db_path\s*:\s*\).*\$,\1$db_path," $VARCONFIG + + # Create data dir & permissions if needed + if [ ! -d "${RUNCONFDIR}" ]; then + mkdir -m 0755 -p "${RUNCONFDIR}" + fi; +} + +start_service() { + init_config + + procd_open_instance + procd_set_param command "$PROG" -c "$VARCONFIG" + procd_close_instance +} diff --git a/net/crowdsec/patches/001-fix_config_data_dir.patch b/net/crowdsec/patches/001-fix_config_data_dir.patch new file mode 100644 index 000000000..9ab65ae2a --- /dev/null +++ b/net/crowdsec/patches/001-fix_config_data_dir.patch @@ -0,0 +1,20 @@ +--- a/config/config.yaml ++++ b/config/config.yaml +@@ -7,7 +7,7 @@ common: + working_dir: . + config_paths: + config_dir: /etc/crowdsec/ +- data_dir: /var/lib/crowdsec/data/ ++ data_dir: /srv/crowdsec/data/ + simulation_path: /etc/crowdsec/simulation.yaml + hub_dir: /etc/crowdsec/hub/ + index_path: /etc/crowdsec/hub/.index.json +@@ -21,7 +21,7 @@ cscli: + db_config: + log_level: info + type: sqlite +- db_path: /var/lib/crowdsec/data/crowdsec.db ++ db_path: /srv/crowdsec/data/crowdsec.db + #user: + #password: + #db_name: diff --git a/net/crowdsec/patches/010-fix-32bits-compile.patch b/net/crowdsec/patches/010-fix-32bits-compile.patch new file mode 100644 index 000000000..58426826c --- /dev/null +++ b/net/crowdsec/patches/010-fix-32bits-compile.patch @@ -0,0 +1,29 @@ +Author: Kerma Gérald <gandalf@gk2.net> +Date: Mon Sep 20 10:34:20 2021 +0200 + + Use math.MaxInt32 instead of math.MaxUint32 + + To fix 32 bits compilation in v1.2.0 + https://github.com/crowdsecurity/crowdsec/issues/979 + + Signed-off-by: Kerma Gérald <gandalf@gk2.net> + +--- a/pkg/csplugin/broker.go ++++ b/pkg/csplugin/broker.go +@@ -400,14 +400,14 @@ func getProccessAtr(username string, gro + if err != nil { + return nil, err + } +- if uid < 0 && uid > math.MaxUint32 { ++ if uid < 0 && uid > math.MaxInt32 { + return nil, fmt.Errorf("out of bound uid") + } + gid, err := strconv.Atoi(g.Gid) + if err != nil { + return nil, err + } +- if gid < 0 && gid > math.MaxUint32 { ++ if gid < 0 && gid > math.MaxInt32 { + return nil, fmt.Errorf("out of bound gid") + } + return &syscall.SysProcAttr{ |