Browse Source

crowdsec: initial package v1.2.0

/net/crowdsec/

Crowdsec - An open-source, lightweight agent to detect
 and respond to bad behaviours.
 It also automatically benefits from a global community-wide
 IP reputation database.

Signed-off-by: Kerma Gérald <gandalf@gk2.net>
lilik-openwrt-22.03
Kerma Gérald 3 years ago
parent
commit
8903d1b7ca
6 changed files with 276 additions and 0 deletions
  1. +153
    -0
      net/crowdsec/Makefile
  2. +4
    -0
      net/crowdsec/files/crowdsec.config
  3. +26
    -0
      net/crowdsec/files/crowdsec.defaults
  4. +44
    -0
      net/crowdsec/files/crowdsec.initd
  5. +20
    -0
      net/crowdsec/patches/001-fix_config_data_dir.patch
  6. +29
    -0
      net/crowdsec/patches/010-fix-32bits-compile.patch

+ 153
- 0
net/crowdsec/Makefile View File

@ -0,0 +1,153 @@
# SPDX-License-Identifier: MIT
#
# Copyright (C) 2021 Gerald Kerma
#
include $(TOPDIR)/rules.mk
PKG_NAME:=crowdsec
PKG_VERSION:=1.2.0
PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/crowdsecurity/crowdsec
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_SOURCE_DATE:=20210914
PKG_MIRROR_HASH:=911af2c49c28596256c31ebb26b48c5ba9e6a0abdd46830e75e2cf4c0eff4256
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Gerald Kerma <gandalf@gk2.net>
PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
PKG_USE_MIPS16:=0
CWD_SYSTEM:=openwrt
CWD_BUILD_VERSION?=$(PKG_SOURCE_VERSION)
CWD_BUILD_GOVERSION:=$(shell go version | cut -d " " -f3 | sed -E 's/[go]+//g')
CWD_BUILD_CODENAME:=alphaga
CWD_BUILD_TIMESTAMP:=$(SOURCE_DATE_EPOCH)
CWD_BUILD_TAG:=openwrt
CWD_VERSION_PKG:=github.com/crowdsecurity/crowdsec/pkg/cwversion
GO_PKG:=github.com/crowdsecurity/crowdsec
GO_PKG_LDFLAGS_X:=$(CWD_VERSION_PKG).Version=$(CWD_BUILD_VERSION) \
$(CWD_VERSION_PKG).System=$(CWD_SYSTEM) \
$(CWD_VERSION_PKG).BuildDate=$(CWD_BUILD_TIMESTAMP) \
$(CWD_VERSION_PKG).Codename=$(CWD_BUILD_CODENAME) \
$(CWD_VERSION_PKG).Tag=$(CWD_BUILD_TAG) \
$(CWD_VERSION_PKG).GoVersion=$(CWD_BUILD_GOVERSION)
GO_PKG_INSTALL_ALL:=1
include $(INCLUDE_DIR)/package.mk
include ../../lang/golang/golang-package.mk
define Package/crowdsec/Default
SECTION:=net
CATEGORY:=Network
TITLE:=Crowdsec detection engine
URL:=https://crowdsec.net/
endef
define Package/crowdsec
$(call Package/crowdsec/Default)
DEPENDS:=$(GO_ARCH_DEPENDS)
endef
define Package/golang-crowdsec-dev
$(call Package/crowdsec/Default)
$(call GoPackage/GoSubMenu)
TITLE+= (source files)
DEPENDS:=$(GO_ARCH_DEPENDS)
PKGARCH:=all
endef
define Package/crowdsec/Default/description
Crowdsec - An open-source, lightweight agent to detect
and respond to bad behaviours.
It also automatically benefits from a global
community-wide IP reputation database.
endef
define Package/crowdsec/description
$(call Package/crowdsec/Default/description)
This package contains the main program.
endef
define Package/golang-crowdsec-dev/description
$(call Package/crowdsec/Default/description)
This package provides the source files for the program.
endef
define Package/crowdsec/install
$(call GoPackage/Package/Install/Bin,$(1))
$(INSTALL_DIR) $(1)/etc/crowdsec
$(INSTALL_DIR) $(1)/etc/crowdsec/scenarios
$(INSTALL_DIR) $(1)/etc/crowdsec/postoverflows
$(INSTALL_DIR) $(1)/etc/crowdsec/collections
$(INSTALL_DIR) $(1)/etc/crowdsec/patterns
$(INSTALL_DIR) $(1)/etc/crowdsec/hub
$(INSTALL_DATA) \
$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/config.yaml \
$(1)/etc/crowdsec
$(INSTALL_DATA) \
$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/dev.yaml \
$(1)/etc/crowdsec
$(INSTALL_DATA) \
$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/user.yaml \
$(1)/etc/crowdsec
$(INSTALL_DATA) \
$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/acquis.yaml \
$(1)/etc/crowdsec
$(INSTALL_DATA) \
$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/profiles.yaml \
$(1)/etc/crowdsec
$(INSTALL_DATA) \
$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/simulation.yaml \
$(1)/etc/crowdsec
$(INSTALL_DATA) \
$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/local_api_credentials.yaml \
$(1)/etc/crowdsec
$(INSTALL_DATA) \
$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/online_api_credentials.yaml \
$(1)/etc/crowdsec
$(CP) \
$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/patterns/* \
$(1)/etc/crowdsec/patterns
$(INSTALL_DIR) $(1)/srv/crowdsec/data/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) \
./files/crowdsec.initd \
$(1)/etc/init.d/crowdsec
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) \
./files/crowdsec.config \
$(1)/etc/config/crowdsec
$(LN) /usr/bin/crowdsec-cli $(1)/usr/bin/cscli
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) \
./files/crowdsec.defaults \
$(1)/etc/uci-defaults/99_crowdsec
endef
define Package/crowdsec/conffiles
/etc/crowdsec/
/etc/config/crowdsec
endef
$(eval $(call GoBinPackage,crowdsec))
$(eval $(call BuildPackage,crowdsec))

+ 4
- 0
net/crowdsec/files/crowdsec.config View File

@ -0,0 +1,4 @@
config crowdsec 'crowdsec'
option data_dir '/srv/crowdsec/data'
option db_path '/srv/crowdsec/data/crowdsec.db'

+ 26
- 0
net/crowdsec/files/crowdsec.defaults View File

@ -0,0 +1,26 @@
#!/bin/sh
CONFIG=/etc/crowdsec/config.yaml
data_dir=`uci get "crowdsec.crowdsec.data_dir"`
sed -i "s,^\(\s*data_dir\s*:\s*\).*\$,\1$data_dir," $CONFIG
db_path=`uci get "crowdsec.crowdsec.db_path"`
sed -i "s,^\(\s*db_path\s*:\s*\).*\$,\1$db_path," $CONFIG
# Create data dir & permissions if needed
if [ ! -d "${data_dir}" ]; then
mkdir -m 0755 -p "${data_dir}"
fi;
if grep -q "login:" /etc/crowdsec/local_api_credentials.yaml; then
echo local API already registered...
else
cscli -c /etc/crowdsec/config.yaml machines add -a -f /etc/crowdsec/local_api_credentials.yaml
fi
if [ -s /etc/crowdsec/online_api_credentials.yaml ]; then
echo online API already registered...
else
cscli -c /etc/crowdsec/config.yaml capi register -f /etc/crowdsec/online_api_credentials.yaml
fi
cscli hub update && cscli collections install crowdsecurity/linux && cscli parsers install crowdsecurity/whitelists && cscli hub upgrade
exit 0

+ 44
- 0
net/crowdsec/files/crowdsec.initd View File

@ -0,0 +1,44 @@
#!/bin/sh /etc/rc.common
# (C) 2021 Gerald Kerma
START=99
USE_PROCD=1
NAME=crowdsec
PROG=/usr/bin/crowdsec
CONFIG=/etc/crowdsec/config.yaml
RUNCONFDIR=/srv/crowdsec/data
VARCONFIGDIR=/var/etc/crowdsec
VARCONFIG=/var/etc/crowdsec/config.yaml
service_triggers() {
procd_add_reload_trigger crowdsec
}
init_config() {
config_load crowdsec
config_get data_dir crowdsec data_dir "${RUNCONFDIR}"
config_get db_path crowdsec db_path "${RUNCONFDIR}/crowdsec.db"
# Create tmp dir & permissions if needed
if [ ! -d "${VARCONFIGDIR}" ]; then
mkdir -m 0755 -p "${VARCONFIGDIR}"
fi;
cp $CONFIG $VARCONFIG
sed -i "s,^\(\s*data_dir\s*:\s*\).*\$,\1$data_dir," $VARCONFIG
sed -i "s,^\(\s*db_path\s*:\s*\).*\$,\1$db_path," $VARCONFIG
# Create data dir & permissions if needed
if [ ! -d "${RUNCONFDIR}" ]; then
mkdir -m 0755 -p "${RUNCONFDIR}"
fi;
}
start_service() {
init_config
procd_open_instance
procd_set_param command "$PROG" -c "$VARCONFIG"
procd_close_instance
}

+ 20
- 0
net/crowdsec/patches/001-fix_config_data_dir.patch View File

@ -0,0 +1,20 @@
--- a/config/config.yaml
+++ b/config/config.yaml
@@ -7,7 +7,7 @@ common:
working_dir: .
config_paths:
config_dir: /etc/crowdsec/
- data_dir: /var/lib/crowdsec/data/
+ data_dir: /srv/crowdsec/data/
simulation_path: /etc/crowdsec/simulation.yaml
hub_dir: /etc/crowdsec/hub/
index_path: /etc/crowdsec/hub/.index.json
@@ -21,7 +21,7 @@ cscli:
db_config:
log_level: info
type: sqlite
- db_path: /var/lib/crowdsec/data/crowdsec.db
+ db_path: /srv/crowdsec/data/crowdsec.db
#user:
#password:
#db_name:

+ 29
- 0
net/crowdsec/patches/010-fix-32bits-compile.patch View File

@ -0,0 +1,29 @@
Author: Kerma Gérald <gandalf@gk2.net>
Date: Mon Sep 20 10:34:20 2021 +0200
Use math.MaxInt32 instead of math.MaxUint32
To fix 32 bits compilation in v1.2.0
https://github.com/crowdsecurity/crowdsec/issues/979
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
--- a/pkg/csplugin/broker.go
+++ b/pkg/csplugin/broker.go
@@ -400,14 +400,14 @@ func getProccessAtr(username string, gro
if err != nil {
return nil, err
}
- if uid < 0 && uid > math.MaxUint32 {
+ if uid < 0 && uid > math.MaxInt32 {
return nil, fmt.Errorf("out of bound uid")
}
gid, err := strconv.Atoi(g.Gid)
if err != nil {
return nil, err
}
- if gid < 0 && gid > math.MaxUint32 {
+ if gid < 0 && gid > math.MaxInt32 {
return nil, fmt.Errorf("out of bound gid")
}
return &syscall.SysProcAttr{

Loading…
Cancel
Save