From 8903d1b7ca403bcffaead372ac288213252d5d75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kerma=20G=C3=A9rald?= Date: Thu, 29 Jul 2021 17:36:58 +0200 Subject: [PATCH] crowdsec: initial package v1.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit /net/crowdsec/ Crowdsec - An open-source, lightweight agent to detect and respond to bad behaviours. It also automatically benefits from a global community-wide IP reputation database. Signed-off-by: Kerma Gérald --- net/crowdsec/Makefile | 153 ++++++++++++++++++ net/crowdsec/files/crowdsec.config | 4 + net/crowdsec/files/crowdsec.defaults | 26 +++ net/crowdsec/files/crowdsec.initd | 44 +++++ .../patches/001-fix_config_data_dir.patch | 20 +++ .../patches/010-fix-32bits-compile.patch | 29 ++++ 6 files changed, 276 insertions(+) create mode 100644 net/crowdsec/Makefile create mode 100644 net/crowdsec/files/crowdsec.config create mode 100644 net/crowdsec/files/crowdsec.defaults create mode 100755 net/crowdsec/files/crowdsec.initd create mode 100644 net/crowdsec/patches/001-fix_config_data_dir.patch create mode 100644 net/crowdsec/patches/010-fix-32bits-compile.patch diff --git a/net/crowdsec/Makefile b/net/crowdsec/Makefile new file mode 100644 index 000000000..de22d2d4c --- /dev/null +++ b/net/crowdsec/Makefile @@ -0,0 +1,153 @@ +# SPDX-License-Identifier: MIT +# +# Copyright (C) 2021 Gerald Kerma +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=crowdsec +PKG_VERSION:=1.2.0 +PKG_RELEASE:=$(AUTORELEASE) + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/crowdsecurity/crowdsec +PKG_SOURCE_VERSION:=v$(PKG_VERSION) +PKG_SOURCE_DATE:=20210914 +PKG_MIRROR_HASH:=911af2c49c28596256c31ebb26b48c5ba9e6a0abdd46830e75e2cf4c0eff4256 + +PKG_LICENSE:=MIT +PKG_LICENSE_FILES:=LICENSE +PKG_MAINTAINER:=Gerald Kerma + +PKG_BUILD_DEPENDS:=golang/host +PKG_BUILD_PARALLEL:=1 +PKG_USE_MIPS16:=0 + +CWD_SYSTEM:=openwrt +CWD_BUILD_VERSION?=$(PKG_SOURCE_VERSION) +CWD_BUILD_GOVERSION:=$(shell go version | cut -d " " -f3 | sed -E 's/[go]+//g') +CWD_BUILD_CODENAME:=alphaga +CWD_BUILD_TIMESTAMP:=$(SOURCE_DATE_EPOCH) +CWD_BUILD_TAG:=openwrt + +CWD_VERSION_PKG:=github.com/crowdsecurity/crowdsec/pkg/cwversion + +GO_PKG:=github.com/crowdsecurity/crowdsec + +GO_PKG_LDFLAGS_X:=$(CWD_VERSION_PKG).Version=$(CWD_BUILD_VERSION) \ + $(CWD_VERSION_PKG).System=$(CWD_SYSTEM) \ + $(CWD_VERSION_PKG).BuildDate=$(CWD_BUILD_TIMESTAMP) \ + $(CWD_VERSION_PKG).Codename=$(CWD_BUILD_CODENAME) \ + $(CWD_VERSION_PKG).Tag=$(CWD_BUILD_TAG) \ + $(CWD_VERSION_PKG).GoVersion=$(CWD_BUILD_GOVERSION) + +GO_PKG_INSTALL_ALL:=1 + +include $(INCLUDE_DIR)/package.mk +include ../../lang/golang/golang-package.mk + +define Package/crowdsec/Default + SECTION:=net + CATEGORY:=Network + TITLE:=Crowdsec detection engine + URL:=https://crowdsec.net/ +endef + +define Package/crowdsec +$(call Package/crowdsec/Default) + DEPENDS:=$(GO_ARCH_DEPENDS) +endef + +define Package/golang-crowdsec-dev +$(call Package/crowdsec/Default) +$(call GoPackage/GoSubMenu) + TITLE+= (source files) + DEPENDS:=$(GO_ARCH_DEPENDS) + PKGARCH:=all +endef + +define Package/crowdsec/Default/description + Crowdsec - An open-source, lightweight agent to detect + and respond to bad behaviours. + It also automatically benefits from a global + community-wide IP reputation database. +endef + +define Package/crowdsec/description +$(call Package/crowdsec/Default/description) + + This package contains the main program. +endef + +define Package/golang-crowdsec-dev/description +$(call Package/crowdsec/Default/description) + + This package provides the source files for the program. +endef + +define Package/crowdsec/install + $(call GoPackage/Package/Install/Bin,$(1)) + + $(INSTALL_DIR) $(1)/etc/crowdsec + $(INSTALL_DIR) $(1)/etc/crowdsec/scenarios + $(INSTALL_DIR) $(1)/etc/crowdsec/postoverflows + $(INSTALL_DIR) $(1)/etc/crowdsec/collections + $(INSTALL_DIR) $(1)/etc/crowdsec/patterns + $(INSTALL_DIR) $(1)/etc/crowdsec/hub + + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/config.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/dev.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/user.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/acquis.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/profiles.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/simulation.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/local_api_credentials.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/online_api_credentials.yaml \ + $(1)/etc/crowdsec + + $(CP) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/patterns/* \ + $(1)/etc/crowdsec/patterns + + $(INSTALL_DIR) $(1)/srv/crowdsec/data/ + + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) \ + ./files/crowdsec.initd \ + $(1)/etc/init.d/crowdsec + + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) \ + ./files/crowdsec.config \ + $(1)/etc/config/crowdsec + + $(LN) /usr/bin/crowdsec-cli $(1)/usr/bin/cscli + + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_BIN) \ + ./files/crowdsec.defaults \ + $(1)/etc/uci-defaults/99_crowdsec +endef + +define Package/crowdsec/conffiles +/etc/crowdsec/ +/etc/config/crowdsec +endef + +$(eval $(call GoBinPackage,crowdsec)) +$(eval $(call BuildPackage,crowdsec)) diff --git a/net/crowdsec/files/crowdsec.config b/net/crowdsec/files/crowdsec.config new file mode 100644 index 000000000..2cfe57578 --- /dev/null +++ b/net/crowdsec/files/crowdsec.config @@ -0,0 +1,4 @@ +config crowdsec 'crowdsec' + option data_dir '/srv/crowdsec/data' + option db_path '/srv/crowdsec/data/crowdsec.db' + diff --git a/net/crowdsec/files/crowdsec.defaults b/net/crowdsec/files/crowdsec.defaults new file mode 100644 index 000000000..235061671 --- /dev/null +++ b/net/crowdsec/files/crowdsec.defaults @@ -0,0 +1,26 @@ +#!/bin/sh + +CONFIG=/etc/crowdsec/config.yaml +data_dir=`uci get "crowdsec.crowdsec.data_dir"` +sed -i "s,^\(\s*data_dir\s*:\s*\).*\$,\1$data_dir," $CONFIG +db_path=`uci get "crowdsec.crowdsec.db_path"` +sed -i "s,^\(\s*db_path\s*:\s*\).*\$,\1$db_path," $CONFIG + +# Create data dir & permissions if needed +if [ ! -d "${data_dir}" ]; then + mkdir -m 0755 -p "${data_dir}" +fi; + +if grep -q "login:" /etc/crowdsec/local_api_credentials.yaml; then + echo local API already registered... +else + cscli -c /etc/crowdsec/config.yaml machines add -a -f /etc/crowdsec/local_api_credentials.yaml +fi +if [ -s /etc/crowdsec/online_api_credentials.yaml ]; then + echo online API already registered... +else + cscli -c /etc/crowdsec/config.yaml capi register -f /etc/crowdsec/online_api_credentials.yaml +fi +cscli hub update && cscli collections install crowdsecurity/linux && cscli parsers install crowdsecurity/whitelists && cscli hub upgrade + +exit 0 diff --git a/net/crowdsec/files/crowdsec.initd b/net/crowdsec/files/crowdsec.initd new file mode 100755 index 000000000..81beac355 --- /dev/null +++ b/net/crowdsec/files/crowdsec.initd @@ -0,0 +1,44 @@ +#!/bin/sh /etc/rc.common +# (C) 2021 Gerald Kerma + +START=99 +USE_PROCD=1 +NAME=crowdsec +PROG=/usr/bin/crowdsec +CONFIG=/etc/crowdsec/config.yaml +RUNCONFDIR=/srv/crowdsec/data +VARCONFIGDIR=/var/etc/crowdsec +VARCONFIG=/var/etc/crowdsec/config.yaml + +service_triggers() { + procd_add_reload_trigger crowdsec +} + +init_config() { + config_load crowdsec + config_get data_dir crowdsec data_dir "${RUNCONFDIR}" + config_get db_path crowdsec db_path "${RUNCONFDIR}/crowdsec.db" + + # Create tmp dir & permissions if needed + if [ ! -d "${VARCONFIGDIR}" ]; then + mkdir -m 0755 -p "${VARCONFIGDIR}" + fi; + + cp $CONFIG $VARCONFIG + + sed -i "s,^\(\s*data_dir\s*:\s*\).*\$,\1$data_dir," $VARCONFIG + sed -i "s,^\(\s*db_path\s*:\s*\).*\$,\1$db_path," $VARCONFIG + + # Create data dir & permissions if needed + if [ ! -d "${RUNCONFDIR}" ]; then + mkdir -m 0755 -p "${RUNCONFDIR}" + fi; +} + +start_service() { + init_config + + procd_open_instance + procd_set_param command "$PROG" -c "$VARCONFIG" + procd_close_instance +} diff --git a/net/crowdsec/patches/001-fix_config_data_dir.patch b/net/crowdsec/patches/001-fix_config_data_dir.patch new file mode 100644 index 000000000..9ab65ae2a --- /dev/null +++ b/net/crowdsec/patches/001-fix_config_data_dir.patch @@ -0,0 +1,20 @@ +--- a/config/config.yaml ++++ b/config/config.yaml +@@ -7,7 +7,7 @@ common: + working_dir: . + config_paths: + config_dir: /etc/crowdsec/ +- data_dir: /var/lib/crowdsec/data/ ++ data_dir: /srv/crowdsec/data/ + simulation_path: /etc/crowdsec/simulation.yaml + hub_dir: /etc/crowdsec/hub/ + index_path: /etc/crowdsec/hub/.index.json +@@ -21,7 +21,7 @@ cscli: + db_config: + log_level: info + type: sqlite +- db_path: /var/lib/crowdsec/data/crowdsec.db ++ db_path: /srv/crowdsec/data/crowdsec.db + #user: + #password: + #db_name: diff --git a/net/crowdsec/patches/010-fix-32bits-compile.patch b/net/crowdsec/patches/010-fix-32bits-compile.patch new file mode 100644 index 000000000..58426826c --- /dev/null +++ b/net/crowdsec/patches/010-fix-32bits-compile.patch @@ -0,0 +1,29 @@ +Author: Kerma Gérald +Date: Mon Sep 20 10:34:20 2021 +0200 + + Use math.MaxInt32 instead of math.MaxUint32 + + To fix 32 bits compilation in v1.2.0 + https://github.com/crowdsecurity/crowdsec/issues/979 + + Signed-off-by: Kerma Gérald + +--- a/pkg/csplugin/broker.go ++++ b/pkg/csplugin/broker.go +@@ -400,14 +400,14 @@ func getProccessAtr(username string, gro + if err != nil { + return nil, err + } +- if uid < 0 && uid > math.MaxUint32 { ++ if uid < 0 && uid > math.MaxInt32 { + return nil, fmt.Errorf("out of bound uid") + } + gid, err := strconv.Atoi(g.Gid) + if err != nil { + return nil, err + } +- if gid < 0 && gid > math.MaxUint32 { ++ if gid < 0 && gid > math.MaxInt32 { + return nil, fmt.Errorf("out of bound gid") + } + return &syscall.SysProcAttr{