started crowdsec v1 integration

2020-12-28 18:42:20 +01:00 · 2020-12-28 18:42:20 +01:00 · 09a984c86b
commit 09a984c86b
parent fd7afa17b3
14 changed files with 114 additions and 105 deletions
--- a/6
+++ b/6
@ -6,18 +6,12 @@ RUN chmod +x /tmp/compile.sh && \
    /tmp/compile.sh && \
    rm -rf /tmp/*
 COPY crowdsec/install.sh /tmp/install.sh
 RUN chmod +x /tmp/install.sh && \
    /tmp/install.sh && \
    rm -rf /tmp/*
 COPY entrypoint/ /opt/entrypoint
 COPY confs/ /opt/confs
 COPY scripts/ /opt/scripts
 COPY fail2ban/ /opt/fail2ban
 COPY logs/ /opt/logs
 COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec
 COPY prepare.sh /tmp/prepare.sh
 RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
--- a/6
+++ b/6
@ -6,18 +6,12 @@ RUN chmod +x /tmp/compile.sh && \
    /tmp/compile.sh && \
    rm -rf /tmp/*
 COPY crowdsec/install.sh /tmp/install.sh
 RUN chmod +x /tmp/install.sh && \
    /tmp/install.sh && \
    rm -rf /tmp/*
 COPY entrypoint/ /opt/entrypoint
 COPY confs/ /opt/confs
 COPY scripts/ /opt/scripts
 COPY fail2ban/ /opt/fail2ban
 COPY logs/ /opt/logs
 COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec
 COPY prepare.sh /tmp/prepare.sh
 RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
--- a/6
+++ b/6
@ -13,18 +13,12 @@ RUN chmod +x /tmp/compile.sh && \
    /tmp/compile.sh && \
    rm -rf /tmp/*
 COPY crowdsec/install.sh /tmp/install.sh
 RUN chmod +x /tmp/install.sh && \
    /tmp/install.sh && \
    rm -rf /tmp/*
 COPY entrypoint/ /opt/entrypoint
 COPY confs/ /opt/confs
 COPY scripts/ /opt/scripts
 COPY fail2ban/ /opt/fail2ban
 COPY logs/ /opt/logs
 COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec
 COPY prepare.sh /tmp/prepare.sh
 RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
--- a/6
+++ b/6
@ -13,18 +13,12 @@ RUN chmod +x /tmp/compile.sh && \
    /tmp/compile.sh && \
    rm -rf /tmp/*
 COPY crowdsec/install.sh /tmp/install.sh
 RUN chmod +x /tmp/install.sh && \
    /tmp/install.sh && \
    rm -rf /tmp/*
 COPY entrypoint/ /opt/entrypoint
 COPY confs/ /opt/confs
 COPY scripts/ /opt/scripts
 COPY fail2ban/ /opt/fail2ban
 COPY logs/ /opt/logs
 COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec
 COPY prepare.sh /tmp/prepare.sh
 RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
--- a/6
+++ b/6
@ -6,18 +6,12 @@ RUN chmod +x /tmp/compile.sh && \
    /tmp/compile.sh && \
    rm -rf /tmp/*
 COPY crowdsec/install.sh /tmp/install.sh
 RUN chmod +x /tmp/install.sh && \
    /tmp/install.sh && \
    rm -rf /tmp/*
 COPY entrypoint/ /opt/entrypoint
 COPY confs/ /opt/confs
 COPY scripts/ /opt/scripts
 COPY fail2ban/ /opt/fail2ban
 COPY logs/ /opt/logs
 COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec
 COPY prepare.sh /tmp/prepare.sh
 RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
--- a/compile.sh
+++ b/compile.sh
@ -30,7 +30,7 @@ function git_secure_clone() {
 NTASK=$(nproc)
 # install build dependencies
-apk add --no-cache --virtual build autoconf libtool automake git geoip-dev yajl-dev g++ curl-dev libxml2-dev pcre-dev make linux-headers libmaxminddb-dev musl-dev lua-dev gd-dev gnupg brotli-dev
+apk add --no-cache --virtual build autoconf libtool automake git geoip-dev yajl-dev g++ gcc curl-dev libxml2-dev pcre-dev make linux-headers libmaxminddb-dev musl-dev lua-dev gd-dev gnupg brotli-dev openssl-dev
 # compile and install ModSecurity library
 cd /tmp
@ -111,6 +111,36 @@ git_secure_clone https://github.com/ledgetech/lua-resty-http.git 984fdc260543763
 cd lua-resty-http
 make install
 cd /tmp
 git_secure_clone https://github.com/Neopallium/lualogging.git cadc4e8fd652be07a65b121a3e024838db330c15
 cd lualogging
 cp -r src/* /usr/local/lib/lua
 cd /tmp
 git_secure_clone https://github.com/diegonehab/luasocket.git 5b18e475f38fcf28429b1cc4b17baee3b9793a62
 cd luasocket
 make -j $NTASK
 mkdir /usr/local/lib/lua/socket
 cp src/*.lua /usr/local/lib/lua/socket
 cp src/*.so /usr/local/lib/lua/5.1/
 mv /usr/local/lib/lua/5.1/socket*.so /usr/local/lib/5.1/socket.so
 mv /usr/local/lib/lua/5.1/mime*.so /usr/local/lib/5.1/mime.so
 cd /tmp
 git_secure_clone https://github.com/brunoos/luasec.git c6704919bdc85f3324340bdb35c2795a02f7d625
 cd luasec
 make linux -j $NTASK
 cp src/ssl.so /usr/local/lib/lua/5.1
 mkdir /usr/local/lib/lua/ssl
 cp src/*.lua /usr/local/lib/lua
 cd /tmp
 git_secure_clone https://github.com/crowdsecurity/lua-cs-bouncer.git 71c4247d6b66234e3f3426b2ea721ad50c741579
 cd lua-cs-bouncer
 mkdir /usr/local/lib/lua/crowdsec
 cp lib/*.lua /usr/local/lib/lua/crowdsec
 cp template.conf /usr/local/lib/lua/crowdsec/crowdsec.conf
 sed -i 's/^API_URL=.*/API_URL=%CROWDSEC_HOST%/:' /usr/local/lib/lua/crowdsec/crowdsec.conf
 sed -i 's/^API_KEY=.*/API_KEY=%CROWDSEC_KEY%/:' /usr/local/lib/lua/crowdsec/crowdsec.conf
 sed -i 's/require "lrucache"/require "resty.lrucache"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
 sed -i 's/require "config"/require "crowdsec.config"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
 cd /tmp
 git_secure_clone https://github.com/openresty/lua-nginx-module.git 2d23bc4f0a29ed79aaaa754c11bffb1080aa44ba
 export LUAJIT_LIB=/usr/local/lib
 export LUAJIT_INC=/usr/local/include/luajit-2.1
--- a/crowdsec/install.sh
+++ b/crowdsec/install.sh
@ -1,63 +0,0 @@
 #!/bin/sh
 function git_secure_clone() {
 	repo="$1"
 	commit="$2"
 	folder=$(echo "$repo" | sed -E "s@https://github.com/.*/(.*)\.git@\1@")
 	git clone "$repo"
 	cd "$folder"
 	git checkout "${commit}^{commit}"
 	if [ $? -ne 0 ] ; then
 		echo "[!] Commit hash $commit is absent from repository $repo !"
 		exit 1
 	fi
 	cd ..
 }
 NTASK=$(nproc)
 # install build dependencies
 apk add --no-cache --virtual build git bash lua-dev mariadb-dev sqlite-dev gettext make go jq
 # build and install crowdsec
 cd /tmp
 git_secure_clone https://github.com/crowdsecurity/crowdsec.git 2fdf7624da381af605baa46f319f2ed3015807e4
 cd crowdsec
 make -j $NTASK build
 ./wizard.sh --bininstall
 sed -i 's/^machine_id:.*//' /etc/crowdsec/config/api.yaml
 sed -i 's/^password:.*//' /etc/crowdsec/config/api.yaml
 # install nginx collection
 cscli update
 cscli install collection crowdsecurity/nginx
 sed -i "s/^filter:.*$/filter: \"evt.Line.Labels.type == 'nginx'\"/" /etc/crowdsec/config/parsers/s01-parse/nginx-logs.yaml
 sed -i 's/apply_on: message/apply_on: Line.Raw/g' /etc/crowdsec/config/parsers/s01-parse/nginx-logs.yaml
 # build and install luasql
 cd /tmp
 git_secure_clone https://github.com/keplerproject/luasql.git 22d4a911f35cf851af9db71124e3998d96fb3fa1
 cd luasql
 make -j $NTASK sqlite3 mysql
 mkdir /usr/local/lib/lua/5.1/luasql
 cp src/*.so /usr/local/lib/lua/5.1/luasql
 # install lualogging
 cd /tmp
 git_secure_clone https://github.com/Neopallium/lualogging.git cadc4e8fd652be07a65b121a3e024838db330c15
 cd lualogging
 cp -r src/* /usr/local/lib/lua
 # install cs-lua-lib
 cd /tmp
 git_secure_clone https://github.com/crowdsecurity/cs-lua-lib.git 97e55a555a8f6d46c1c2032825a4578090283301
 cd cs-lua-lib
 mkdir /usr/local/lib/lua/crowdsec
 cp lib/*.lua /usr/local/lib/lua/crowdsec
 cp template.conf /usr/local/lib/lua/crowdsec/crowdsec.conf
 rm /usr/local/lib/lua/crowdsec/lrucache.lua
 sed -i 's/require "lrucache"/require "resty.lrucache"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
 sed -i 's/require "config"/require "crowdsec.config"/' /usr/local/lib/lua/crowdsec/CrowdSec.lua
 # remove build dependencies
 apk del build
--- a/entrypoint/defaults.sh
+++ b/entrypoint/defaults.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 MULTISITE="${MULTISITE-no}"
-LOG_FORMAT="${LOG_FORMAT-\$remote_addr - \$remote_user \$host [\$time_local] \"\$request\" \$status \$body_bytes_sent \"\$http_referer\" \"\$http_user_agent\"}"
+LOG_FORMAT="${LOG_FORMAT-\$host \$remote_addr - \$remote_user [\$time_local] \"\$request\" \$status \$body_bytes_sent \"\$http_referer\" \"\$http_user_agent\"}"
 HTTP_PORT="${HTTP_PORT-8080}"
 HTTPS_PORT="${HTTPS_PORT-8443}"
 MAX_CLIENT_SIZE="${MAX_CLIENT_SIZE-10m}"
--- a/entrypoint/entrypoint.sh
+++ b/entrypoint/entrypoint.sh
@ -100,12 +100,6 @@ if [ "$USE_FAIL2BAN" = "yes" ] ; then
 	LOGS="$LOGS /var/log/fail2ban.log"
 fi
 # start crowdsec
 if [ "$USE_CROWDSEC" = "yes" ] ; then
 	echo "[*] Running crowdsec ..."
 	crowdsec
 fi
 # autotest
 if [ "$1" == "test" ] ; then
 	sleep 10
--- a/entrypoint/global-config.sh
+++ b/entrypoint/global-config.sh
@ -291,10 +291,8 @@ fi
 # CrowdSec setup
 if [ "$(has_value USE_CROWDSEC yes)" != "" ] ; then
 	replace_in_file "/etc/nginx/nginx.conf" "%USE_CROWDSEC%" "include /etc/nginx/crowdsec.conf;"
-	cp /opt/crowdsec/acquis.yaml /etc/crowdsec/config/acquis.yaml
+	replace_in_file "/usr/local/lib/lua/crowdsec/crowdsec.conf" "%CROWDSEC_HOST" "$CROWDSEC_HOST"
-	cscli api register >> /etc/crowdsec/config/api.yaml
+	replace_in_file "/usr/local/lib/lua/crowdsec/crowdsec.conf" "%CROWDSEC_KEY" "$CROWDSEC_KEY"
 	cscli api pull
 	echo "0 0 * * * /usr/local/bin/cscli api pull > /dev/null 2>&1" >> /etc/crontabs/root
 else
 	replace_in_file "/etc/nginx/nginx.conf" "%USE_CROWDSEC%" ""
 fi
--- a/examples/crowdsec/acquis.yaml
+++ b/examples/crowdsec/acquis.yaml
--- a/examples/crowdsec/docker-compose.yml
+++ b/examples/crowdsec/docker-compose.yml
@ -0,0 +1,70 @@
 version: '3'
 services:
  mywww:
    image: bunkerity/bunkerized-nginx
    restart: always
    ports:
      - 80:8080
      - 443:8443
    volumes:
      - ./web-files:/www:ro
      - ./letsencrypt:/etc/letsencrypt
      - nginx_logs:/var/log
    environment:
      - SERVER_NAME=app1.website.com app2.website.com # replace with your domains
      - MULTISITE=yes
      - AUTO_LETS_ENCRYPT=yes
      - REDIRECT_HTTP_TO_HTTPS=yes
      - DISABLE_DEFAULT_SERVER=yes
      - USE_CLIENT_CACHE=yes
      - USE_GZIP=yes
      - USE_BROTLI=yes
      - USE_CROWDSEC=yes
      - CROWDSEC_HOST=mycrowdsec
      - CROWDSEC_KEY=                                 # you need to generate it (see bouncer_key.sh)
      - app1.website.com_REMOTE_PHP=myapp1
      - app1.website.com_REMOTE_PHP_PATH=/app
      - app2.website.com_REMOTE_PHP=myapp2
      - app2.website.com_REMOTE_PHP_PATH=/app
    networks:
      - net0
      - net1
      - net2
  mycrowdsec:
    image: crowdsecurity/crowdsec:v1.0.2
    restart: always
    volumes:
      - ./acquis.yaml:/etc/crowdsec/acquis.yaml
      - nginx_logs:/var/log:ro
    environment:
      - COLLECTIONS=crowdsecurity/nginx
      - REGISTER_TO_ONLINE_API=true
    networks:
      - net0
  myapp1:
    image: php:fpm
    restart: always
    volumes:
      - ./web-files/app1.website.com:/app
    networks:
      - net1
  myapp2:
    image: php:fpm
    restart: always
    volumes:
      - ./web-files/app2.website.com:/app
    networks:
      - net2
 networks:
  net0:
  net1:
  net2:
 volumes:
  nginx_logs:
--- a/examples/crowdsec/web-files/app1.website.com/index.php
+++ b/examples/crowdsec/web-files/app1.website.com/index.php
@ -0,0 +1,5 @@
 <?php
 echo "hello from app1 !";
 ?>
--- a/examples/crowdsec/web-files/app2.website.com/index.php
+++ b/examples/crowdsec/web-files/app2.website.com/index.php
@ -0,0 +1,5 @@
 <?php
 echo "hello from app2 !";
 ?>