chore: git cache cleanup
This commit is contained in:
GitHub Actions
1
configs/caddy.json
Normal file
1
configs/caddy.json
Normal file
@@ -0,0 +1 @@
|
||||
{"admin":{"listen":"0.0.0.0:2019"},"apps":{}}
|
||||
10
configs/crowdsec/acquis.yaml
Normal file
10
configs/crowdsec/acquis.yaml
Normal file
@@ -0,0 +1,10 @@
|
||||
# Charon/Caddy Log Acquisition Configuration
|
||||
# This file tells CrowdSec what logs to monitor
|
||||
|
||||
# Caddy access logs (JSON format)
|
||||
source: file
|
||||
filenames:
|
||||
- /var/log/caddy/access.log
|
||||
- /var/log/caddy/*.log
|
||||
labels:
|
||||
type: caddy
|
||||
62
configs/crowdsec/install_hub_items.sh
Normal file
62
configs/crowdsec/install_hub_items.sh
Normal file
@@ -0,0 +1,62 @@
|
||||
#!/bin/sh
|
||||
# Install required CrowdSec hub items (parsers, scenarios, collections)
|
||||
# This script runs during container startup
|
||||
# POSIX-compatible - do not use bash-specific syntax
|
||||
|
||||
set -e
|
||||
|
||||
echo "Installing CrowdSec hub items for Charon..."
|
||||
|
||||
# Update hub index first
|
||||
echo "Updating hub index..."
|
||||
cscli hub update 2>/dev/null || echo "Warning: Failed to update hub index"
|
||||
|
||||
# Install Caddy log parser (if available)
|
||||
# Note: crowdsecurity/caddy-logs may not exist yet - check hub
|
||||
if cscli parsers inspect crowdsecurity/caddy-logs >/dev/null 2>&1; then
|
||||
echo "Installing Caddy log parser..."
|
||||
cscli parsers install crowdsecurity/caddy-logs --force 2>/dev/null || true
|
||||
else
|
||||
echo "Caddy-specific parser not available, using HTTP parser..."
|
||||
fi
|
||||
|
||||
# Install base HTTP parsers (always needed)
|
||||
echo "Installing base parsers..."
|
||||
cscli parsers install crowdsecurity/http-logs --force 2>/dev/null || true
|
||||
cscli parsers install crowdsecurity/syslog-logs --force 2>/dev/null || true
|
||||
cscli parsers install crowdsecurity/geoip-enrich --force 2>/dev/null || true
|
||||
|
||||
# Install HTTP scenarios for attack detection
|
||||
echo "Installing HTTP scenarios..."
|
||||
cscli scenarios install crowdsecurity/http-probing --force 2>/dev/null || true
|
||||
cscli scenarios install crowdsecurity/http-sensitive-files --force 2>/dev/null || true
|
||||
cscli scenarios install crowdsecurity/http-backdoors-attempts --force 2>/dev/null || true
|
||||
cscli scenarios install crowdsecurity/http-path-traversal-probing --force 2>/dev/null || true
|
||||
cscli scenarios install crowdsecurity/http-xss-probing --force 2>/dev/null || true
|
||||
cscli scenarios install crowdsecurity/http-sqli-probing --force 2>/dev/null || true
|
||||
cscli scenarios install crowdsecurity/http-generic-bf --force 2>/dev/null || true
|
||||
|
||||
# Install CVE collection for known vulnerabilities
|
||||
echo "Installing CVE collection..."
|
||||
cscli collections install crowdsecurity/http-cve --force 2>/dev/null || true
|
||||
|
||||
# Install base HTTP collection (bundles common scenarios)
|
||||
echo "Installing base HTTP collection..."
|
||||
cscli collections install crowdsecurity/base-http-scenarios --force 2>/dev/null || true
|
||||
|
||||
# Verify installation
|
||||
echo ""
|
||||
echo "=== Installed Components ==="
|
||||
echo "Parsers:"
|
||||
cscli parsers list 2>/dev/null | head -15 || echo " (unable to list)"
|
||||
|
||||
echo ""
|
||||
echo "Scenarios:"
|
||||
cscli scenarios list 2>/dev/null | head -15 || echo " (unable to list)"
|
||||
|
||||
echo ""
|
||||
echo "Collections:"
|
||||
cscli collections list 2>/dev/null | head -10 || echo " (unable to list)"
|
||||
|
||||
echo ""
|
||||
echo "Hub installation complete!"
|
||||
44
configs/crowdsec/register_bouncer.sh
Normal file
44
configs/crowdsec/register_bouncer.sh
Normal file
@@ -0,0 +1,44 @@
|
||||
#!/bin/sh
|
||||
# Register the Caddy bouncer with CrowdSec LAPI
|
||||
# This script is idempotent - safe to run multiple times
|
||||
# POSIX-compatible - do not use bash-specific syntax
|
||||
|
||||
set -e
|
||||
|
||||
BOUNCER_NAME="${CROWDSEC_BOUNCER_NAME:-caddy-bouncer}"
|
||||
API_KEY_FILE="/etc/crowdsec/bouncers/${BOUNCER_NAME}.key"
|
||||
|
||||
# Ensure bouncer directory exists
|
||||
mkdir -p /etc/crowdsec/bouncers
|
||||
|
||||
# Check if bouncer already registered
|
||||
if cscli bouncers list 2>/dev/null | grep -q "${BOUNCER_NAME}"; then
|
||||
echo "Bouncer '${BOUNCER_NAME}' already registered"
|
||||
|
||||
# If key file exists, use it
|
||||
if [ -f "$API_KEY_FILE" ]; then
|
||||
echo "Using existing API key from ${API_KEY_FILE}"
|
||||
cat "$API_KEY_FILE"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Key file missing but bouncer registered - re-register
|
||||
echo "API key file missing, re-registering bouncer..."
|
||||
cscli bouncers delete "${BOUNCER_NAME}" 2>/dev/null || true
|
||||
fi
|
||||
|
||||
# Register new bouncer and capture API key
|
||||
echo "Registering bouncer '${BOUNCER_NAME}'..."
|
||||
API_KEY=$(cscli bouncers add "${BOUNCER_NAME}" -o raw 2>/dev/null)
|
||||
|
||||
if [ -z "$API_KEY" ]; then
|
||||
echo "ERROR: Failed to register bouncer" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Save API key to file
|
||||
echo "$API_KEY" > "$API_KEY_FILE"
|
||||
chmod 600 "$API_KEY_FILE"
|
||||
|
||||
echo "Bouncer registered successfully"
|
||||
echo "$API_KEY"
|
||||
Reference in New Issue
Block a user