chore: clean .gitignore cache
This commit is contained in:
GitHub Actions
@@ -1,77 +0,0 @@
|
||||
export interface CrowdsecPreset {
|
||||
slug: string
|
||||
title: string
|
||||
description: string
|
||||
content: string
|
||||
tags?: string[]
|
||||
warning?: string
|
||||
}
|
||||
|
||||
export const CROWDSEC_PRESETS: CrowdsecPreset[] = [
|
||||
{
|
||||
slug: 'bot-mitigation-essentials',
|
||||
title: 'Bot Mitigation Essentials',
|
||||
description:
|
||||
'Core HTTP parsers and scenarios aimed at credential stuffing, scanners, and bad crawlers with minimal false positives.',
|
||||
tags: ['bots', 'web', 'auth'],
|
||||
content: `configs:
|
||||
collections:
|
||||
- crowdsecurity/base-http-scenarios
|
||||
- crowdsecurity/http-cve
|
||||
- crowdsecurity/http-bad-user-agent
|
||||
parsers:
|
||||
- crowdsecurity/http-logs
|
||||
- crowdsecurity/nginx-logs
|
||||
- crowdsecurity/apache2-logs
|
||||
scenarios:
|
||||
- crowdsecurity/http-bf
|
||||
- crowdsecurity/http-sensitive-files
|
||||
- crowdsecurity/http-probing
|
||||
- crowdsecurity/http-crawl-non_statics
|
||||
postoverflows:
|
||||
- crowdsecurity/whitelists
|
||||
`,
|
||||
warning: 'Best for internet-facing apps; ensure allowlists cover SSO and monitoring probes.',
|
||||
},
|
||||
{
|
||||
slug: 'honeypot-friendly-defaults',
|
||||
title: 'Honeypot Friendly Defaults',
|
||||
description: 'Lightweight defaults tuned for tarpits and research honeypots to reduce noisy bans.',
|
||||
tags: ['low-noise', 'ssh', 'http'],
|
||||
content: `configs:
|
||||
collections:
|
||||
- crowdsecurity/sshd
|
||||
- crowdsecurity/caddy
|
||||
parsers:
|
||||
- crowdsecurity/sshd-logs
|
||||
- crowdsecurity/caddy-logs
|
||||
scenarios:
|
||||
- crowdsecurity/ssh-bf
|
||||
- crowdsecurity/http-backdoors-attempts
|
||||
- crowdsecurity/http-probing
|
||||
postoverflows:
|
||||
- crowdsecurity/whitelists
|
||||
`,
|
||||
warning: 'Keep honeypot endpoints isolated; avoid applying to production ingress.',
|
||||
},
|
||||
{
|
||||
slug: 'geolocation-aware',
|
||||
title: 'Geolocation Aware',
|
||||
description: 'Adds geo-enrichment and region-aware scenarios to tighten access by country.',
|
||||
tags: ['geo', 'access-control'],
|
||||
content: `configs:
|
||||
collections:
|
||||
- crowdsecurity/geoip-enricher
|
||||
scenarios:
|
||||
- crowdsecurity/geo-fencing
|
||||
- crowdsecurity/geo-bf
|
||||
postoverflows:
|
||||
- crowdsecurity/whitelists
|
||||
`,
|
||||
warning: 'Requires GeoIP database. Pair with ACLs to avoid blocking legitimate traffic.',
|
||||
},
|
||||
]
|
||||
|
||||
export const findCrowdsecPreset = (slug: string): CrowdsecPreset | undefined => {
|
||||
return CROWDSEC_PRESETS.find((preset) => preset.slug === slug)
|
||||
}
|
||||
Reference in New Issue
Block a user