From 12b43b36d62cbe57aa3d6ba9b9bbe4a86ea7cab0 Mon Sep 17 00:00:00 2001 From: Daniel Steiner Date: Sat, 4 Nov 2023 09:33:09 +0100 Subject: [PATCH] New crowdsec package --- centos/SPECS/sftp-config-alt.json | 45 ++++++ centos/SPECS/sftp-config.json | 2 +- fedora/SPECS/crowdsec.spec | 242 ++++++++++++++++++++++++++++++ fedora/SPECS/sftp-config.json | 4 +- 4 files changed, 290 insertions(+), 3 deletions(-) create mode 100644 centos/SPECS/sftp-config-alt.json create mode 100644 fedora/SPECS/crowdsec.spec diff --git a/centos/SPECS/sftp-config-alt.json b/centos/SPECS/sftp-config-alt.json new file mode 100644 index 0000000..6bd8fbe --- /dev/null +++ b/centos/SPECS/sftp-config-alt.json @@ -0,0 +1,45 @@ +{ + // The tab key will cycle through the settings when first created + // Visit http://wbond.net/sublime_packages/sftp/settings for help + + // sftp, ftp or ftps + "type": "sftp", + + "save_before_upload": true, + "upload_on_save": false, + "sync_down_on_open": false, + "sync_skip_deletes": false, + "sync_same_age": true, + "confirm_downloads": false, + "confirm_sync": true, + "confirm_overwrite_newer": false, + + "host": "centosbuild", + "user": "root", + //"password": "password", + //"port": "22", + + "remote_path": "/root/rpmbuild/SPECS/", + "ignore_regexes": [ + "\\.sublime-(project|workspace)", "sftp-config(-alt\\d?)?\\.json", + "sftp-settings\\.json", "/venv/", "\\.svn/", "\\.hg/", "\\.git/", + "\\.bzr", "_darcs", "CVS", "\\.DS_Store", "Thumbs\\.db", "desktop\\.ini" + ], + //"file_permissions": "664", + //"dir_permissions": "775", + + //"extra_list_connections": 0, + + "connect_timeout": 30, + //"keepalive": 120, + //"ftp_passive_mode": true, + //"ftp_obey_passive_host": false, + //"ssh_key_file": "~/.ssh/id_rsa", + //"sftp_flags": ["-F", "/path/to/ssh_config"], + + //"preserve_modification_times": false, + //"remote_time_offset_in_hours": 0, + //"remote_encoding": "utf-8", + //"remote_locale": "C", + //"allow_config_upload": false, +} diff --git a/centos/SPECS/sftp-config.json b/centos/SPECS/sftp-config.json index b6777d9..50a8889 100644 --- a/centos/SPECS/sftp-config.json +++ b/centos/SPECS/sftp-config.json @@ -14,7 +14,7 @@ "confirm_sync": true, "confirm_overwrite_newer": false, - "host": "cent7build", + "host": "alma9build", "user": "root", //"password": "password", //"port": "22", diff --git a/fedora/SPECS/crowdsec.spec b/fedora/SPECS/crowdsec.spec new file mode 100644 index 0000000..4efdf82 --- /dev/null +++ b/fedora/SPECS/crowdsec.spec @@ -0,0 +1,242 @@ + +Name: crowdsec +Version: 1.5.5 +Release: 1%{?dist} +Summary: Crowdsec - An open-source, lightweight agent to detect and respond to bad behaviors. It also automatically benefits from our global community-wide IP reputation database + +License: MIT +URL: https://crowdsec.net +Source0: https://github.com/crowdsecurity/%{name}/archive/v%(echo $VERSION).tar.gz +Source1: 80-%{name}.preset +Patch0: crowdsec.unit.patch +Patch1: user.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: systemd +Requires: crontabs +%{?fc33:BuildRequires: systemd-rpm-macros} +%{?fc34:BuildRequires: systemd-rpm-macros} +%{?fc35:BuildRequires: systemd-rpm-macros} +%{?fc36:BuildRequires: systemd-rpm-macros} + +%define debug_package %{nil} + +%description + +%define version_number %(echo $VERSION) +%define releasever %(echo $RELEASEVER) +%global name crowdsec +%global __mangle_shebangs_exclude_from /usr/bin/env + +%prep +%setup -q -T -b 0 + +%patch0 +%patch1 + +%build +sed -i "s#/usr/local/lib/crowdsec/plugins/#%{_libdir}/%{name}/plugins/#g" config/config.yaml + +%install +rm -rf %{buildroot} +mkdir -p %{buildroot}/etc/crowdsec/hub +mkdir -p %{buildroot}/etc/crowdsec/patterns +mkdir -p %{buildroot}/etc/crowdsec/console/ +mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/data +mkdir -p %{buildroot}%{_presetdir} + +mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/plugins +mkdir -p %{buildroot}%{_sysconfdir}/crowdsec/notifications/ +mkdir -p %{buildroot}%{_libdir}/%{name}/plugins/ + + +install -m 755 -D cmd/crowdsec/crowdsec %{buildroot}%{_bindir}/%{name} +install -m 755 -D cmd/crowdsec-cli/cscli %{buildroot}%{_bindir}/cscli +install -m 755 -D wizard.sh %{buildroot}/usr/share/crowdsec/wizard.sh +install -m 644 -D config/crowdsec.service %{buildroot}%{_unitdir}/%{name}.service +install -m 644 -D config/patterns/* -t %{buildroot}%{_sysconfdir}/crowdsec/patterns +install -m 600 -D config/config.yaml %{buildroot}%{_sysconfdir}/crowdsec +install -m 644 -D config/simulation.yaml %{buildroot}%{_sysconfdir}/crowdsec +install -m 644 -D config/profiles.yaml %{buildroot}%{_sysconfdir}/crowdsec +install -m 644 -D config/console.yaml %{buildroot}%{_sysconfdir}/crowdsec +install -m 644 -D config/context.yaml %{buildroot}%{_sysconfdir}/crowdsec/console/ +install -m 750 -D config/%{name}.cron.daily %{buildroot}%{_sysconfdir}/cron.daily/%{name} +install -m 644 -D %{SOURCE1} %{buildroot}%{_presetdir} + +install -m 551 cmd/notification-slack/notification-slack %{buildroot}%{_libdir}/%{name}/plugins/ +install -m 551 cmd/notification-http/notification-http %{buildroot}%{_libdir}/%{name}/plugins/ +install -m 551 cmd/notification-splunk/notification-splunk %{buildroot}%{_libdir}/%{name}/plugins/ +install -m 551 cmd/notification-email/notification-email %{buildroot}%{_libdir}/%{name}/plugins/ +install -m 551 cmd/notification-sentinel/notification-sentinel %{buildroot}%{_libdir}/%{name}/plugins/ + +install -m 600 cmd/notification-slack/slack.yaml %{buildroot}%{_sysconfdir}/crowdsec/notifications/ +install -m 600 cmd/notification-http/http.yaml %{buildroot}%{_sysconfdir}/crowdsec/notifications/ +install -m 600 cmd/notification-splunk/splunk.yaml %{buildroot}%{_sysconfdir}/crowdsec/notifications/ +install -m 600 cmd/notification-email/email.yaml %{buildroot}%{_sysconfdir}/crowdsec/notifications/ +install -m 600 cmd/notification-sentinel/sentinel.yaml %{buildroot}%{_sysconfdir}/crowdsec/notifications/ + + +%clean +rm -rf %{buildroot} + +%files +%defattr(-,root,root,-) +%{_bindir}/%{name} +%{_bindir}/cscli +%{_datadir}/%{name}/wizard.sh +%{_libdir}/%{name}/plugins/notification-slack +%{_libdir}/%{name}/plugins/notification-http +%{_libdir}/%{name}/plugins/notification-splunk +%{_libdir}/%{name}/plugins/notification-email +%{_libdir}/%{name}/plugins/notification-sentinel +%{_sysconfdir}/%{name}/patterns/linux-syslog +%{_sysconfdir}/%{name}/patterns/ruby +%{_sysconfdir}/%{name}/patterns/nginx +%{_sysconfdir}/%{name}/patterns/junos +%{_sysconfdir}/%{name}/patterns/cowrie_honeypot +%{_sysconfdir}/%{name}/patterns/redis +%{_sysconfdir}/%{name}/patterns/firewalls +%{_sysconfdir}/%{name}/patterns/paths +%{_sysconfdir}/%{name}/patterns/java +%{_sysconfdir}/%{name}/patterns/postgresql +%{_sysconfdir}/%{name}/patterns/bacula +%{_sysconfdir}/%{name}/patterns/mcollective +%{_sysconfdir}/%{name}/patterns/rails +%{_sysconfdir}/%{name}/patterns/haproxy +%{_sysconfdir}/%{name}/patterns/nagios +%{_sysconfdir}/%{name}/patterns/mysql +%{_sysconfdir}/%{name}/patterns/ssh +%{_sysconfdir}/%{name}/patterns/tcpdump +%{_sysconfdir}/%{name}/patterns/exim +%{_sysconfdir}/%{name}/patterns/bro +%{_sysconfdir}/%{name}/patterns/modsecurity +%{_sysconfdir}/%{name}/patterns/aws +%{_sysconfdir}/%{name}/patterns/smb +%{_sysconfdir}/%{name}/patterns/mongodb +%config(noreplace) %{_sysconfdir}/%{name}/config.yaml +%config(noreplace) %{_sysconfdir}/%{name}/simulation.yaml +%config(noreplace) %{_sysconfdir}/%{name}/profiles.yaml +%config(noreplace) %{_sysconfdir}/%{name}/console.yaml +%config(noreplace) %{_sysconfdir}/%{name}/console/context.yaml +%config(noreplace) %{_presetdir}/80-%{name}.preset +%config(noreplace) %{_sysconfdir}/%{name}/notifications/http.yaml +%config(noreplace) %{_sysconfdir}/%{name}/notifications/slack.yaml +%config(noreplace) %{_sysconfdir}/%{name}/notifications/splunk.yaml +%config(noreplace) %{_sysconfdir}/%{name}/notifications/email.yaml +%config(noreplace) %{_sysconfdir}/%{name}/notifications/sentinel.yaml +%config(noreplace) %{_sysconfdir}/cron.daily/%{name} + +%{_unitdir}/%{name}.service + +%ghost %{_sysconfdir}/%{name}/hub/.index.json +%ghost %{_localstatedir}/log/%{name}.log +%dir /var/lib/%{name}/data/ +%dir %{_sysconfdir}/%{name}/hub + +%ghost %{_sysconfdir}/crowdsec/local_api_credentials.yaml +%ghost %{_sysconfdir}/crowdsec/online_api_credentials.yaml +%ghost %{_sysconfdir}/crowdsec/acquis.yaml + +%pre + +#systemctl stop crowdsec || true + +if [ $1 == 2 ];then + if [[ ! -d /var/lib/crowdsec/backup ]]; then + cscli config backup /var/lib/crowdsec/backup + fi +fi + + +%post -p /bin/bash + +#install +if [ $1 == 1 ]; then + + if [ ! -f "/var/lib/crowdsec/data/crowdsec.db" ] ; then + touch /var/lib/crowdsec/data/crowdsec.db + fi + + echo $SHELL + . /usr/share/crowdsec/wizard.sh -n + + echo Creating acquisition configuration + if [ ! -f "/etc/crowsec/acquis.yaml" ] ; then + set +e + SILENT=true detect_services + SILENT=true TMP_ACQUIS_FILE_SKIP=skip genacquisition + set +e + fi + if [ ! -f "%{_sysconfdir}/crowdsec/online_api_credentials.yaml" ] && [ ! -f "%{_sysconfdir}/crowdsec/local_api_credentials.yaml" ] ; then + install -m 600 /dev/null %{_sysconfdir}/crowdsec/online_api_credentials.yaml + install -m 600 /dev/null %{_sysconfdir}/crowdsec/local_api_credentials.yaml + cscli capi register + cscli machines add -a + fi + if [ ! -f "%{_sysconfdir}/crowdsec/online_api_credentials.yaml" ] ; then + touch %{_sysconfdir}/crowdsec/online_api_credentials.yaml + cscli capi register + fi + if [ ! -f "%{_sysconfdir}/crowdsec/local_api_credentials.yaml" ] ; then + touch %{_sysconfdir}/crowdsec/local_api_credentials.yaml + cscli machines add -a + fi + + cscli hub update + CSCLI_BIN_INSTALLED="/usr/bin/cscli" SILENT=true install_collection + +#upgrade +elif [ $1 == 2 ] && [ -d /var/lib/crowdsec/backup ]; then + cscli config restore /var/lib/crowdsec/backup + if [ $? == 0 ]; then + rm -rf /var/lib/crowdsec/backup + fi + + if [[ -f %{_sysconfdir}/crowdsec/online_api_credentials.yaml ]] ; then + chmod 600 %{_sysconfdir}/crowdsec/online_api_credentials.yaml + fi + + if [[ -f %{_sysconfdir}/crowdsec/local_api_credentials.yaml ]] ; then + chmod 600 %{_sysconfdir}/crowdsec/local_api_credentials.yaml + fi +fi + +%systemd_post %{name}.service + +if [ $1 == 1 ]; then + API=$(cscli config show --key "Config.API.Server") + if [ "$API" = "" ] ; then + LAPI=false + else + PORT=$(cscli config show --key "Config.API.Server.ListenURI"|cut -d ":" -f2) + fi + if [ "$LAPI" = false ] || [ -z "$(ss -nlt "sport = ${PORT}" | grep -v ^State)" ] ; then + %if 0%{?fc35} || 0%{?fc36} + systemctl enable crowdsec + %endif + systemctl start crowdsec || echo "crowdsec is not started" + else + echo "Not attempting to start crowdsec, port ${PORT} is already used or lapi was disabled" + echo "This port is configured through /etc/crowdsec/config.yaml and /etc/crowdsec/local_api_credentials.yaml" + fi +fi + +%preun + +#systemctl stop crowdsec || echo "crowdsec was not started" + +%systemd_preun %{name}.service + +%postun + +%systemd_postun_with_restart %{name}.service + +if [ $1 == 0 ]; then + rm -rf /etc/crowdsec/hub +fi + +#systemctl stop crowdsec || echo "crowdsec was not started" + +%changelog +* Sat Nov 4 2023 Daniel Steiner +- First initial packaging diff --git a/fedora/SPECS/sftp-config.json b/fedora/SPECS/sftp-config.json index a45ef32..22f1199 100644 --- a/fedora/SPECS/sftp-config.json +++ b/fedora/SPECS/sftp-config.json @@ -15,11 +15,11 @@ "confirm_overwrite_newer": false, "host": "fedorabuild", - "user": "dani", + "user": "root", //"password": "password", //"port": "22", - "remote_path": "/home/dani/rpmbuild/SPECS/", + "remote_path": "/root/rpmbuild/SPECS/", "ignore_regexes": [ "\\.sublime-(project|workspace)", "sftp-config(-alt\\d?)?\\.json", "sftp-settings\\.json", "/venv/", "\\.svn", "\\.hg", "\\.git",