0ct0pu5/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
crowdsec/docs/cheat_sheets/config-mgmt.md
erenJag 4f9d252a15
Add the documentation into crowdsec repo (#3) 
Add the documentation into crowdsec repo
2020-05-15 16:58:24 +02:00

5.1 KiB
Raw Blame History

{{cli.bin}} allows you install, list, update/upgrade and remove configurations : parsers, enrichment, scenarios.

The various parsers, enrichers and scenarios installed on your machine makes a coherent ensemble to provide detection capabilities.

Parsers, Scenarios and Enrichers are often bundled together in "collections" to facilitate configuration.

Parsers, scenarios, enrichers and collections all follow the same principle :

  • {{cli.bin}} install parser crowdsec/nginx-logs
  • {{cli.bin}} update collection crowdsec/base-http-scenarios
  • {{cli.bin}} remove scenario crowdsec/mysql-bf

Please see your local {{cli.bin}} help for up-to-date documentation

List configurations

{{cli.bin}} list

note -a allows for listing of uninstalled configurations as well

{{cli.name}} list example 
$ {{cli.bin}} list
INFO[0000] Loaded 9 collecs, 14 parsers, 12 scenarios, 1 post-overflow parsers 
INFO[0000] PARSERS:                                     
--------------------------------------------------------------------------------------------------------------------
 NAME                       📦 STATUS    VERSION  LOCAL PATH                                                        
--------------------------------------------------------------------------------------------------------------------
 crowdsec/nginx-logs        ✔️  enabled  0.3      /etc/crowdsec/config/parsers/s01-parse/nginx-logs.yaml        
 crowdsec/geoip-enrich      ✔️  enabled  0.4      /etc/crowdsec/config/parsers/s02-enrich/geoip-enrich.yaml     
 crowdsec/syslog-logs       ✔️  enabled  0.4      /etc/crowdsec/config/parsers/s00-raw/syslog-logs.yaml         
 crowdsec/whitelists        ✔️  enabled  0.4      /etc/crowdsec/config/parsers/s02-enrich/whitelists.yaml       
 crowdsec/http-logs         ✔️  enabled  0.4      /etc/crowdsec/config/parsers/s02-enrich/http-logs.yaml        
 crowdsec/dateparse-enrich  ✔️  enabled  0.4      /etc/crowdsec/config/parsers/s02-enrich/dateparse-enrich.yaml 
--------------------------------------------------------------------------------------------------------------------
INFO[0000] SCENARIOS:                                   
-----------------------------------------------------------------------------------------------------------------------
 NAME                             📦 STATUS    VERSION  LOCAL PATH                                                     
-----------------------------------------------------------------------------------------------------------------------
 crowdsec/http-scan-uniques_404   ✔️  enabled  0.4      /etc/crowdsec/config/scenarios/http-scan-uniques_404.yaml  
 crowdsec/http-crawl-non_statics  ✔️  enabled  0.4      /etc/crowdsec/config/scenarios/http-crawl-non_statics.yaml 
-----------------------------------------------------------------------------------------------------------------------
INFO[0000] COLLECTIONS:                                 
-------------------------------------------------------------------------------------------------------------------
 NAME                          📦 STATUS    VERSION  LOCAL PATH                                                    
-------------------------------------------------------------------------------------------------------------------
 crowdsec/linux                ✔️  enabled  0.2      /etc/crowdsec/config/collections/linux.yaml               
 crowdsec/nginx                ✔️  enabled  0.2      /etc/crowdsec/config/collections/nginx.yaml               
 crowdsec/base-http-scenarios  ✔️  enabled  0.1      /etc/crowdsec/config/collections/base-http-scenarios.yaml 
-------------------------------------------------------------------------------------------------------------------
INFO[0000] POSTOVERFLOWS:                               
--------------------------------------
 NAME  📦 STATUS  VERSION  LOCAL PATH 
--------------------------------------
--------------------------------------

For {{parsers.htmlname}}, {{scenarios.htmlname}}, {{collections.htmlname}} the outputs include, beside the version, the path and the name, a STATUS column :

  • ✔️ enabled : configuration is up-to-date
  • ⚠️ enabled,outdated : a newer version is available
  • 🚫 enabled,local : configuration is not managed by {{cli.name}}
  • ⚠️ enabled,tainted : configuration has been locally modified

(see {{cli.name}} upgrade to upgrade/sync your configurations with {{hub.htmlname}})

Install new configurations

{{cli.bin}} install parser|scenario|postoverflow <name> [--force]

  • {{cli.bin}} install parser crowdsec/nginx-logs
  • {{cli.bin}} install scenario crowdsec/http-scan-uniques_404

Remove configurations

{{cli.bin}} remove parser|scenario|postoverflow <name> [--force]

Upgrade configurations

upgrade a specific scenario

{{cli.bin}} upgrade scenario crowdsec/http-scan-uniques_404

upgrade all scenarios

{{cli.bin}} upgrade scenario --all

upgrade all configurations (parsers, scenarios, collections, postoverflows)

{{cli.bin}} upgrade --all