We use cookies to ensure you get the best experience on our website
Accueil Explorer Aide
S'inscrire Connexion
0ct0pu5
/
crowdsec
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: d5f17ee377
Branches Tags
crowdsec
/
docker
/
docker_start.sh

docker_start.sh 4.1 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 
  1. #!/bin/sh
    2. 

  2. 

  3. # Set the crowdsec config file
    4. 

  4. CS_CONFIG_FILE="/etc/crowdsec/config.yaml"
    5. 

  5. if [ "$CONFIG_FILE" != "" ]; then
    6. 

  6.     CS_CONFIG_FILE="$CONFIG_FILE"
    7. 

  7. fi
    8. 

  8. 

  9. #Check & prestage databases
    10. 

  10. if [ ! -e "/var/lib/data/GeoLite2-ASN.mmdb" ] && [ ! -e "/var/lib/data/GeoLite2-City.mmdb" ]; then
    11. 

  11.     mkdir -p /var/lib/crowdsec/data
    12. 

  12.     cp /staging/var/lib/crowdsec/data/*.mmdb /var/lib/crowdsec/data/
    13. 

  13. fi
    14. 

  14. 

  15. #Check & prestage /etc/crowdsec
    16. 

  16. if [ ! -e "/etc/crowdsec/local_api_credentials.yaml" ] && [ ! -e "/etc/crowdsec/config.yaml" ]; then
    17. 

  17.     mkdir -p /etc/crowdsec
    18. 

  18.     cp -r /staging/etc/* /etc/
    19. 

  19. fi
    20. 

  20. 

  21. # regenerate local agent credentials (ignore if agent is disabled)
    22. 

  22. if [ "$DISABLE_AGENT" == "" ] ; then
    23. 

  23.     echo "Regenerate local agent credentials"
    24. 

  24.     cscli -c "$CS_CONFIG_FILE" machines delete localhost
    25. 

  25.     if [ "$LOCAL_API_URL" != "" ] ; then
    26. 

  26.         cscli -c "$CS_CONFIG_FILE" machines add localhost --auto --url $LOCAL_API_URL
    27. 

  27.     else
    28. 

  28.         cscli -c "$CS_CONFIG_FILE" machines add localhost --auto
    29. 

  29.     fi
    30. 

  30.     if [ "$AGENT_USERNAME" != "" ] && [ "$AGENT_PASSWORD" != "" ] && [ "$LOCAL_API_URL" != "" ] ; then
    31. 

  31.         echo "set up lapi credentials for agent"
    32. 

  32.         CONFIG_PATH=$(yq eval '.api.client.credentials_path' "$CS_CONFIG_FILE" )
    33. 

  33.         echo "url: $LOCAL_API_URL" > $CONFIG_PATH
    34. 

  34.         echo "login: $AGENT_USERNAME" >> $CONFIG_PATH
    35. 

  35.         echo "password: $AGENT_PASSWORD" >> $CONFIG_PATH
    36. 

  36.     fi
    37. 

  37. fi
    38. 

  38. 

  39. # Check if lapi needs to automatically register an agent
    40. 

  40. echo Check if lapi need to register automatically an agent
    41. 

  41. if [ "$DISABLE_LOCAL_API" == "" ] && [ "$AGENT_USERNAME" != "" ] && [ "$AGENT_PASSWORD" != "" ] ; then
    42. 

  42.     cscli -c "$CS_CONFIG_FILE" machines add $AGENT_USERNAME --password $AGENT_PASSWORD
    43. 

  43.     echo "Agent registered to lapi"
    44. 

  44. fi
    45. 

  45. 

  46. # registration to online API for signal push
    47. 

  47. if [ "$DISABLE_ONLINE_API" == "" ] && [ "$CONFIG_FILE" == "" ] ; then
    48. 

  48.     CONFIG_EXIST=$(yq eval '.api.server.online_client | has("credentials_path")' "$CS_CONFIG_FILE")
    49. 

  49.     if [ "$CONFIG_EXIST" != "true" ]; then
    50. 

  50.         yq eval '.api.server.online_client = {"credentials_path": "/etc/crowdsec/online_api_credentials.yaml"}' "$CS_CONFIG_FILE" > /etc/crowdsec/config2.yaml
    51. 

  51.         mv /etc/crowdsec/config2.yaml "$CS_CONFIG_FILE"
    52. 

  52.         cscli -c "$CS_CONFIG_FILE" capi register > /etc/crowdsec/online_api_credentials.yaml
    53. 

  53.         echo "registration to online API done"
    54. 

  54.     fi
    55. 

  55. fi
    56. 

  56. 

  57. # crowdsec sqlite database permissions
    58. 

  58. if [ "$GID" != "" ]; then
    59. 

  59.     IS_SQLITE=$(yq eval '.db_config.type == "sqlite"' "$CS_CONFIG_FILE")
    60. 

  60.     DB_PATH=$(yq eval '.db_config.db_path' "$CS_CONFIG_FILE")
    61. 

  61.     if [ "$IS_SQLITE" == "true" ]; then
    62. 

  62.         chown :$GID $DB_PATH
    63. 

  63.         echo "sqlite database permissions updated"
    64. 

  64.     fi
    65. 

  65. fi
    66. 

  66. 

  67. ## Install collections, parsers & scenarios
    68. 

  68. cscli -c "$CS_CONFIG_FILE" hub update
    69. 

  69. cscli -c "$CS_CONFIG_FILE" collections upgrade crowdsecurity/linux || true
    70. 

  70. cscli -c "$CS_CONFIG_FILE" parsers upgrade crowdsecurity/whitelists || true
    71. 

  71. cscli -c "$CS_CONFIG_FILE" parsers install crowdsecurity/docker-logs || true
    72. 

  72. if [ "$COLLECTIONS" != "" ]; then
    73. 

  73.     cscli -c "$CS_CONFIG_FILE" collections install $COLLECTIONS
    74. 

  74. fi
    75. 

  75. if [ "$PARSERS" != "" ]; then
    76. 

  76.     cscli -c "$CS_CONFIG_FILE" parsers install $PARSERS
    77. 

  77. fi
    78. 

  78. if [ "$SCENARIOS" != "" ]; then
    79. 

  79.     cscli -c "$CS_CONFIG_FILE" scenarios install $SCENARIOS
    80. 

  80. fi
    81. 

  81. if [ "$POSTOVERFLOWS" != "" ]; then
    82. 

  82.     cscli -c "$CS_CONFIG_FILE" postoverflows install $POSTOVERFLOWS
    83. 

  83. fi
    84. 

  84. 

  85. ARGS=""
    86. 

  86. if [ "$CONFIG_FILE" != "" ]; then
    87. 

  87.     ARGS="-c $CONFIG_FILE"
    88. 

  88. fi
    89. 

  89. if [ "$DSN" != "" ]; then
    90. 

  90.     ARGS="$ARGS -dsn ${DSN}"
    91. 

  91. fi
    92. 

  92. 

  93. if [ "$TYPE" != "" ]; then
    94. 

  94.     ARGS="$ARGS -type $TYPE"
    95. 

  95. fi
    96. 

  96. if [ "$TEST_MODE" == "true" ] || [ "$TEST_MODE" == "TRUE" ]; then
    97. 

  97.     ARGS="$ARGS -t"
    98. 

  98. fi
    99. 

  99. if [ "$DISABLE_AGENT" == "true" ] || [ "$DISABLE_AGENT" == "TRUE" ]; then
    100. 

  100.     ARGS="$ARGS -no-cs"
    101. 

  101. fi
    102. 

  102. if [ "$DISABLE_LOCAL_API" == "true" ] || [ "$DISABLE_LOCAL_API" == "TRUE" ]; then
    103. 

  103.     ARGS="$ARGS -no-api"
    104. 

  104. fi
    105. 

  105. if [ "$LEVEL_TRACE" == "true" ] || [ "$LEVEL_TRACE" == "TRUE" ]; then
    106. 

  106.     ARGS="$ARGS -trace"
    107. 

  107. fi
    108. 

  108. if [ "$LEVEL_DEBUG" == "true" ] || [ "$LEVEL_DEBUG" == "TRUE"  ]; then
    109. 

  109.     ARGS="$ARGS -debug"
    110. 

  110. fi
    111. 

  111. if [ "$LEVEL_INFO" == "true" ] || [ "$LEVEL_INFO" == "TRUE" ]; then
    112. 

  112.     ARGS="$ARGS -info"
    113. 

  113. fi
    114. 

  114. 

  115. exec crowdsec $ARGS
    116.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5