2020-05-15 09:39:16 +00:00
#!/usr/bin/env bash
set -o pipefail
#set -x
2022-08-16 12:59:59 +00:00
skip_tmp_acquis( ) {
[ [ " ${ TMP_ACQUIS_FILE_SKIP } " = = "skip" ] ]
}
2021-02-25 10:20:36 +00:00
2020-05-15 09:39:16 +00:00
RED = '\033[0;31m'
BLUE = '\033[0;34m'
GREEN = '\033[0;32m'
2020-12-15 16:52:57 +00:00
YELLOW = '\033[1;33m'
ORANGE = '\033[0;33m'
2020-05-15 09:39:16 +00:00
NC = '\033[0m'
SILENT = "false"
2020-11-30 09:37:17 +00:00
DOCKER_MODE = "false"
2020-05-15 09:39:16 +00:00
CROWDSEC_RUN_DIR = "/var/run"
CROWDSEC_LIB_DIR = "/var/lib/crowdsec"
2020-05-27 15:35:35 +00:00
CROWDSEC_USR_DIR = "/usr/local/lib/crowdsec"
2020-05-15 09:39:16 +00:00
CROWDSEC_DATA_DIR = " ${ CROWDSEC_LIB_DIR } /data "
CROWDSEC_DB_PATH = " ${ CROWDSEC_DATA_DIR } /crowdsec.db "
2020-05-27 13:54:40 +00:00
CROWDSEC_PATH = "/etc/crowdsec"
2020-11-30 09:37:17 +00:00
CROWDSEC_CONFIG_PATH = " ${ CROWDSEC_PATH } "
2020-05-15 09:39:16 +00:00
CROWDSEC_LOG_FILE = "/var/log/crowdsec.log"
2021-03-11 10:18:09 +00:00
LAPI_LOG_FILE = "/var/log/crowdsec_api.log"
2021-09-07 15:18:55 +00:00
CROWDSEC_PLUGIN_DIR = " ${ CROWDSEC_USR_DIR } /plugins "
2023-01-04 15:50:02 +00:00
CROWDSEC_CONSOLE_DIR = " ${ CROWDSEC_PATH } /console "
2020-05-15 09:39:16 +00:00
CROWDSEC_BIN = "./cmd/crowdsec/crowdsec"
CSCLI_BIN = "./cmd/crowdsec-cli/cscli"
2020-11-30 09:37:17 +00:00
CLIENT_SECRETS = "local_api_credentials.yaml"
LAPI_SECRETS = "online_api_credentials.yaml"
2022-01-21 10:52:23 +00:00
CONSOLE_FILE = "console.yaml"
2022-01-13 15:46:16 +00:00
2020-11-30 09:37:17 +00:00
BIN_INSTALL_PATH = "/usr/local/bin"
CROWDSEC_BIN_INSTALLED = " ${ BIN_INSTALL_PATH } /crowdsec "
2021-01-28 11:05:42 +00:00
if [ [ -f "/usr/bin/cscli" ] ] ; then
CSCLI_BIN_INSTALLED = "/usr/bin/cscli"
else
CSCLI_BIN_INSTALLED = " ${ BIN_INSTALL_PATH } /cscli "
fi
2020-05-15 09:39:16 +00:00
ACQUIS_PATH = " ${ CROWDSEC_CONFIG_PATH } "
ACQUIS_TARGET = " ${ ACQUIS_PATH } /acquis.yaml "
SYSTEMD_PATH_FILE = "/etc/systemd/system/crowdsec.service"
PATTERNS_FOLDER = "config/patterns"
PATTERNS_PATH = " ${ CROWDSEC_CONFIG_PATH } /patterns/ "
ACTION = ""
DEBUG_MODE = "false"
2020-12-15 16:52:57 +00:00
FORCE_MODE = "false"
2020-05-15 09:39:16 +00:00
SUPPORTED_SERVICES = ' apache2
2020-12-23 08:47:49 +00:00
httpd
2020-05-15 09:39:16 +00:00
nginx
sshd
mysql
telnet
smb
'
2021-08-25 09:43:29 +00:00
HTTP_PLUGIN_BINARY = "./plugins/notifications/http/notification-http"
SLACK_PLUGIN_BINARY = "./plugins/notifications/slack/notification-slack"
SPLUNK_PLUGIN_BINARY = "./plugins/notifications/splunk/notification-splunk"
2022-01-06 10:20:59 +00:00
EMAIL_PLUGIN_BINARY = "./plugins/notifications/email/notification-email"
2021-08-25 09:43:29 +00:00
HTTP_PLUGIN_CONFIG = "./plugins/notifications/http/http.yaml"
SLACK_PLUGIN_CONFIG = "./plugins/notifications/slack/slack.yaml"
SPLUNK_PLUGIN_CONFIG = "./plugins/notifications/splunk/splunk.yaml"
2022-01-06 10:20:59 +00:00
EMAIL_PLUGIN_CONFIG = "./plugins/notifications/email/email.yaml"
2021-08-25 09:43:29 +00:00
2020-05-15 09:39:16 +00:00
BACKUP_DIR = $( mktemp -d)
2022-03-16 08:30:04 +00:00
rm -rf -- " $BACKUP_DIR "
2020-05-15 09:39:16 +00:00
log_info( ) {
msg = $1
date = $( date +%x:%X)
2021-02-25 10:20:36 +00:00
echo -e " ${ BLUE } INFO ${ NC } [ ${ date } ] crowdsec_wizard: ${ msg } "
}
log_fatal( ) {
msg = $1
date = $( date +%x:%X)
echo -e " ${ RED } FATA ${ NC } [ ${ date } ] crowdsec_wizard: ${ msg } " 1>& 2
exit 1
2020-05-15 09:39:16 +00:00
}
2020-12-15 16:52:57 +00:00
log_warn( ) {
msg = $1
date = $( date +%x:%X)
2021-02-25 10:20:36 +00:00
echo -e " ${ ORANGE } WARN ${ NC } [ ${ date } ] crowdsec_wizard: ${ msg } "
2020-12-15 16:52:57 +00:00
}
2020-05-15 09:39:16 +00:00
log_err( ) {
msg = $1
date = $( date +%x:%X)
2021-02-25 10:20:36 +00:00
echo -e " ${ RED } ERR ${ NC } [ ${ date } ] crowdsec_wizard: ${ msg } " 1>& 2
2020-05-15 09:39:16 +00:00
}
log_dbg( ) {
if [ [ ${ DEBUG_MODE } = = "true" ] ] ; then
msg = $1
date = $( date +%x:%X)
echo -e " [ ${ date } ][ ${ YELLOW } DBG ${ NC } ] crowdsec_wizard: ${ msg } " 1>& 2
fi
}
detect_services ( ) {
DETECTED_SERVICES = ( )
HMENU = ( )
#list systemd services
SYSTEMD_SERVICES = ` systemctl --state= enabled list-unit-files '*.service' | cut -d ' ' -f1`
#raw ps
PSAX = ` ps ax -o comm = `
for SVC in ${ SUPPORTED_SERVICES } ; do
2021-02-25 10:20:36 +00:00
log_dbg " Checking if service ' ${ SVC } ' is running (ps+systemd) "
2020-11-30 09:37:17 +00:00
for SRC in " ${ SYSTEMD_SERVICES } " " ${ PSAX } " ; do
echo ${ SRC } | grep ${ SVC } >/dev/null
if [ $? -eq 0 ] ; then
2020-12-23 08:47:49 +00:00
#on centos, apache2 is named httpd
if [ [ ${ SVC } = = "httpd" ] ] ; then
SVC = "apache2" ;
fi
2020-11-30 09:37:17 +00:00
DETECTED_SERVICES += ( ${ SVC } )
HMENU += ( ${ SVC } "on" )
2021-02-25 10:20:36 +00:00
log_dbg " Found ' ${ SVC } ' running "
2020-11-30 09:37:17 +00:00
break;
fi ;
done ;
2020-05-15 09:39:16 +00:00
done ;
2021-12-30 13:47:51 +00:00
if [ [ ${ OSTYPE } = = "linux-gnu" ] ] || [ [ ${ OSTYPE } = = "linux-gnueabihf" ] ] ; then
2020-05-15 09:39:16 +00:00
DETECTED_SERVICES += ( "linux" )
HMENU += ( "linux" "on" )
else
log_info "NOT A LINUX"
fi ;
if [ [ ${ SILENT } = = "false" ] ] ; then
#we put whiptail results in an array, notice the dark magic fd redirection
2020-11-30 09:37:17 +00:00
DETECTED_SERVICES = ( $( whiptail --separate-output --noitem --ok-button Continue --title "Services to monitor" --checklist "Detected services, uncheck to ignore. Ignored services won't be monitored." 18 70 10 ${ HMENU [@] } 3>& 1 1>& 2 2>& 3) )
2020-05-15 09:39:16 +00:00
if [ $? -eq 1 ] ; then
2020-11-30 09:37:17 +00:00
log_err "user bailed out at services selection"
exit 1;
2020-05-15 09:39:16 +00:00
fi ;
2021-02-25 10:20:36 +00:00
log_dbg " Detected services (interactive) : ${ DETECTED_SERVICES [@] } "
2020-11-30 09:37:17 +00:00
else
2021-02-25 10:20:36 +00:00
log_dbg " Detected services (unattended) : ${ DETECTED_SERVICES [@] } "
2020-05-15 09:39:16 +00:00
fi ;
}
declare -A log_input_tags
log_input_tags[ apache2] = 'type: apache2'
log_input_tags[ nginx] = 'type: nginx'
log_input_tags[ sshd] = 'type: syslog'
log_input_tags[ rsyslog] = 'type: syslog'
log_input_tags[ telnet] = 'type: telnet'
log_input_tags[ mysql] = 'type: mysql'
log_input_tags[ smb] = 'type: smb'
log_input_tags[ linux] = "type: syslog"
declare -A log_locations
2020-12-23 08:47:49 +00:00
log_locations[ apache2] = '/var/log/apache2/*.log,/var/log/*httpd*.log,/var/log/httpd/*log'
2021-12-17 09:29:00 +00:00
log_locations[ nginx] = '/var/log/nginx/*.log,/usr/local/openresty/nginx/logs/*.log'
2020-05-15 09:39:16 +00:00
log_locations[ sshd] = '/var/log/auth.log,/var/log/sshd.log,/var/log/secure'
log_locations[ rsyslog] = '/var/log/syslog'
log_locations[ telnet] = '/var/log/telnetd*.log'
2020-07-17 13:26:46 +00:00
log_locations[ mysql] = '/var/log/mysql/error.log'
2020-05-15 09:39:16 +00:00
log_locations[ smb] = '/var/log/samba*.log'
log_locations[ linux] = '/var/log/syslog,/var/log/kern.log,/var/log/messages'
#$1 is service name, such those in SUPPORTED_SERVICES
find_logs_for( ) {
ret = ""
x = ${ 1 }
#we have trailing and starting quotes because of whiptail
SVC = " ${ x % \" } "
SVC = " ${ SVC # \" } "
DETECTED_LOGFILES = ( )
HMENU = ( )
#log_info "Searching logs for ${SVC} : ${log_locations[${SVC}]}"
#split the line into an array with ',' separator
OIFS = ${ IFS }
IFS = ',' read -r -a a <<< " ${ log_locations [ ${ SVC } ] } , "
IFS = ${ OIFS }
#readarray -td, a <<<"${log_locations[${SVC}]},"; unset 'a[-1]';
for poss_path in " ${ a [@] } " ; do
#Split /var/log/nginx/*.log into '/var/log/nginx' and '*.log' so we can use find
path = ${ poss_path %/* }
fname = ${ poss_path ##*/ }
candidates = ` find " ${ path } " -type f -mtime -5 -ctime -5 -name " $fname " `
#We have some candidates, add them
for final_file in ${ candidates } ; do
2021-02-25 10:20:36 +00:00
log_dbg " Found logs file for ' ${ SVC } ': ${ final_file } "
2020-05-15 09:39:16 +00:00
DETECTED_LOGFILES += ( ${ final_file } )
HMENU += ( ${ final_file } "on" )
done ;
done ;
if [ [ ${ SILENT } = = "false" ] ] ; then
2020-11-30 09:37:17 +00:00
DETECTED_LOGFILES = ( $( whiptail --separate-output --noitem --ok-button Continue --title " Log files to process for ${ SVC } " --checklist " Detected logfiles for ${ SVC } , uncheck to ignore " 18 70 10 ${ HMENU [@] } 3>& 1 1>& 2 2>& 3) )
2020-05-15 09:39:16 +00:00
if [ $? -eq 1 ] ; then
2020-11-30 09:37:17 +00:00
log_err "user bailed out at log file selection"
exit 1;
2020-05-15 09:39:16 +00:00
fi ;
fi
}
in_array( ) {
str = $1
shift
array = ( " $@ " )
for element in " ${ array [@] } " ; do
2022-01-28 08:08:25 +00:00
if [ [ ${ str } = = crowdsecurity/${ element } ] ] ; then
2020-05-15 09:39:16 +00:00
return 0
fi
done
return 1
}
install_collection( ) {
HMENU = ( )
2020-11-30 09:37:17 +00:00
readarray -t AVAILABLE_COLLECTION < <( ${ CSCLI_BIN_INSTALLED } collections list -o raw -a)
2020-05-15 09:39:16 +00:00
COLLECTION_TO_INSTALL = ( )
2021-12-14 10:09:26 +00:00
for collect_info in " ${ AVAILABLE_COLLECTION [@] : 1 } " ; do
collection = " $( echo ${ collect_info } | cut -d "," -f1) "
description = " $( echo ${ collect_info } | cut -d "," -f4) "
2020-11-30 09:37:17 +00:00
in_array $collection " ${ DETECTED_SERVICES [@] } "
if [ [ $? = = 0 ] ] ; then
HMENU += ( " ${ collection } " " ${ description } " "ON" )
#in case we're not in interactive mode, assume defaults
COLLECTION_TO_INSTALL += ( ${ collection } )
else
if [ [ ${ collection } = = "linux" ] ] ; then
2020-05-15 09:39:16 +00:00
HMENU += ( " ${ collection } " " ${ description } " "ON" )
2020-11-30 09:37:17 +00:00
#in case we're not in interactive mode, assume defaults
COLLECTION_TO_INSTALL += ( ${ collection } )
2020-05-15 09:39:16 +00:00
else
2020-11-30 09:37:17 +00:00
HMENU += ( " ${ collection } " " ${ description } " "OFF" )
2020-05-15 09:39:16 +00:00
fi
2020-11-30 09:37:17 +00:00
fi
done
if [ [ ${ SILENT } = = "false" ] ] ; then
COLLECTION_TO_INSTALL = ( $( whiptail --separate-output --ok-button Continue --title "Crowdsec collections" --checklist "Available collections in crowdsec, try to pick one that fits your profile. Collections contains parsers and scenarios to protect your system." 20 120 10 " ${ HMENU [@] } " 3>& 1 1>& 2 2>& 3) )
2020-05-15 09:39:16 +00:00
if [ $? -eq 1 ] ; then
2020-11-30 09:37:17 +00:00
log_err "user bailed out at collection selection"
exit 1;
2020-05-15 09:39:16 +00:00
fi ;
2020-11-30 09:37:17 +00:00
fi ;
2020-05-15 09:39:16 +00:00
for collection in " ${ COLLECTION_TO_INSTALL [@] } " ; do
log_info " Installing collection ' ${ collection } ' "
2020-11-30 09:37:17 +00:00
${ CSCLI_BIN_INSTALLED } collections install " ${ collection } " > /dev/null 2>& 1 || log_err " fail to install collection ${ collection } "
2020-05-15 09:39:16 +00:00
done
2020-11-30 09:37:17 +00:00
${ CSCLI_BIN_INSTALLED } parsers install "crowdsecurity/whitelists" > /dev/null 2>& 1 || log_err "fail to install collection crowdsec/whitelists"
2020-05-15 09:39:16 +00:00
if [ [ ${ SILENT } = = "false" ] ] ; then
2021-06-21 13:10:59 +00:00
whiptail --msgbox "Out of safety, I installed a parser called 'crowdsecurity/whitelists'. This one will prevent private IP addresses from being banned, feel free to remove it any time." 20 50
2020-05-15 09:39:16 +00:00
fi
2020-10-07 10:03:06 +00:00
2020-11-30 09:37:17 +00:00
if [ [ ${ SILENT } = = "false" ] ] ; then
2021-01-15 17:14:33 +00:00
whiptail --msgbox "CrowdSec alone will not block any IP address. If you want to block them, you must use a bouncer. You can find them on https://hub.crowdsec.net/browse/#bouncers" 20 50
2020-11-30 09:37:17 +00:00
fi
2020-05-15 09:39:16 +00:00
}
#$1 is the service name, $... is the list of candidate logs (from find_logs_for)
2021-07-01 08:36:27 +00:00
genyamllog( ) {
2020-05-15 09:39:16 +00:00
local service = " ${ 1 } "
shift
local files = ( " ${ @ } " )
echo " #Generated acquisition file - wizard.sh (service: ${ service } ) / files : ${ files [@] } " >> ${ TMP_ACQUIS_FILE }
echo "filenames:" >> ${ TMP_ACQUIS_FILE }
for fd in ${ files [@] } ; do
echo " - ${ fd } " >> ${ TMP_ACQUIS_FILE }
done
echo "labels:" >> ${ TMP_ACQUIS_FILE }
echo " " ${ log_input_tags [ ${ service } ] } >> ${ TMP_ACQUIS_FILE }
echo "---" >> ${ TMP_ACQUIS_FILE }
2022-08-16 12:59:59 +00:00
log_dbg " ${ ACQUIS_FILE_MSG } "
2020-05-15 09:39:16 +00:00
}
2021-07-01 08:36:27 +00:00
genyamljournal( ) {
local service = " ${ 1 } "
shift
echo " #Generated acquisition file - wizard.sh (service: ${ service } ) / files : ${ files [@] } " >> ${ TMP_ACQUIS_FILE }
echo "journalctl_filter:" >> ${ TMP_ACQUIS_FILE }
echo " - _SYSTEMD_UNIT=" ${ service } ".service" >> ${ TMP_ACQUIS_FILE }
echo "labels:" >> ${ TMP_ACQUIS_FILE }
echo " " ${ log_input_tags [ ${ service } ] } >> ${ TMP_ACQUIS_FILE }
echo "---" >> ${ TMP_ACQUIS_FILE }
2022-08-16 12:59:59 +00:00
log_dbg " ${ ACQUIS_FILE_MSG } "
2021-07-01 08:36:27 +00:00
}
2020-05-15 09:39:16 +00:00
genacquisition( ) {
2022-08-16 12:59:59 +00:00
if skip_tmp_acquis; then
TMP_ACQUIS_FILE = " ${ ACQUIS_TARGET } "
ACQUIS_FILE_MSG = " acquisition file generated to: ${ TMP_ACQUIS_FILE } "
else
TMP_ACQUIS_FILE = "tmp-acquis.yaml"
ACQUIS_FILE_MSG = " tmp acquisition file generated to: ${ TMP_ACQUIS_FILE } "
fi
2021-02-25 10:20:36 +00:00
log_dbg "Found following services : " ${ DETECTED_SERVICES [@] }
2020-05-15 09:39:16 +00:00
for PSVG in ${ DETECTED_SERVICES [@] } ; do
find_logs_for ${ PSVG }
if [ [ ${# DETECTED_LOGFILES [@] } -gt 0 ] ] ; then
2021-02-25 10:20:36 +00:00
log_info " service ' ${ PSVG } ': ${ DETECTED_LOGFILES [*] } "
2021-07-01 08:36:27 +00:00
genyamllog ${ PSVG } ${ DETECTED_LOGFILES [@] }
elif [ [ ${ PSVG } != "linux" ] ] ; then
log_info " using journald for ' ${ PSVG } ' "
genyamljournal ${ PSVG }
2020-05-15 09:39:16 +00:00
fi ;
done
}
2020-12-15 16:52:57 +00:00
detect_cs_install ( ) {
if [ [ -f " $CROWDSEC_BIN_INSTALLED " ] ] ; then
log_warn "Crowdsec is already installed !"
echo ""
2022-04-27 09:04:12 +00:00
echo "We recommend to upgrade : sudo ./wizard.sh --upgrade "
2020-12-15 16:52:57 +00:00
echo "If you want to install it anyway, please use '--force'."
echo ""
echo "Run : sudo ./wizard.sh -i --force"
if [ [ ${ FORCE_MODE } = = "false" ] ] ; then
exit 1
fi
fi
}
check_cs_version ( ) {
CURRENT_CS_VERSION = $( crowdsec -version 2>& 1 | grep version | grep -Eio 'v[0-9]+.[0-9]+.[0-9]+' | cut -c 2-)
NEW_CS_VERSION = $( $CROWDSEC_BIN -version 2>& 1 | grep version | grep -Eio 'v[0-9]+.[0-9]+.[0-9]+' | cut -c 2-)
CURRENT_MAJOR_VERSION = $( echo $CURRENT_CS_VERSION | cut -d'.' -f1)
CURRENT_MINOR_VERSION = $( echo $CURRENT_CS_VERSION | cut -d'.' -f2)
CURRENT_PATCH_VERSION = $( echo $CURRENT_CS_VERSION | cut -d'.' -f3)
NEW_MAJOR_VERSION = $( echo $NEW_CS_VERSION | cut -d'.' -f1)
NEW_MINOR_VERSION = $( echo $NEW_CS_VERSION | cut -d'.' -f2)
NEW_PATCH_VERSION = $( echo $NEW_CS_VERSION | cut -d'.' -f3)
if [ [ $NEW_MAJOR_VERSION -gt $CURRENT_MAJOR_VERSION ] ] ; then
if [ [ ${ FORCE_MODE } = = "false" ] ] ; then
2021-12-15 10:31:32 +00:00
log_warn " new version ( $NEW_CS_VERSION ) is a major, you should follow documentation to upgrade ! "
2021-02-10 08:23:33 +00:00
echo ""
2020-12-15 16:52:57 +00:00
exit 1
fi
2021-01-15 08:48:39 +00:00
elif [ [ $NEW_MINOR_VERSION -gt $CURRENT_MINOR_VERSION ] ] ; then
log_warn " new version ( $NEW_CS_VERSION ) is a minor upgrade ! "
if [ [ $ACTION != "upgrade" ] ] ; then
if [ [ ${ FORCE_MODE } = = "false" ] ] ; then
2021-02-10 08:23:33 +00:00
echo ""
2022-04-27 09:04:12 +00:00
echo "We recommend to upgrade with : sudo ./wizard.sh --upgrade "
2021-02-10 08:23:33 +00:00
echo " If you want to $ACTION anyway, please use '--force'. "
echo ""
echo " Run : sudo ./wizard.sh -- $ACTION --force "
2021-01-15 08:48:39 +00:00
exit 1
fi
fi
2020-12-15 16:52:57 +00:00
elif [ [ $NEW_PATCH_VERSION -gt $CURRENT_PATCH_VERSION ] ] ; then
log_warn " new version ( $NEW_CS_VERSION ) is a patch ! "
2021-01-15 08:48:39 +00:00
if [ [ $ACTION != "binupgrade" ] ] ; then
if [ [ ${ FORCE_MODE } = = "false" ] ] ; then
2021-02-10 08:23:33 +00:00
echo ""
2022-04-27 09:04:12 +00:00
echo "We recommend to upgrade binaries only : sudo ./wizard.sh --binupgrade "
2021-02-10 08:23:33 +00:00
echo " If you want to $ACTION anyway, please use '--force'. "
echo ""
echo " Run : sudo ./wizard.sh -- $ACTION --force "
2021-01-15 08:48:39 +00:00
exit 1
fi
2020-12-15 16:52:57 +00:00
fi
elif [ [ $NEW_MINOR_VERSION -eq $CURRENT_MINOR_VERSION ] ] ; then
log_warn " new version ( $NEW_CS_VERSION ) is same as current version ( $CURRENT_CS_VERSION ) ! "
if [ [ ${ FORCE_MODE } = = "false" ] ] ; then
2021-02-10 08:23:33 +00:00
echo ""
2022-04-27 09:04:12 +00:00
echo " We recommend to $ACTION only if it's an higher version. "
2021-02-10 08:23:33 +00:00
echo "If it's an RC version (vX.X.X-rc) you can upgrade it using '--force'."
echo ""
echo " Run : sudo ./wizard.sh -- $ACTION --force "
2020-12-15 16:52:57 +00:00
exit 1
fi
fi
}
2020-07-16 13:48:46 +00:00
2020-05-15 09:39:16 +00:00
#install crowdsec and cscli
install_crowdsec( ) {
mkdir -p " ${ CROWDSEC_DATA_DIR } "
2020-08-05 09:20:40 +00:00
( cd config && find patterns -type f -exec install -Dm 644 "{}" " ${ CROWDSEC_CONFIG_PATH } /{} " \; && cd ../) || exit
2020-05-15 09:39:16 +00:00
mkdir -p " ${ CROWDSEC_CONFIG_PATH } /scenarios " || exit
mkdir -p " ${ CROWDSEC_CONFIG_PATH } /postoverflows " || exit
mkdir -p " ${ CROWDSEC_CONFIG_PATH } /collections " || exit
mkdir -p " ${ CROWDSEC_CONFIG_PATH } /patterns " || exit
2023-01-04 15:50:02 +00:00
mkdir -p " ${ CROWDSEC_CONSOLE_DIR } " || exit
2020-05-15 09:39:16 +00:00
2020-11-30 09:37:17 +00:00
#tmp
mkdir -p /tmp/data
mkdir -p /etc/crowdsec/hub/
2021-02-25 10:20:36 +00:00
install -v -m 600 -D " ./config/ ${ CLIENT_SECRETS } " " ${ CROWDSEC_CONFIG_PATH } " 1> /dev/null || exit
install -v -m 600 -D " ./config/ ${ LAPI_SECRETS } " " ${ CROWDSEC_CONFIG_PATH } " 1> /dev/null || exit
2020-11-30 09:37:17 +00:00
## end tmp
2022-05-17 10:50:18 +00:00
install -v -m 600 -D ./config/config.yaml " ${ CROWDSEC_CONFIG_PATH } " 1> /dev/null || exit
2021-02-25 10:20:36 +00:00
install -v -m 644 -D ./config/dev.yaml " ${ CROWDSEC_CONFIG_PATH } " 1> /dev/null || exit
install -v -m 644 -D ./config/user.yaml " ${ CROWDSEC_CONFIG_PATH } " 1> /dev/null || exit
install -v -m 644 -D ./config/acquis.yaml " ${ CROWDSEC_CONFIG_PATH } " 1> /dev/null || exit
install -v -m 644 -D ./config/profiles.yaml " ${ CROWDSEC_CONFIG_PATH } " 1> /dev/null || exit
install -v -m 644 -D ./config/simulation.yaml " ${ CROWDSEC_CONFIG_PATH } " 1> /dev/null || exit
2022-01-13 15:46:16 +00:00
install -v -m 644 -D ./config/" ${ CONSOLE_FILE } " " ${ CROWDSEC_CONFIG_PATH } " 1> /dev/null || exit
2023-01-04 15:50:02 +00:00
install -v -m 644 -D ./config/context.yaml " ${ CROWDSEC_CONSOLE_DIR } " 1> /dev/null || exit
2021-02-25 10:20:36 +00:00
2022-03-16 08:23:49 +00:00
DATA = ${ CROWDSEC_DATA_DIR } CFG = ${ CROWDSEC_CONFIG_PATH } envsubst '$CFG $DATA' < ./config/user.yaml > ${ CROWDSEC_CONFIG_PATH } "/user.yaml" || log_fatal "unable to generate user configuration file"
2020-11-30 09:37:17 +00:00
if [ [ ${ DOCKER_MODE } = = "false" ] ] ; then
2022-03-16 08:23:49 +00:00
CFG = ${ CROWDSEC_CONFIG_PATH } BIN = ${ CROWDSEC_BIN_INSTALLED } envsubst '$CFG $BIN' < ./config/crowdsec.service > " ${ SYSTEMD_PATH_FILE } " || log_fatal "unable to crowdsec systemd file"
2020-11-30 09:37:17 +00:00
fi
2020-05-15 09:39:16 +00:00
install_bins
2020-11-30 09:37:17 +00:00
if [ [ ${ DOCKER_MODE } = = "false" ] ] ; then
systemctl daemon-reload
fi
2020-05-15 09:39:16 +00:00
}
update_bins( ) {
log_info "Only upgrading binaries"
delete_bins
install_bins
log_info "Upgrade finished"
2021-02-25 10:20:36 +00:00
systemctl restart crowdsec || log_fatal "unable to restart crowdsec with systemctl"
2020-05-15 09:39:16 +00:00
}
update_full( ) {
if [ [ ! -f " $CROWDSEC_BIN " ] ] ; then
2020-10-28 16:23:05 +00:00
log_err " Crowdsec binary ' $CROWDSEC_BIN ' not found. Please build it with 'make build' " && exit
2020-05-15 09:39:16 +00:00
fi
if [ [ ! -f " $CSCLI_BIN " ] ] ; then
2020-10-28 16:23:05 +00:00
log_err " Cscli binary ' $CSCLI_BIN ' not found. Please build it with 'make build' " && exit
2020-05-15 09:39:16 +00:00
fi
log_info "Backing up existing configuration"
2020-11-30 09:37:17 +00:00
${ CSCLI_BIN_INSTALLED } config backup ${ BACKUP_DIR }
2020-12-15 16:52:57 +00:00
log_info "Saving default database content if exist"
if [ [ -f "/var/lib/crowdsec/data/crowdsec.db" ] ] ; then
cp /var/lib/crowdsec/data/crowdsec.db ${ BACKUP_DIR } /crowdsec.db
fi
2020-05-15 09:39:16 +00:00
log_info "Cleanup existing crowdsec configuration"
uninstall_crowdsec
log_info "Installing crowdsec"
install_crowdsec
log_info "Restoring configuration"
2020-11-30 09:37:17 +00:00
${ CSCLI_BIN_INSTALLED } hub update
${ CSCLI_BIN_INSTALLED } config restore ${ BACKUP_DIR }
2020-12-15 16:52:57 +00:00
log_info "Restoring saved database if exist"
if [ [ -f " ${ BACKUP_DIR } /crowdsec.db " ] ] ; then
cp ${ BACKUP_DIR } /crowdsec.db /var/lib/crowdsec/data/crowdsec.db
fi
2020-05-15 09:39:16 +00:00
log_info "Finished, restarting"
2021-02-25 10:20:36 +00:00
systemctl restart crowdsec || log_fatal "Failed to restart crowdsec"
2020-05-15 09:39:16 +00:00
}
install_bins( ) {
2021-02-25 10:20:36 +00:00
log_dbg "Installing crowdsec binaries"
install -v -m 755 -D " ${ CROWDSEC_BIN } " " ${ CROWDSEC_BIN_INSTALLED } " 1> /dev/null || exit
install -v -m 755 -D " ${ CSCLI_BIN } " " ${ CSCLI_BIN_INSTALLED } " 1> /dev/null || exit
2021-11-03 15:56:44 +00:00
which systemctl && systemctl is-active --quiet crowdsec
2021-08-25 09:43:29 +00:00
if [ $? -eq 0 ] ; then
systemctl stop crowdsec
fi
install_plugins
2020-11-30 09:37:17 +00:00
symlink_bins
}
symlink_bins( ) {
if grep -q " ${ BIN_INSTALL_PATH } " <<< $PATH ; then
log_dbg " ${ BIN_INSTALL_PATH } found in PATH "
else
ln -s " ${ CSCLI_BIN_INSTALLED } " /usr/bin/cscli
ln -s " ${ CROWDSEC_BIN_INSTALLED } " /usr/bin/crowdsec
fi
2020-05-15 09:39:16 +00:00
}
delete_bins( ) {
log_info "Removing crowdsec binaries"
rm -f ${ CROWDSEC_BIN_INSTALLED }
rm -f ${ CSCLI_BIN_INSTALLED }
}
2021-08-25 09:43:29 +00:00
delete_plugins( ) {
rm -rf ${ CROWDSEC_PLUGIN_DIR }
}
install_plugins( ) {
mkdir -p ${ CROWDSEC_PLUGIN_DIR }
mkdir -p /etc/crowdsec/notifications
cp ${ SLACK_PLUGIN_BINARY } ${ CROWDSEC_PLUGIN_DIR }
cp ${ SPLUNK_PLUGIN_BINARY } ${ CROWDSEC_PLUGIN_DIR }
cp ${ HTTP_PLUGIN_BINARY } ${ CROWDSEC_PLUGIN_DIR }
2022-01-06 10:20:59 +00:00
cp ${ EMAIL_PLUGIN_BINARY } ${ CROWDSEC_PLUGIN_DIR }
2021-11-03 15:56:44 +00:00
if [ [ ${ DOCKER_MODE } = = "false" ] ] ; then
cp -n ${ SLACK_PLUGIN_CONFIG } /etc/crowdsec/notifications/
cp -n ${ SPLUNK_PLUGIN_CONFIG } /etc/crowdsec/notifications/
cp -n ${ HTTP_PLUGIN_CONFIG } /etc/crowdsec/notifications/
2022-03-16 08:30:04 +00:00
cp -n ${ EMAIL_PLUGIN_CONFIG } /etc/crowdsec/notifications/
2021-11-03 15:56:44 +00:00
fi
2021-08-25 09:43:29 +00:00
}
2021-01-19 11:31:03 +00:00
check_running_bouncers( ) {
#when uninstalling, check if user still has bouncers
2022-04-20 07:45:23 +00:00
BOUNCERS_COUNT = $( ${ CSCLI_BIN } bouncers list -o= raw | tail -n +2 | wc -l)
2021-01-19 11:31:03 +00:00
if [ [ ${ BOUNCERS_COUNT } -gt 0 ] ] ; then
if [ [ ${ FORCE_MODE } = = "false" ] ] ; then
echo "WARNING : You have at least one bouncer registered (cscli bouncers list)."
echo "WARNING : Uninstalling crowdsec with a running bouncer will let it in an unpredictable state."
echo "WARNING : If you want to uninstall crowdsec, you should first uninstall the bouncers."
echo "Specify --force to bypass this restriction."
exit 1
fi ;
fi
}
2020-05-15 09:39:16 +00:00
# uninstall crowdsec and cscli
uninstall_crowdsec( ) {
2021-02-25 10:20:36 +00:00
systemctl stop crowdsec.service 1>/dev/null
systemctl disable -q crowdsec.service 1>/dev/null
${ CSCLI_BIN } dashboard remove -f -y >/dev/null
2020-05-15 09:39:16 +00:00
delete_bins
2020-11-30 09:37:17 +00:00
# tmp
rm -rf /tmp/data/
## end tmp
2020-12-08 11:45:36 +00:00
find /etc/crowdsec -maxdepth 1 -mindepth 1 | grep -v "bouncer" | xargs rm -rf || echo ""
2020-05-15 09:39:16 +00:00
rm -f ${ CROWDSEC_LOG_FILE } || echo ""
2021-03-11 10:18:09 +00:00
rm -f ${ LAPI_LOG_FILE } || echo ""
2020-05-15 09:39:16 +00:00
rm -f ${ CROWDSEC_DB_PATH } || echo ""
rm -rf ${ CROWDSEC_LIB_DIR } || echo ""
2020-05-27 13:54:40 +00:00
rm -rf ${ CROWDSEC_USR_DIR } || echo ""
2020-05-15 09:39:16 +00:00
rm -f ${ SYSTEMD_PATH_FILE } || echo ""
log_info "crowdsec successfully uninstalled"
}
2021-01-15 17:14:33 +00:00
function show_link {
echo ""
echo "Useful links to start with Crowdsec:"
echo ""
2021-12-15 10:31:32 +00:00
echo " - Documentation : https://doc.crowdsec.net/docs/getting_started/crowdsec_tour"
2021-01-15 17:14:33 +00:00
echo " - Crowdsec Hub : https://hub.crowdsec.net/ "
echo " - Open issues : https://github.com/crowdsecurity/crowdsec/issues"
echo ""
2021-02-25 10:20:36 +00:00
echo "Useful commands to start with Crowdsec:"
echo ""
2021-12-15 10:31:32 +00:00
echo " - sudo cscli metrics : https://doc.crowdsec.net/docs/observability/cscli"
echo " - sudo cscli decisions list : https://doc.crowdsec.net/docs/user_guides/decisions_mgmt"
echo " - sudo cscli hub list : https://doc.crowdsec.net/docs/user_guides/hub_mgmt"
2021-02-25 10:20:36 +00:00
echo ""
2021-12-13 18:31:43 +00:00
echo "Next step: visualize all your alerts and explore our community CTI : https://app.crowdsec.net"
echo ""
2021-01-15 17:14:33 +00:00
}
2020-05-15 09:39:16 +00:00
main( ) {
2021-07-01 11:50:40 +00:00
if [ " $1 " = = "install" ] || [ " $1 " = = "configure" ] || [ " $1 " = = "detect" ] ; then
2021-02-25 10:20:36 +00:00
if [ " ${ SILENT } " = = "false" ] ; then
which whiptail > /dev/null
if [ $? -ne 0 ] ; then
log_fatal "whiptail binary is needed to use the wizard in interactive mode, exiting ..."
fi
fi
which envsubst > /dev/null
if [ $? -ne 0 ] ; then
log_fatal "envsubst binary is needed to use do a full install with the wizard, exiting ..."
fi
fi
2020-05-15 09:39:16 +00:00
if [ [ " $1 " = = "binupgrade" ] ] ;
then
if ! [ $( id -u) = 0 ] ; then
2020-12-01 16:04:13 +00:00
log_err "Please run the wizard as root or with sudo"
2020-05-15 09:39:16 +00:00
exit 1
fi
2020-12-15 16:52:57 +00:00
check_cs_version
2020-05-15 09:39:16 +00:00
update_bins
return
fi
if [ [ " $1 " = = "upgrade" ] ] ;
then
if ! [ $( id -u) = 0 ] ; then
2020-12-01 16:04:13 +00:00
log_err "Please run the wizard as root or with sudo"
2020-05-15 09:39:16 +00:00
exit 1
fi
2020-12-15 16:52:57 +00:00
check_cs_version
2020-05-15 09:39:16 +00:00
update_full
return
fi
2021-01-28 11:05:42 +00:00
if [ [ " $1 " = = "configure" ] ] ;
then
if ! [ $( id -u) = 0 ] ; then
log_err "Please run the wizard as root or with sudo"
exit 1
fi
detect_services
${ CSCLI_BIN_INSTALLED } hub update
install_collection
genacquisition
2022-08-16 12:59:59 +00:00
if ! skip_tmp_acquis; then
mv " ${ TMP_ACQUIS_FILE } " " ${ ACQUIS_TARGET } "
fi
2021-01-28 11:05:42 +00:00
return
fi
if [ [ " $1 " = = "noop" ] ] ;
then
return
fi
2020-05-15 09:39:16 +00:00
if [ [ " $1 " = = "uninstall" ] ] ;
then
if ! [ $( id -u) = 0 ] ; then
2020-12-01 16:04:13 +00:00
log_err "Please run the wizard as root or with sudo"
2020-05-15 09:39:16 +00:00
exit 1
fi
2021-01-19 11:31:03 +00:00
check_running_bouncers
2020-05-15 09:39:16 +00:00
uninstall_crowdsec
return
fi
if [ [ " $1 " = = "bininstall" ] ] ;
then
if ! [ $( id -u) = 0 ] ; then
2020-12-01 16:04:13 +00:00
log_err "Please run the wizard as root or with sudo"
2020-05-15 09:39:16 +00:00
exit 1
fi
2020-12-15 16:52:57 +00:00
log_info "checking existing crowdsec install"
detect_cs_install
2020-05-15 09:39:16 +00:00
log_info "installing crowdsec"
install_crowdsec
2021-01-15 17:14:33 +00:00
show_link
2020-05-15 09:39:16 +00:00
return
fi
if [ [ " $1 " = = "install" ] ] ;
then
if ! [ $( id -u) = 0 ] ; then
2020-12-01 16:04:13 +00:00
log_err "Please run the wizard as root or with sudo"
2020-05-15 09:39:16 +00:00
exit 1
fi
2021-02-25 10:20:36 +00:00
log_info "checking if crowdsec is installed"
2020-12-15 16:52:57 +00:00
detect_cs_install
2020-05-15 09:39:16 +00:00
## Do make build before installing (as non--root) in order to have the binary and then install crowdsec as root
log_info "installing crowdsec"
install_crowdsec
2021-02-25 10:20:36 +00:00
log_dbg " configuring ${ CSCLI_BIN_INSTALLED } "
2020-11-30 09:37:17 +00:00
${ CSCLI_BIN_INSTALLED } hub update > /dev/null 2>& 1 || ( log_err "fail to update crowdsec hub. exiting" && exit 1)
2020-05-15 09:39:16 +00:00
# detect running services
detect_services
if ! [ ${# DETECTED_SERVICES [@] } -gt 0 ] ; then
log_err "No detected or selected services, stopping."
exit 1
fi ;
# Generate acquisition file and move it to the right folder
genacquisition
2022-08-16 12:59:59 +00:00
if ! skip_tmp_acquis; then
mv " ${ TMP_ACQUIS_FILE } " " ${ ACQUIS_TARGET } "
fi
2021-02-25 10:20:36 +00:00
log_info " acquisition file path: ${ ACQUIS_TARGET } "
2020-05-15 09:39:16 +00:00
# Install collections according to detected services
2021-02-25 10:20:36 +00:00
log_dbg "Installing needed collections ..."
2020-05-15 09:39:16 +00:00
install_collection
# install patterns/ folder
2021-02-25 10:20:36 +00:00
log_dbg "Installing patterns"
2020-05-15 09:39:16 +00:00
mkdir -p " ${ PATTERNS_PATH } "
cp " ./ ${ PATTERNS_FOLDER } / " * " ${ PATTERNS_PATH } / "
# api register
2021-03-18 12:59:41 +00:00
${ CSCLI_BIN_INSTALLED } machines add --force " $( cat /etc/machine-id) " -a -f " ${ CROWDSEC_CONFIG_PATH } / ${ CLIENT_SECRETS } " || log_fatal "unable to add machine to the local API"
2021-02-25 10:20:36 +00:00
log_dbg "Crowdsec LAPI registered"
2020-11-30 09:37:17 +00:00
2021-02-25 10:20:36 +00:00
${ CSCLI_BIN_INSTALLED } capi register || log_fatal "unable to register to the Central API"
log_dbg "Crowdsec CAPI registered"
2020-11-30 09:37:17 +00:00
2021-02-25 10:20:36 +00:00
systemctl enable -q crowdsec >/dev/null || log_fatal "unable to enable crowdsec"
systemctl start crowdsec >/dev/null || log_fatal "unable to start crowdsec"
log_info "enabling and starting crowdsec daemon"
2021-01-15 17:14:33 +00:00
show_link
2020-05-15 09:39:16 +00:00
return
fi
if [ [ " $1 " = = "detect" ] ] ;
then
2022-08-16 12:59:59 +00:00
if ! skip_tmp_acquis; then
rm -f " ${ TMP_ACQUIS_FILE } "
fi
2020-05-15 09:39:16 +00:00
detect_services
if [ [ ${ DETECTED_SERVICES } = = "" ] ] ; then
log_err "No detected or selected services, stopping."
exit
fi ;
log_info " Found ${# DETECTED_SERVICES [@] } supported services running: "
genacquisition
cat " ${ TMP_ACQUIS_FILE } "
2022-08-16 12:59:59 +00:00
if ! skip_tmp_acquis; then
rm " ${ TMP_ACQUIS_FILE } "
fi
2020-05-15 09:39:16 +00:00
return
fi
}
usage( ) {
echo "Usage:"
echo " ./wizard.sh -h Display this help message."
echo " ./wizard.sh -d|--detect Detect running services and associated logs file"
echo " ./wizard.sh -i|--install Assisted installation of crowdsec/cscli and collections"
echo " ./wizard.sh --bininstall Install binaries and empty config, no wizard."
echo " ./wizard.sh --uninstall Uninstall crowdsec/cscli"
echo " ./wizard.sh --binupgrade Upgrade crowdsec/cscli binaries"
echo " ./wizard.sh --upgrade Perform a full upgrade and try to migrate configs"
echo " ./wizard.sh --unattended Install in unattended mode, no question will be asked and defaults will be followed"
2020-11-30 09:37:17 +00:00
echo " ./wizard.sh --docker-mode Will install crowdsec without systemd and generate random machine-id"
2021-01-28 11:05:42 +00:00
echo " ./wizard.sh -n|--noop Do nothing"
2020-05-15 09:39:16 +00:00
exit 0
}
if [ [ $# -eq 0 ] ] ; then
usage
fi
while [ [ $# -gt 0 ] ]
do
key = " ${ 1 } "
case ${ key } in
--uninstall)
ACTION = "uninstall"
shift #past argument
; ;
--binupgrade)
ACTION = "binupgrade"
shift #past argument
; ;
--upgrade)
ACTION = "upgrade"
shift #past argument
; ;
-i| --install)
ACTION = "install"
shift # past argument
; ;
--bininstall)
ACTION = "bininstall"
shift # past argument
; ;
2020-11-30 09:37:17 +00:00
--docker-mode)
DOCKER_MODE = "true"
ACTION = "bininstall"
shift # past argument
; ;
2021-01-28 11:05:42 +00:00
-c| --configure)
ACTION = "configure"
shift # past argument
; ;
2020-05-15 09:39:16 +00:00
-d| --detect)
ACTION = "detect"
shift # past argument
; ;
2021-01-28 11:05:42 +00:00
-n| --noop)
ACTION = "noop"
shift # past argument
; ;
2020-05-15 09:39:16 +00:00
--unattended)
SILENT = "true"
ACTION = "install"
shift
; ;
2020-12-15 16:52:57 +00:00
-f| --force)
FORCE_MODE = "true"
shift
; ;
2020-05-15 09:39:16 +00:00
-v| --verbose)
DEBUG_MODE = "true"
shift
; ;
-h| --help)
usage
exit 0
; ;
*) # unknown option
log_err " Unknown argument ${ key } . "
usage
exit 1
; ;
esac
done
main ${ ACTION }