Doc fix install (#494)

This commit is contained in:
Thibault "bui" Koechlin 2020-12-01 15:08:36 +01:00 committed by GitHub
parent 71325d9134
commit e5487aacdb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 49 additions and 35 deletions

View file

@ -14,4 +14,3 @@ labels:
filename: /var/log/apache2/*.log filename: /var/log/apache2/*.log
labels: labels:
type: apache2 type: apache2
---

View file

@ -41,26 +41,24 @@ You are then ready to [take a tour](/Crowdsec/v1/getting_started/crowdsec-tour/)
sudo {{v1X.wizard.bin}} --bininstall sudo {{v1X.wizard.bin}} --bininstall
``` ```
This will deploy a valid/empty {{v1X.crowdsec.name}} configuration files and binaries. This will only deploy the binaries, and some extra installation steps need to be completed for the software to be functional :
Beware, in this state, {{v1X.crowdsec.name}} won't monitor/detect anything unless configured.
``` - `sudo cscli hub update` : update the hub index
cscli install collection crowdsecurity/linux - `sudo cscli machines add -a` : register crowdsec to the local API
``` - `sudo cscli capi register` : register to the central API
- `sudo cscli collections install crowdsecurity/linux` : install essential configs (syslog parser, geoip enrichment, date parsers)
- configure your sources in your {{v1X.ref.acquis}} : `/etc/crowdsec/acquis.yaml`
You can now start & enable the crowdsec service :
Installing at least the `crowdsecurity/linux` collection will provide you : - `sudo systemctl start crowdsec`
- `sudo systemctl enable crowdsec`
- syslog parser
- geoip enrichment
- date parsers
You will need as well to configure your {{v1X.ref.acquis}} file to feed {{v1X.crowdsec.name}} some logs.
## Using the unattended wizard
If your setup is standard and you've walked through the default installation without issues, you can win some time in case you need to perform a new install : `sudo ./wizard.sh --unattended`
This mode will emulate the interactive mode of the wizard where you answer **yes** to everything and stick with the default options.
## From source ## From source
@ -75,12 +73,9 @@ Go in {{v1X.crowdsec.name}} folder and build the binaries :
```bash ```bash
cd crowdsec cd crowdsec
``` make release
```bash
make build
``` ```
This will create you a directory (`crowdsec-vXXX/`) and an archive (`crowdsec-release.tgz`) that are release built from your local code source.
{{v1X.crowdsec.name}} bin will be located in `./cmd/crowdsec/crowdsec` and {{v1X.cli.name}} bin in `cmd/crowdsec-cli/{{v1X.cli.bin}}`
Now, you can install either with [interactive wizard](#using-the-interactive-wizard) or the [unattended mode](#using-unattended-mode). Now, you can install either with [interactive wizard](#using-the-interactive-wizard) or the [unattended mode](#using-unattended-mode).

View file

@ -14,7 +14,7 @@ To upgrade {{v1X.crowdsec.name}} from v0.X to v1, we'll follow those steps
#### Backup up configuration #### Backup up configuration
``` ```bash
sudo cscli backup save /tmp/crowdsec_backup sudo cscli backup save /tmp/crowdsec_backup
sudo cp -R /etc/crowdsec/config/patterns /tmp/crowdsec_backup sudo cp -R /etc/crowdsec/config/patterns /tmp/crowdsec_backup
``` ```
@ -23,7 +23,7 @@ sudo cp -R /etc/crowdsec/config/patterns /tmp/crowdsec_backup
Download latest V1 {{v1X.crowdsec.name}} version [here]({{v1X.crowdsec.download_url}}) Download latest V1 {{v1X.crowdsec.name}} version [here]({{v1X.crowdsec.download_url}})
``` ```bash
tar xvzf crowdsec-release.tgz tar xvzf crowdsec-release.tgz
cd crowdsec-v1*/ cd crowdsec-v1*/
sudo ./wizard.sh --uninstall sudo ./wizard.sh --uninstall
@ -37,32 +37,52 @@ sudo ./wizard.sh --bininstall
!!! warning !!! warning
Before restoring old backup, if you have `local` or `tainted` postoverflows, be aware that they are no longer compatible. You should update the syntax (the community and us are available to help you doing this part). Before restoring old backup, if you have `local` or `tainted` postoverflows, be aware that they are no longer compatible. You should update the syntax (the community and us are available to help you doing this part).
``` ```bash
sudo cscli hub update sudo cscli hub update
sudo cscli config restore --old-backup /tmp/crowdsec_backup/ sudo cscli config restore --old-backup /tmp/crowdsec_backup/
sudo cp -R /tmp/crowdsec_backup/patterns /etc/crowdsec/ sudo cp -R /tmp/crowdsec_backup/patterns /etc/crowdsec/
``` ```
### Register crowdsec to local & central API
```bash
$ sudo cscli machines add -a
INFO[0000] Machine '...' created successfully
INFO[0000] API credentials dumped to '/etc/crowdsec/local_api_credentials.yaml'
```
Before starting the services, let's check that we're properly registered :
```bash
$ sudo cscli capi status
INFO[0000] Loaded credentials from /etc/crowdsec/online_api_credentials.yaml
INFO[0000] Trying to authenticate with username ... on https://api.crowdsec.net/
INFO[0000] You can successfully interact with Central API (CAPI)
```
#### Start & health check #### Start & health check
Finally, you will be able to start {{v1X.crowdsec.name}} service. Before that, just check if {{v1X.lapi.name}} and {{v1X.api.name}} are correctly configured. Finally, you will be able to start {{v1X.crowdsec.name}} service. Before that, just check if {{v1X.lapi.name}} and {{v1X.api.name}} are correctly configured.
``` ```bash
ubuntu@ip-:~$ sudo cscli lapi status $ sudo systemctl enable crowdsec
$ sudo systemctl start crowdsec
$ sudo cscli lapi status
INFO[0000] Loaded credentials from /etc/crowdsec/local_api_credentials.yaml INFO[0000] Loaded credentials from /etc/crowdsec/local_api_credentials.yaml
INFO[0000] Trying to authenticate with username 941c3fxxxxxxxxxxxxxxxxxxxxxx on http://localhost:8080/ INFO[0000] Trying to authenticate with username ... on http://localhost:8080/
INFO[0000] You can successfully interact with Local API (LAPI) INFO[0000] You can successfully interact with Local API (LAPI)
$ sudo cscli capi status
ubuntu@ip-:~$ sudo cscli capi status
INFO[0000] Loaded credentials from /etc/crowdsec/online_api_credentials.yaml INFO[0000] Loaded credentials from /etc/crowdsec/online_api_credentials.yaml
INFO[0000] Trying to authenticate with username 941c3fxxxxxxxxxxxxxxxxxxxxxxx on https://api.crowdsec.net/ INFO[0000] Trying to authenticate with username ... on https://api.crowdsec.net/
INFO[0000] You can successfully interact with Central API (CAPI) INFO[0000] You can successfully interact with Central API (CAPI)
ubuntu@ip-:~$ sudo systemctl start crowdsec.service
ubuntu@ip-:~$ sudo systemctl status crowdsec.service
``` ```
You can even check logs (located by default here: `/var/log/crowdsec.log` & `/var/log/crowdsec_api.log`). !!! warning
If you're facing issues with `cscli lapi status`, just re-run `cscli machines add -a`.
If you're facing issues with `cscli capi status`, just re-run `cscli capi register`
You can check logs (located by default here: `/var/log/crowdsec.log` & `/var/log/crowdsec_api.log`).
You can now navigate documentation to learn new {{v1X.cli.name}} commands to interact with crowdsec. You can now navigate documentation to learn new {{v1X.cli.name}} commands to interact with crowdsec.