add documentation on upgrades (#290)

* add documentation on upgrades
* make it more clear that you need bouncers
This commit is contained in:
Thibault "bui" Koechlin 2020-10-05 11:58:44 +02:00 committed by GitHub
parent bae76faf25
commit fb1884a4ca
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 57 additions and 1 deletions

View file

@ -98,6 +98,14 @@ Whenever in doubt with what is being processed or not, check [cscli metrics](/ob
If logs are being read, parsed and overflows are being triggered, but still nothing appears in the dashboard, ask for some help on discourse or gitter !
## I have installed crowdsec and it detect attacks, but nothing is blocked !
Keep in mind that {{crowdsec.Htmlname}} is only in charge of the detection. The decision/remediation is applied by {{bouncer.Htmlname}}.
If you don't install any bouncer, you will detect attack, but not block them. Explore the [bouncers in the hub]({{bouncer.url}}) to find the relevant ones !
<!--
## How to contribute ?

View file

@ -82,6 +82,54 @@ make build
Now, you can install either with [interactive wizard](#using-the-interactive-wizard) or the [unattended mode](#using-unattended-mode).
# Upgrading
The wizard itself comes with a `--upgrade` option, that will upgrade existing crowdsec version.
If you have installed crowdsec `v0.1.0` and you downloaded `v0.1.1`, you can run `sudo ./wizard.sh --upgrade` from the extracted `v0.1.1` version. (_note_: the wizard doesn't *yet* download the latest version, you have to download it)
The wizard takes care of backing up configurations on your behalf, and puts them into an archive :
- backup your parsers,scenarios,collections, either from hub or your local ones
- simulation configuration
- API credentials
- acquisition.yaml file
- plugin(s) configuration
It will then install the new/current crowdsec version, and restore everything that has been backed up!
```bash
$ sudo ./wizard.sh --upgrade
[10/05/2020:11:27:34 AM][INF] crowdsec_wizard: Backing up existing configuration
WARN[0000] Starting configuration backup
INFO[0000] saving, version:0.1, up-to-date:true file=crowdsecurity/syslog-logs type=parsers
...
INFO[0000] Wrote 7 entries for parsers to /tmp/tmp.z54P27aaW0/parsers//upstream-parsers.json file=crowdsecurity/geoip-enrich type=parsers
INFO[0000] Wrote 0 entries for postoverflows to /tmp/tmp.z54P27aaW0/postoverflows//upstream-postoverflows.json file=crowdsecurity/seo-bots-whitelist type=postoverflows
INFO[0000] Wrote 9 entries for scenarios to /tmp/tmp.z54P27aaW0/scenarios//upstream-scenarios.json file=crowdsecurity/smb-bf type=scenarios
INFO[0000] Wrote 4 entries for collections to /tmp/tmp.z54P27aaW0/collections//upstream-collections.json file=crowdsecurity/vsftpd type=collections
INFO[0000] Saved acquis to /tmp/tmp.z54P27aaW0/acquis.yaml
INFO[0000] Saved default yaml to /tmp/tmp.z54P27aaW0/default.yaml
INFO[0000] Saved configuration to /tmp/tmp.z54P27aaW0
INFO[0000] Stop docker metabase /crowdsec-metabase
[10/05/2020:11:27:36 AM][INF] crowdsec_wizard: Removing crowdsec binaries
[10/05/2020:11:27:36 AM][INF] crowdsec_wizard: crowdsec successfully uninstalled
[10/05/2020:11:27:36 AM][INF] crowdsec_wizard: Installing crowdsec
...
[10/05/2020:11:27:36 AM][INF] crowdsec_wizard: Restoring configuration
...
INFO[0004] Restore acquis to /etc/crowdsec/config/acquis.yaml
INFO[0004] Restoring '/tmp/tmp.z54P27aaW0/plugins/backend/database.yaml' to '/etc/crowdsec/plugins/backend/database.yaml'
[10/05/2020:11:27:41 AM][INF] crowdsec_wizard: Restoring saved database
[10/05/2020:11:27:41 AM][INF] crowdsec_wizard: Finished, restarting
```
As usual, if you experience any issues, let us know :)
# Uninstalling
You can uninstall crowdsec using the wizard : `sudo ./wizard.sh --uninstall`

View file

@ -2,7 +2,7 @@
# What is {{crowdsec.Name}} ?
[{{crowdsec.Name}}]({{crowdsec.url}}) is an open-source and lightweight software that allows you to detect peers with malevolent behaviors and block them from accessing your systems at various level (infrastructural, system, applicative).
[{{crowdsec.Name}}]({{crowdsec.url}}) is an open-source and lightweight software that allows you to detect peers with malevolent behaviors and block them (using {{bouncers.Htmlname}}) from accessing your systems at various levels (infrastructural, system, applicative).
To achieve this, {{crowdsec.Name}} reads logs from different sources (files, streams ...) to parse, normalize and enrich them before matching them to threats patterns called scenarios.