beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
1238 commits 83 branches 177 tags 151 MiB
Commit graph

314 commits

Author SHA1 Message Date
blotus
1e018bdaf8
Wait for both api and agent chans if necessary when daemonize is false or running on windows (#2155) 2023-04-04 15:16:48 +02:00
mmetc
38ab6be7c2
Allow feature.yml to change available subcommands (#2156) 2023-04-03 10:11:56 +02:00
mmetc
ea6401ce09
CI: Static builds by default; replace bincover with go -cover from 1.20 (#2150) 
* Makefile: build static binaries only
* Replace bincover with go -cover from 1.20
* CI: Fix timing issue between lapi and agent containers
 2023-03-30 15:05:09 +02:00
blotus
61bea26486
Add transform configuration option for acquisition (#2144) 2023-03-29 16:04:17 +02:00
blotus
1095f6c875
use expr.Function for custom functions instead of passing them in the env (#2133) 2023-03-28 10:49:01 +02:00
blotus
91eb39cff6
New PAPI commands: reauth + force_pull (#2129) 2023-03-21 14:06:19 +01:00
Thibault "bui" Koechlin
a74e424d53
support ip and cidr based whitelists for capi and 3rd party blocklists (#2132) 
* support ip and cidr based whitelists for capi and 3rd party blocklist
 2023-03-21 11:50:10 +01:00
AlteredCoder
e61a464951
Fix cscli explain when running from testenv (#2114) 
* Fix cscli explain when running from testenv
 2023-03-15 10:26:40 +01:00
mmetc
e161507d08
Lint (type inference): remove redundant type declarations (#2111) 2023-03-09 11:56:02 +01:00
mmetc
9faa49c7e8
Load lapi config for config show output (#2097) 
This adds URL and login parameters as it was intended.
Also rewrite configShow and displayOneAlert to use an embedded text/template for shorter code.
 2023-03-08 22:47:25 +01:00
Thibault "bui" Koechlin
9d5aaf5ea2
add --origin to cscli decisions delete (#2109) 2023-03-08 18:29:20 +01:00
Thibault "bui" Koechlin
5b0fe4b7f1
support for regexps result cache (#2104) 
* support for regexps result cache : gcache + xxhash

Co-authored-by: Marco Mariani <marco@crowdsec.net>
 2023-03-08 16:07:49 +01:00
blotus
16a3be49e2
do not try to load PAPI is url is not set (#2099) 2023-03-06 15:38:58 +01:00
blotus
e27a0a0e14
display source in alerts list when an alert has multiple decisions (#2098) 2023-03-06 13:51:57 +01:00
blotus
b2c2c5ac59
add papi_url in credentials file when enabling console_management, and remove it when disabling console_management (#2095) 2023-03-03 17:03:21 +01:00
blotus
85ab9c68a2
Add cscli papi status and cscli papi sync (#2091) 2023-03-03 13:46:28 +01:00
mmetc
f6d6c5bb2b
Add tests and typo fixes (#2092) 2023-03-03 11:06:27 +01:00
mmetc
a6bb2cf5e1
Fix log destination in one-shot mode (#2084) 2023-03-01 17:00:04 +01:00
Manuel Sabban
60b3f63851
ugly workaround to fix the tests (#2080) 
* ugly workaround to fix the tests

* add comments

---------

Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2023-02-28 17:05:11 +01:00
Manuel Sabban
39a4a256fd
fix the way acquisition is stopped (#2069) 
* fix the way acquisition is stopped by draining inputLineChan before terminating it.

---------

Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2023-02-27 11:21:25 +01:00
Laurence Jones
75d8b821ff
Explain successful parsers only (#2063) 
* Add option to filter down explain to successful parsers useful for me who has every collection installed

* Altered naming conventions so it makes more sense when reading
 2023-02-24 13:49:17 +00:00
mmetc
b7d1e2c483
replace log.Fatal -> fmt.Errorf (#2058) 2023-02-20 15:05:42 +01:00
blotus
83c3818504
Do not try to refresh JWT token when doing a login request (#2059) 2023-02-16 16:16:26 +01:00
Thibault "bui" Koechlin
1d7d377f8b
changes following BL tests (#2038) 
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
 2023-02-08 10:35:21 +01:00
Cristian Nitescu
987f119c4b
v3 capi and blocklists links support (#2019) 
* v3 model generation

* v3 model generation

* comms

* fixes after master merge

* missing reader close

* use constants defined for types

---------

Co-authored-by: bui <thibault@crowdsec.net>
 2023-02-06 14:06:14 +01:00
mmetc
b6be18ca65
cscli setup (#1923) 
Detect running services and generate acquisition configuration
 2023-02-06 07:33:04 +01:00
Thibault "bui" Koechlin
e927717fa0
Polling API Integration (#1715) 
Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: he2ss <hamza.essahely@gmail.com>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
 2023-01-31 14:47:44 +01:00
mmetc
d369656b26
agent: fix message when -dsn is provided without -type (#2009) 2023-01-20 16:14:26 +01:00
mmetc
e5833699c0
cscli config feature-flags (#2006) 2023-01-20 09:32:10 +01:00
mmetc
4bffc0df21
break in smaller functions cscli hub, hubtest, notifications, parsers, scenarios, simulation (#2004) 2023-01-19 13:29:36 +01:00
mmetc
7bb74b9664
refact cscli decisions (#2003) 2023-01-19 11:02:00 +01:00
Thibault "bui" Koechlin
4f29ce2ee7
CTI API Helpers in expr (#1851) 
* Add CTI API helpers in expr
* Allow profiles to have an `on_error` option to profiles

Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
 2023-01-19 08:45:50 +01:00
Marco Mariani
47dbfa770d configure logging earlier 2023-01-18 15:15:18 +01:00
Marco Mariani
91b0f8fee1 load custom configuration paths when agent is disabled 2023-01-18 15:15:18 +01:00
Marco Mariani
2e91a82aa7 load feature.yaml as soon as possible 2023-01-18 15:15:18 +01:00
Marco Mariani
b603bdfccc cscli refact: extracted New.*Cmd from alerts, capi, dashboard; removed (some) globals 2023-01-18 11:09:28 +01:00
mmetc
51800132cd
improve feature flag logging (#1986) 
For cscli: it should provide a terse output, not nag users with configuration details. Although it's usually important that cscli and crowdsec have the same enabled features, having it list them every time the command is invoked can be too much.

For crowdsec: when features are set from the environment, it's too early to log where we should. So we can use log.Debug at activation time, and list them again once logging is configured.

 - wrap some functions in csconfig for convenience and DRY
 - for each enabled feature, log.Debug
 - log all enabled features once as Info (crowdsec) or Debug (cscli)
 - file does not exist -> log.Trace
 2023-01-13 13:42:42 +01:00
mmetc
157589d31e
cscli explain: add crowdsec path option (#1983) 2023-01-12 17:04:28 +01:00
Thibault "bui" Koechlin
6fb962a941
Allow parsers to capture data for future enrichment (#1969) 
* Allow parsers to capture data in a cache, that can be later accessed via expr helpers (fake multi-line support)
 2023-01-11 15:01:02 +01:00
mmetc
cd4dabde0e
silence yaml.local explicitly in cscli, keep in crowdsec/bouncer logs (#1981) 2023-01-11 09:50:46 +01:00
mmetc
c4deaf0994
cscli: avoid initializing the db configuration twice (#1982) 2023-01-11 09:50:12 +01:00
AlteredCoder
185f9ad541
Alert context (#1895) 
Co-authored-by: bui <thibault@crowdsec.net>
 2023-01-04 16:50:02 +01:00
mmetc
59f6610721
separate cscli cobra constructors: lapi, machines, bouncers, postoverflows (#1945) 2022-12-30 10:13:52 +01:00
mmetc
6efc2688b1
simplify feature flags (#1947) 
Now checking for a feature flag is a one liner,
with no need to control errors.

if fflag.Crowdsec.CscliSetup.IsEnabled() {
   ...
}
 2022-12-26 14:23:41 +01:00
mmetc
c022eb1b86
remove ignored flag "-m" in "cscli machines delete" (it takes a positional argument) (#1943) 2022-12-23 17:13:20 +01:00
mmetc
ef3a130d54
Cscli config refactoring (#1934) 2022-12-22 12:22:55 +01:00
mmetc
5d2c99bb17
runtime feature flag initialization 2022-12-21 17:19:20 +01:00
mmetc
a32aa96752
feature flags (#1933) 
Package fflag provides a simple feature flag system.

 Feature names are lowercase and can only contain letters, numbers, undercores
 and dots.

 good: "foo", "foo_bar", "foo.bar"
 bad: "Foo", "foo-bar"

 A feature flag can be enabled by the user with an environment variable
 or by adding it to {ConfigDir}/feature.yaml

 I.e. CROWDSEC_FEATURE_FOO_BAR=true
 or in feature.yaml:
```
 ---
 - foo_bar
```

 If the variable is set to false, the feature can still be enabled
 in feature.yaml. Features cannot be disabled in the file.

 A feature flag can be deprecated or retired. A deprecated feature flag is
 still accepted but a warning is logged. A retired feature flag is ignored
 and an error is logged.

 A specific deprecation message is used to inform the user of the behavior
 that has been decided when the flag is/was finally retired.
 2022-12-20 16:11:51 +01:00
mmetc
6c19beb937
set cscli log timestamp to 24h (#1917) 2022-12-09 16:48:24 +01:00
blotus
fdda940ac0
Add Kubernetes audit acquisition (#1767) 2022-12-06 13:47:29 +01:00