beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
1117 commits 83 branches 177 tags 151 MiB
Commit graph

452 commits

Author SHA1 Message Date
blotus
bb2f0e938f
Blocklist: Do not duplicate decisions when pulling (#1796) 2022-10-19 15:51:40 +02:00
Thibault "bui" Koechlin
ae6bf39495
support decisions deletion via scenario + alerts delete via ID (#1798) 2022-10-19 14:37:27 +02:00
mmetc
6b0097a24b
change warning to debug when directories are missing in hub sync (#1819) 2022-10-18 10:32:54 +02:00
mmetc
2b7e3ff1e7
warn if no acquisition files are found, acquisition_test refactoring, tests (#1816) 2022-10-17 17:32:08 +02:00
mmetc
ec0d2a5ed2
refactor broker_test.go, extract cstest/filenotfound*.go (#1815) 2022-10-17 14:17:23 +02:00
mmetc
a96b3e077d
rename pkg/cstest -> pkg/hubtest (#1811) 
keep cstest for generic helper functions
this also avoids circular imports in test files
 2022-10-17 09:24:07 +02:00
mmetc
8fecc2c00b
enable staticcheck linter; fixes (#1806) 
- explicitly ignore returned parameters
 - replace Walk with faster WalkDir
 - log path error during hub dir sync
 - colorize static unit tests
 - removed duplicate import in crowdsec/main.go
 - typos
 - func tests: default datasource in tests/var/log instead of /tmp
 - action setup-go v3
 2022-10-14 16:12:21 +02:00
Manuel Sabban
7359586f1c
fix ticker mix up (#1807) 
Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2022-10-13 14:30:27 +02:00
mmetc
4b3c9c2806
print cscli usage in color, fix windows terminal detection (#1801) 2022-10-13 12:28:24 +02:00
mmetc
7674f907c4
replace log.Fatal with t.Fatal (#1805) 
This is required to run deferred teardown functions
 2022-10-13 10:42:46 +02:00
mmetc
1d9f861f28
unit tests: always capture testcase variable -> allow parallel testing (#1797) 2022-10-10 10:48:26 +02:00
Shivam Sandbhor
74659a82ab
Fast bulk alert delete (#1791) 2022-10-07 12:40:30 +02:00
mmetc
ddd75eae9a
cscli: new tables, --color yes|no|auto option (#1763) 2022-10-07 11:05:35 +02:00
AlteredCoder
b95a67751e
Update ent and grokky package (#1772) 
* Update ent and grokky package
 2022-10-06 14:55:42 +02:00
Manuel Sabban
83841d801c
fork dlog to ease debian packaging on official repos (#1790) 
Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2022-10-06 13:40:31 +02:00
Shivam Sandbhor
65c0b9ebcf
Simplify one shot tests (#1786) 2022-10-06 11:57:26 +02:00
blotus
3ba67bad3d
remove a wrong warning when pulling list content from CAPI (#1789) 2022-10-06 11:48:06 +02:00
mmetc
9b3be5c2e8
Bulk delete alert optimization (#1782) 2022-10-05 17:07:44 +02:00
Shivam Sandbhor
b203b3f444
Fix flakey test in file_tests (#1783) 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
 2022-10-05 16:40:09 +02:00
mmetc
6120571421
fix & cleanup cloudwatch_test.go (#1780) 2022-10-04 09:48:59 +02:00
mmetc
edced6818a
cleanup + fix flaky tests in file_test.go, apic_test.go (#1773) 2022-09-30 16:01:42 +02:00
blotus
bfbe180101
Tighten windows sqlite database permissions (#1769) 2022-09-28 16:18:00 +02:00
Sean Kelly
568eb1d4e0
Fix misspelling of instantiate participles (#1759) 2022-09-27 17:13:43 +02:00
Laurence Jones
21e5b0d6d0
Improvement: Docker one shot error message (#1666) 
* In one shot, user would only specify one container?
 2022-09-27 16:20:30 +02:00
Manuel Sabban
1f06f242cc
fix https://github.com/crowdsecurity/crowdsec/issues/1746 (#1749) 
Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2022-09-14 15:26:26 +02:00
blotus
9b3ff82542
add WAL support for sqlite (#1752) 2022-09-14 15:09:54 +02:00
AlteredCoder
7d97729eea
Add config option to enable or not local API and agent (#1730) 
* Add flag to enable or not local API and agent
 2022-09-12 14:38:29 +02:00
AlteredCoder
b06167a3fa
Allow plugins to load environment variable (#1727) 
* Allow plugins to load environment variable
 2022-09-08 11:41:28 +02:00
Manuel Sabban
b2130b1593
Fix 1737 (#1738) 
* add GetMeta to *types.Event

Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2022-09-07 10:11:39 +02:00
Thibault "bui" Koechlin
9d199fd4a9
fix #1733 : add support for exclusion regexps (#1735) 
* allow to specify a list of regular expressions to skip some specific files
 2022-09-06 14:58:37 +02:00
mmetc
414282a2c9
golangci-lint 1.49 and related fixes (#1736) 2022-09-06 13:55:03 +02:00
Laurence Jones
e674537d0b
Update sprig to v3 (#1722) 
* Update sprig to v3
 2022-09-05 09:05:50 +02:00
he2ss
ea40ffd655
Datasource/kafka (#1698) 
* add Kafka datasource
 2022-08-30 17:03:45 +02:00
Manuel Sabban
7d0f89df29
Implement reinject command to send notifications of alerts (#1638) 
* implement reinject command to send notifications of alerts using a profile

Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2022-08-30 15:45:52 +02:00
Thibault "bui" Koechlin
bacea50485
allow user to disable decision deduplication (#1687) 
* allow user to disable decision deduplication
 2022-08-26 14:17:46 +02:00
blotus
1f5224b74b
switch to go 1.19 (#1709) 2022-08-26 13:31:49 +02:00
mmetc
eea07b7a1a
golangci-lint v1.48 and fixes for "usestdlibvars" (#1711) 2022-08-16 09:46:10 +02:00
AlteredCoder
1002affc16
cscli machines delete: return an error if machines doesn't exist (#1689) 
* cscli machines delete: return an error if machines doesn't exist
 2022-07-28 17:32:12 +02:00
Thibault "bui" Koechlin
866c200c31
Generic dateparse approach (#1669) 
* Allow any parser to suggest a format string for the date to be parsed.

* allow the enricher functions to get the parser's logger so they can inherit the level
 2022-07-28 16:41:41 +02:00
Thibault "bui" Koechlin
0eea20fa7c
revert decision dedup behavior to 1.3.4 (#1675) 
* revert decision dedup behavior to 1.3.4
 2022-07-22 11:20:10 +02:00
Thibault "bui" Koechlin
bd91ddaf52
logging consistency for .local files (#1655) 2022-07-13 10:56:03 +02:00
blotus
7b8cd63b04
do not set the UDP read buffer size in syslog datasource (#1657) 2022-07-13 10:18:03 +02:00
AlteredCoder
39da36361c
Get geoip Country from other objects if not present (#1659) 2022-07-12 15:26:34 +02:00
Thibault "bui" Koechlin
73f336363a
bump log level when overloading config file with .local (#1646) 
* bump log level

Co-authored-by: Marco Mariani <marco@crowdsec.net>
 2022-07-08 09:29:23 +02:00
blotus
5c1c941851
close response body in heartbeat (#1637) 2022-07-06 14:50:54 +02:00
AlteredCoder
5f62d738fc
Add no-capi flag and review some logs (#1628) 
* Add no-capi flag and review some logs
 2022-07-01 16:56:13 +02:00
Thibault "bui" Koechlin
ca4cd6d559
attempt to fix ticker leak (#1620) 2022-06-30 17:36:01 +02:00
AlteredCoder
02e0f3c095
Fix event.timestamp pointer usage (#1621) 
* Fix event.timestamp pointer usage

* avoid returning an error when creating alerts if something goes wrong during the parsing

Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
 2022-06-30 17:35:42 +02:00
blotus
863facaa33
Properly handle expired decisions with different scopes (#1616) 2022-06-29 16:13:04 +02:00
Thibault "bui" Koechlin
15902dcba6
fix #1615 : cleanup based on heartbeat instead (#1617) 2022-06-29 13:21:58 +02:00
mmetc
8e7e799304
[wip] serve metrics only after agent and/or lapi are ready; fixed some func tests (#1613) 2022-06-24 15:55:21 +02:00
he2ss
7fafb483ad
Pkg/database/fix count decisions since by value (#1606) 
* fix CountDecisionsSinceByValue to have also expired decisions
 2022-06-23 12:04:07 +02:00
AlteredCoder
a4f4eabf0a
support yml file (#1605) 2022-06-22 17:01:27 +02:00
mmetc
628d7be1d8
simplify err.Error() to err when used in printf context (#1603) 2022-06-22 15:53:53 +02:00
he2ss
3d6f015211
Add duration expr to add duration formula (#1556) 
* add duration expr to add duration formula
 2022-06-22 11:29:52 +02:00
Thibault "bui" Koechlin
a6ed08b239
Add alerts and decisions metrics, LAPI and agent timing prom metrics (#1546) 2022-06-22 11:14:34 +02:00
AlteredCoder
0a39066f9d
Fix #1552 (#1569) 2022-06-22 10:29:02 +02:00
mmetc
d71279f023
added flag crowdsec --warning (#1461) 2022-06-22 09:38:23 +02:00
mmetc
c78c833400
CI: colored test output, colored crowdsec and crowdsec-api logs, full final db dump for mysql and sqlite (#1596) 
* github-ci: color unit test output and logs
* new config option: force_color_logs (useful in CI)
* bats: show sqlite/mysql dump at the end
* removed "-v" (print package names) from "go build"
* general workflow cleanup
 2022-06-17 16:12:49 +02:00
mmetc
10585bfecc
enabled linters and fixes for: misspell, predeclared, unconvert, ineffassign, gosimple, govet (#1595) 2022-06-16 14:41:54 +02:00
Thibault "bui" Koechlin
ff72a3c1c7
avoid create a new name generator at each bucket instanciation, it's not that cheap (#1591) 2022-06-15 10:02:00 +02:00
blotus
9c1b78395a
reduce verbosity of TLS auth and FlushAgentsAndBouncers (#1588) 2022-06-13 16:08:00 +02:00
Thibault "bui" Koechlin
581ddf78fc
Performance improvements (#1583) 
* fix concurrent map write on distinct cache

* cache compiled expressions for groupby and cancel_on filters

* limit objects copy when it's going to lock a shared goroutine
 2022-06-13 14:41:05 +02:00
Thibault "bui" Koechlin
567e0ab7d1
fix concurrent map write on distinct cache (#1582) 2022-06-10 09:39:23 +02:00
Thibault "bui" Koechlin
1c0fe09576
Add support for certificate authentication for agents and bouncers (#1428) 2022-06-08 16:05:52 +02:00
blotus
bdda8691ff
New syslog parser for syslog datasource (#1554) 2022-06-08 15:16:58 +02:00
blotus
4b311684ab
Add more JSON expr helpers (#1576) 2022-06-08 12:15:29 +02:00
mmetc
799cc82bb5
functional tests, minor refactoring and lint/cleanup (#1570) 
* cmd/crowdsec: removed log.Fatal()s, added tests and print error for unrecognized argument
* updated golangci-lint to v1.46
* lint/deadcode: fix existing issues
* tests: cscli config backup/restore
* tests: cscli completion powershell/fish
* err check: pflags MarkHidden()
* empty .dockerignore (and explain the reason)
* tests, errors.Wrap
* test for CS_LAPI_SECRET and minor refactoring
* minor style changes
* log cleanup
 2022-06-06 15:24:48 +02:00
mmetc
88a4801d6a
allow run-tests with -f "<test-name>" (#1564) 2022-05-28 22:10:27 +02:00
he2ss
e88e9946f9
Crowdsec/decisions_stream bug fix (#1517) 
* Fix bug when stream interval is greater or equal to 60s

Co-authored-by: alteredCoder <kevin@crowdsec.net>
 2022-05-27 15:23:59 +02:00
mmetc
1fc9587919
fix #1283: update and enable error reports from golangci (#1523) 2022-05-25 22:27:50 +02:00
mmetc
1a293a2a27
cwhub: export SetHubBranch (#1559) 2022-05-24 15:46:48 +02:00
mmetc
357899b83e
fixed uid/gid bound check regression (#1555) 2022-05-23 09:46:39 +02:00
Thibault "bui" Koechlin
0483b9c641
do not spew.Sdump() the invalid node on error. It leads to huge memory usage, especially if the parsers refers ie. datafile (#1550) 2022-05-20 13:29:47 +02:00
AlteredCoder
1e1741aa45
Allow to set static to a pointer and add IsIPV6 helper (#1540) 
* Allow to set static to a pointer and add IsIPV6 helper
 2022-05-19 16:28:25 +02:00
Thibault "bui" Koechlin
fe09737d80
Add support for machine heartbeat (#1541) 
* add the last_heartbeat field

* add heartbeat controller

* add endpoint of heartbeat

* heartbeat integration

* add last_heartbeat to cscli machines list
 2022-05-19 15:47:27 +02:00
mmetc
131ed1b0a7
error reporting (#1501) 
* unified error reporting, removed redundancy, tests
 2022-05-19 10:48:08 +02:00
Manuel Sabban
18030e6c58
add notifications command (#1537) 
* add notifications command

Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
 2022-05-18 16:13:33 +02:00
Shivam Sandbhor
220bbe5862
Document LAPI filters (#1535) 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
 2022-05-18 11:45:12 +02:00
mmetc
98f2ac5e7c
fix #1385: .yaml.local (#1497) 
Added support for .yaml.local files to override values in .yaml
 2022-05-18 10:08:37 +02:00
blotus
39f7e38444
retry to send alert to plugin channel if it fails (#1530) 2022-05-17 16:57:15 +02:00
Thibault "bui" Koechlin
fbcb2ed7fd
Improve distinct/uniq behaviour (#1478) 
* make uniq/distinct use a cache that is independant of the bucket's cache_size

* add testing specifically for cache_size
 2022-05-17 12:45:53 +02:00
blotus
0449ec1868
Windows Support (#1159) 2022-05-17 12:14:59 +02:00
Cristian Nitescu
a49b023a28
GetExprEnv usage optimization (#1515) 
* avoid multiples calls to GetExprEnv

* cache ExprEnv in node process

* use global expression env

* remove block profile rate
 2022-05-17 10:50:37 +02:00
blotus
8f111680bf
Allow to override statics in hubtest. (#1495) 2022-04-29 14:24:41 +02:00
blotus
64369b5c2b
add expr XML helpers (#1493) 2022-04-29 13:52:23 +02:00
blotus
392708a804
Fix docker flaky test (#1494) 2022-04-29 12:16:49 +02:00
AlteredCoder
f22e4eb24e
Improve MySQL performance (#1477) 
* Improve MySQL performance
 2022-04-28 12:53:14 +02:00
AlteredCoder
be977d1cc4
Fix cwhub collections uninstall dependencies (#1486) 
* Fix cwhub collections uninstall dependencies
 2022-04-27 18:28:03 +02:00
AlteredCoder
a645c928d4
Fix decisions list with --no-simu flag (#1482) 
* Fix decisions list with --no-simu flag
 2022-04-27 11:05:40 +02:00
Greg Myers
0f4ab71f01
Fix typos in docs, comments, code (#1483) 2022-04-27 11:04:12 +02:00
AlteredCoder
44b11c2e5b
Fix hub items installation (#1481) 2022-04-26 17:37:07 +02:00
blotus
1bd8cc79c8
Kill the whole docker acquis in tests (#1475) 2022-04-22 16:56:22 +02:00
blotus
8909fbdb22
cleanup container state if the reader tomb dies by itself (#1470) 2022-04-22 10:52:44 +02:00
Thibault "bui" Koechlin
242706a475
fix journalctl deadlock on shutdown (#1468) 
* avoid being locked sending termination error while the reading routine - on the chan - died
 2022-04-21 14:02:25 +02:00
AlteredCoder
4273a0f243
cscli: add autocompletions for hubitems (#1465) 
* Add autocompletion for hub items in cscli
 2022-04-20 15:44:48 +02:00
he2ss
615895da9d
cscli: add force enroll feature (#1430) 
* cscli: add force enroll feature
 2022-04-20 13:34:17 +02:00
Thibault "bui" Koechlin
e6a35e8714
Improve plugins grouping (alternative to #1424) (#1437) 
* Fix races in test (#1446)

Co-authored-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: AlteredCoder <64792091+AlteredCoder@users.noreply.github.com>
 2022-04-19 19:12:23 +02:00
AlteredCoder
526a4dbd08
Reduce the query unescape helper verbosity (#1447) 2022-04-19 12:31:29 +02:00
Shivam Sandbhor
8060f54f27
Cwhub testing (#1438) 
* Add tests in cwhub and fix collection upgrade(#1431)

Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com

Co-authored-by: bui <thibault@crowdsec.net>
Co-authored-by: Thibault "bui" Koechlin <orixxx@gmail.com>
 2022-04-19 12:07:35 +02:00