* make dev.yaml has a valid/default console path
* simplify and make more consistent help message about console opts
* allow enroll to specify options to enable
* allow 'all' shortcut for --enable
* cscli inspect: suggest --diff if an item is tainted
* appropriate warning, or error if context configuration file is empty
* fix user/group lookup unit test
* fix: allow hub upgrade --force with local items
* fix pkg/parser lookup for 8.8.8.8
* fix func test
* fix hubtests: machines add --force
* feedback on stdout, not log.Info
* rename parameters to silence warnings from "unusedparams"
* debian postinst: skip duplicate warnings with 'cscli machines add'
* rpm postinst: skip duplicate warnings in 'cscli machines add'
* update func tests
* debian prerm: if dashboard remove fails, explain it's ok
* debian prerm: suppress warnings about wal, capi when attempting to remove the dashboard
* wizard.sh: log format like crowdsec
* Add cacert, certpath, certkey to http plugin to load custom cetificates
* rename func to get tls client as it doesnt make sense calling it api
* Fix is capath is empty we should return the current certificates
* Remove comment
Add a new datasource that:
- Receives HTTP requests from remediation components
- Apply rules on them to determine whether they are malicious or not
- Rules can be evaluated in-band (the remediation component will block the request directly) or out-band (the RC will let the request through, but crowdsec can still process the rule matches with scenarios)
The PR also adds support for 2 new hub items:
- appsec-configs: Configure the Application Security Engine (which rules to load, in which phase)
- appsec-rules: a rule that is added in the Application Security Engine (can use either our own format, or seclang)
---------
Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
* cscli machines add: don't overwrite existing credential file
* keep old behavior with --force
Now --force is used both to override the replacement of and existing machine,
and an existing credentials file. To retain the old behavior, the
existence of the file is only checked for the default configuration, not
if explicitly specified.
* Ignore blank lines within file and stdin
* change cleanup to be persistent postrun so if we exit early it always cleans
* When using log flag we should add a newline so we know where EOF is
* Inverse the check for log line since we dont want to modify the line itself
* Wrap run explain with a function that returns the error after cleaning up
* Wrap run explain with a function that returns the error after cleanup
* Use a defer iif instead of global var
* Add invalid len input to err count so it more obvious what is happening
---------
Co-authored-by: Manuel Sabban <github@sabban.eu>
* Add detection sqlie wal for dashboard chown
* Lean it down a little
* Change to for loop with extensions
* Keep existing uid on files incase user is running as a unpriviledge user
* I have no idea 🤷
* Exclude dash.go and update windows
* Update
* Renam
* Remove the os check since we no longer get to this stage for those os's
---------
Co-authored-by: Manuel Sabban <github@sabban.eu>
