mirrors/crowdsec
1
0
Fork 0
mirror of https://github.com/crowdsecurity/crowdsec.git synced 2025-05-10 20:05:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Refactor Acquisition Interface (#773)

Browse source 
* Add new acquisition interface + new modules (cloudwatch, syslog)

Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
This commit is contained in:
Thibault "bui" Koechlin 2021-06-11 09:53:53 +02:00 committed by GitHub
parent 71c1d9431f
commit ce6a61df1c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
47 changed files with 4468 additions and 1378 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/func_tests/tests_post-install_4cold-logs.sh
View file

@ -18,7 +18,7 @@ for i in `seq 1 10` ; do
echo `date '+%b %d %H:%M:%S '`'sd-126005 sshd[12422]: Invalid user netflix from 1.1.1.172 port 35424' >> ssh-bf.log
done;
${CROWDSEC} -file ./ssh-bf.log -type syslog -no-api
${CROWDSEC} -dsn "file://./ssh-bf.log" -type syslog -no-api
${CSCLI} decisions list -o=json | ${JQ} '. | length == 1' || fail "expected exactly one decision"
${CSCLI} decisions list -o=json | ${JQ} '.[].decisions[0].value == "1.1.1.172"' || fail "(exact) expected ban on 1.1.1.172"

6
scripts/func_tests/tests_post-install_5simulation.sh
View file

@ -20,7 +20,7 @@ for i in `seq 1 10` ; do
echo `date '+%b %d %H:%M:%S '`'sd-126005 sshd[12422]: Invalid user netflix from 1.1.1.174 port 35424' >> ssh-bf.log
done;
${CROWDSEC} -file ./ssh-bf.log -type syslog -no-api
${CROWDSEC} -dsn file://./ssh-bf.log -type syslog -no-api
${CSCLI} decisions list -o=json | ${JQ} '. | length == 1' || fail "expected exactly one decision"
${CSCLI} decisions list -o=json | ${JQ} '.[].decisions[0].value == "1.1.1.174"' || fail "(exact) expected ban on 1.1.1.174"
@ -32,7 +32,7 @@ ${CSCLI} decisions list -o=json | ${JQ} '.[].decisions[0].simulated == false' |
${CSCLI} decisions delete --all
${CSCLI} simulation enable $SCENARIO
${CROWDSEC} -file ./ssh-bf.log -type syslog -no-api
${CROWDSEC} -dsn file://./ssh-bf.log -type syslog -no-api
${CSCLI} decisions list --no-simu -o=json | ${JQ} '. == null' || fail "expected no decision (listing only non-simulated decisions)"
@ -42,6 +42,6 @@ ${CSCLI} decisions delete --all
${CSCLI} simulation disable $SCENARIO
${CSCLI} simulation enable --global
${CROWDSEC} -file ./ssh-bf.log -type syslog -no-api
${CROWDSEC} -dsn file://./ssh-bf.log -type syslog -no-api
${CSCLI} decisions list --no-simu -o=json | ${JQ} '. == null' || fail "expected no decision (listing only non-simulated decisions)"