mirrors/crowdsec
1
0
Fork 0
mirror of https://github.com/crowdsecurity/crowdsec.git synced 2025-05-11 04:15:54 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
crowdsec/rpm/SPECS/crowdsec.spec
Laurence Jones ecd82ecfbd
feat: File notification plugin (#2932) 
* wip: basic impl of file notification no log rotate but might now do it 🤷

* wip: ticker to 2 seconds and lower some log levels

* wip: remove redundant logrus formatter

* wip: the plugin should not handle it own data queue since the plugin process may timeout, so instead have a function that uses said context and loop whilst locking the filewriter this may not be the best way 🤷, however, I dont want multiple notifications to attempt to reopen the file if it has been rotated outside of the plugin context

* wip: impl log rotation which checks on check append, however, this may cause some issues in slow systems as the mutex lock doesnt give up until the file is rotated, however, the plugin looks for context and will give up if the plugin broker decides its timeout and will retry once the plugin has pushed again

* wip: update yaml dep

* wip: me no english great

* wip: even if the file has been rotated outside our control we should still compute the file size

* wip: improve context handling with creating a custom io writer struct which checks the context before attempting to write

* wip: used return byte count instead of calling a conversion again

* wip: actually check the enabled flag on log rotate

* wip: changed my mind, we check when we check file size

* wip: use io copy instead for memory alloc

* fix: add notification file to deb/rpm build
2024-05-15 09:21:45 +01:00

243 lines
9 KiB
RPMSpec
Raw Permalink Blame History

Name: crowdsec
Version: %(echo $VERSION)
Release: %(echo $PACKAGE_NUMBER)%{?dist}
Summary: Crowdsec - An open-source, lightweight agent to detect and respond to bad behaviors. It also automatically benefits from our global community-wide IP reputation database
License: MIT
URL: https://crowdsec.net
Source0: https://github.com/crowdsecurity/%{name}/archive/v%(echo $VERSION).tar.gz
Source1: 80-%{name}.preset
Patch0: user.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: systemd
Requires: crontabs
%{?fc33:BuildRequires: systemd-rpm-macros}
%{?fc34:BuildRequires: systemd-rpm-macros}
%{?fc35:BuildRequires: systemd-rpm-macros}
%{?fc36:BuildRequires: systemd-rpm-macros}
%define debug_package %{nil}
%description
%define version_number %(echo $VERSION)
%define releasever %(echo $RELEASEVER)
%global name crowdsec
%global __mangle_shebangs_exclude_from /usr/bin/env
%prep
%setup -q -T -b 0
%patch0
%build
sed -i "s#/usr/local/lib/crowdsec/plugins/#%{_libdir}/%{name}/plugins/#g" config/config.yaml
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/etc/crowdsec/acquis.d
mkdir -p %{buildroot}/etc/crowdsec/hub
mkdir -p %{buildroot}/etc/crowdsec/patterns
mkdir -p %{buildroot}/etc/crowdsec/console/
mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/data
mkdir -p %{buildroot}%{_presetdir}
mkdir -p %{buildroot}%{_sharedstatedir}/%{name}/plugins
mkdir -p %{buildroot}%{_sysconfdir}/crowdsec/notifications/
mkdir -p %{buildroot}%{_libdir}/%{name}/plugins/
install -m 755 -D cmd/crowdsec/crowdsec %{buildroot}%{_bindir}/%{name}
install -m 755 -D cmd/crowdsec-cli/cscli %{buildroot}%{_bindir}/cscli
install -m 755 -D wizard.sh %{buildroot}/usr/share/crowdsec/wizard.sh
install -m 644 -D debian/crowdsec.service %{buildroot}%{_unitdir}/%{name}.service
install -m 644 -D config/patterns/* -t %{buildroot}%{_sysconfdir}/crowdsec/patterns
install -m 600 -D config/config.yaml %{buildroot}%{_sysconfdir}/crowdsec
install -m 644 -D config/simulation.yaml %{buildroot}%{_sysconfdir}/crowdsec
install -m 644 -D config/profiles.yaml %{buildroot}%{_sysconfdir}/crowdsec
install -m 644 -D config/console.yaml %{buildroot}%{_sysconfdir}/crowdsec
install -m 644 -D config/context.yaml %{buildroot}%{_sysconfdir}/crowdsec/console/
install -m 750 -D config/%{name}.cron.daily %{buildroot}%{_sysconfdir}/cron.daily/%{name}
install -m 644 -D %{SOURCE1} %{buildroot}%{_presetdir}
install -m 551 cmd/notification-slack/notification-slack %{buildroot}%{_libdir}/%{name}/plugins/
install -m 551 cmd/notification-http/notification-http %{buildroot}%{_libdir}/%{name}/plugins/
install -m 551 cmd/notification-splunk/notification-splunk %{buildroot}%{_libdir}/%{name}/plugins/
install -m 551 cmd/notification-email/notification-email %{buildroot}%{_libdir}/%{name}/plugins/
install -m 551 cmd/notification-sentinel/notification-sentinel %{buildroot}%{_libdir}/%{name}/plugins/
install -m 551 cmd/notification-file/notification-file %{buildroot}%{_libdir}/%{name}/plugins/
install -m 600 cmd/notification-slack/slack.yaml %{buildroot}%{_sysconfdir}/crowdsec/notifications/
install -m 600 cmd/notification-http/http.yaml %{buildroot}%{_sysconfdir}/crowdsec/notifications/
install -m 600 cmd/notification-splunk/splunk.yaml %{buildroot}%{_sysconfdir}/crowdsec/notifications/
install -m 600 cmd/notification-email/email.yaml %{buildroot}%{_sysconfdir}/crowdsec/notifications/
install -m 600 cmd/notification-sentinel/sentinel.yaml %{buildroot}%{_sysconfdir}/crowdsec/notifications/
install -m 600 cmd/notification-file/file.yaml %{buildroot}%{_sysconfdir}/crowdsec/notifications/
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root,-)
%{_bindir}/%{name}
%{_bindir}/cscli
%{_datadir}/%{name}/wizard.sh
%{_libdir}/%{name}/plugins/notification-slack
%{_libdir}/%{name}/plugins/notification-http
%{_libdir}/%{name}/plugins/notification-splunk
%{_libdir}/%{name}/plugins/notification-email
%{_libdir}/%{name}/plugins/notification-sentinel
%{_libdir}/%{name}/plugins/notification-file
%{_sysconfdir}/%{name}/patterns/linux-syslog
%{_sysconfdir}/%{name}/patterns/ruby
%{_sysconfdir}/%{name}/patterns/nginx
%{_sysconfdir}/%{name}/patterns/junos
%{_sysconfdir}/%{name}/patterns/cowrie_honeypot
%{_sysconfdir}/%{name}/patterns/redis
%{_sysconfdir}/%{name}/patterns/firewalls
%{_sysconfdir}/%{name}/patterns/paths
%{_sysconfdir}/%{name}/patterns/java
%{_sysconfdir}/%{name}/patterns/postgresql
%{_sysconfdir}/%{name}/patterns/bacula
%{_sysconfdir}/%{name}/patterns/mcollective
%{_sysconfdir}/%{name}/patterns/rails
%{_sysconfdir}/%{name}/patterns/haproxy
%{_sysconfdir}/%{name}/patterns/nagios
%{_sysconfdir}/%{name}/patterns/mysql
%{_sysconfdir}/%{name}/patterns/ssh
%{_sysconfdir}/%{name}/patterns/tcpdump
%{_sysconfdir}/%{name}/patterns/exim
%{_sysconfdir}/%{name}/patterns/bro
%{_sysconfdir}/%{name}/patterns/modsecurity
%{_sysconfdir}/%{name}/patterns/aws
%{_sysconfdir}/%{name}/patterns/smb
%{_sysconfdir}/%{name}/patterns/mongodb
%config(noreplace) %{_sysconfdir}/%{name}/config.yaml
%config(noreplace) %{_sysconfdir}/%{name}/simulation.yaml
%config(noreplace) %{_sysconfdir}/%{name}/profiles.yaml
%config(noreplace) %{_sysconfdir}/%{name}/console.yaml
%config(noreplace) %{_sysconfdir}/%{name}/console/context.yaml
%config(noreplace) %{_presetdir}/80-%{name}.preset
%config(noreplace) %{_sysconfdir}/%{name}/notifications/http.yaml
%config(noreplace) %{_sysconfdir}/%{name}/notifications/slack.yaml
%config(noreplace) %{_sysconfdir}/%{name}/notifications/splunk.yaml
%config(noreplace) %{_sysconfdir}/%{name}/notifications/email.yaml
%config(noreplace) %{_sysconfdir}/%{name}/notifications/sentinel.yaml
%config(noreplace) %{_sysconfdir}/%{name}/notifications/file.yaml
%config(noreplace) %{_sysconfdir}/cron.daily/%{name}
%{_unitdir}/%{name}.service
%ghost %{_sysconfdir}/%{name}/hub/.index.json
%ghost %{_localstatedir}/log/%{name}.log
%dir /var/lib/%{name}/data/
%dir %{_sysconfdir}/%{name}/hub
%ghost %{_sysconfdir}/crowdsec/local_api_credentials.yaml
%ghost %{_sysconfdir}/crowdsec/online_api_credentials.yaml
%ghost %{_sysconfdir}/crowdsec/acquis.yaml
%pre
#systemctl stop crowdsec || true
if [ $1 == 2 ];then
if [[ ! -d /var/lib/crowdsec/backup ]]; then
cscli config backup /var/lib/crowdsec/backup
fi
fi
%post -p /bin/bash
#install
if [ $1 == 1 ]; then
if [ ! -f "/var/lib/crowdsec/data/crowdsec.db" ] ; then
touch /var/lib/crowdsec/data/crowdsec.db
fi
echo $SHELL
. /usr/share/crowdsec/wizard.sh -n
echo Creating acquisition configuration
if [ ! -f "/etc/crowsec/acquis.yaml" ] ; then
set +e
SILENT=true detect_services
SILENT=true TMP_ACQUIS_FILE_SKIP=skip genacquisition
set +e
fi
if [ ! -f "%{_sysconfdir}/crowdsec/online_api_credentials.yaml" ] ; then
install -m 600 /dev/null /etc/crowdsec/online_api_credentials.yaml
cscli capi register --error
fi
if [ ! -f "%{_sysconfdir}/crowdsec/local_api_credentials.yaml" ] ; then
install -m 600 /dev/null /etc/crowdsec/local_api_credentials.yaml
cscli machines add -a --force --error
fi
cscli hub update
CSCLI_BIN_INSTALLED="/usr/bin/cscli" SILENT=true install_collection
echo "Get started with CrowdSec:"
echo " * Detailed guides are available in our documentation: https://docs.crowdsec.net"
echo " * Configuration items created by the community can be found at the Hub: https://hub.crowdsec.net"
echo " * Gain insights into your use of CrowdSec with the help of the console https://app.crowdsec.net"
#upgrade
elif [ $1 == 2 ] && [ -d /var/lib/crowdsec/backup ]; then
cscli config restore /var/lib/crowdsec/backup
if [ $? == 0 ]; then
rm -rf /var/lib/crowdsec/backup
fi
if [[ -f %{_sysconfdir}/crowdsec/online_api_credentials.yaml ]] ; then
chmod 600 %{_sysconfdir}/crowdsec/online_api_credentials.yaml
fi
if [[ -f %{_sysconfdir}/crowdsec/local_api_credentials.yaml ]] ; then
chmod 600 %{_sysconfdir}/crowdsec/local_api_credentials.yaml
fi
fi
%systemd_post %{name}.service
if [ $1 == 1 ]; then
API=$(cscli config show --key "Config.API.Server")
if [ "$API" = "nil" ] ; then
LAPI=false
else
PORT=$(cscli config show --key "Config.API.Server.ListenURI"|cut -d ":" -f2)
fi
if [ "$LAPI" = false ] || [ -z "$(ss -nlt "sport = ${PORT}" | grep -v ^State)" ] ; then
%if 0%{?fc35} || 0%{?fc36}
systemctl enable crowdsec
%endif
systemctl start crowdsec || echo "crowdsec is not started"
else
echo "Not attempting to start crowdsec, port ${PORT} is already used or lapi was disabled"
echo "This port is configured through /etc/crowdsec/config.yaml and /etc/crowdsec/local_api_credentials.yaml"
fi
fi
%preun
#systemctl stop crowdsec || echo "crowdsec was not started"
%systemd_preun %{name}.service
%postun
%systemd_postun_with_restart %{name}.service
if [ $1 == 0 ]; then
rm -rf /etc/crowdsec/hub
fi
#systemctl stop crowdsec || echo "crowdsec was not started"
%changelog
* Tue Feb 16 2021 Manuel Sabban <manuel@crowdsec.net>
- First initial packaging
Reference in a new issue View git blame Copy permalink