mirrors/crowdsec
1
0
Fork 0
mirror of https://github.com/crowdsecurity/crowdsec.git synced 2025-05-10 20:05:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 13
crowdsec/debian/postinst

108 lines
4.1 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
COLLECTIONS=false
set -e
# Source debconf library.
. /usr/share/debconf/confmodule
if [ "$1" = configure ]; then
if [[ ! -d /var/lib/crowdsec/data ]]; then
mkdir -p /var/lib/crowdsec/data
fi
. /usr/share/crowdsec/wizard.sh -n
if ! [[ -f /etc/crowdsec/acquis.yaml ]]; then
echo Creating /etc/crowdsec/acquis.yaml
set +e
SILENT=true detect_services
SILENT=true TMP_ACQUIS_FILE_SKIP=skip genacquisition
set -e
COLLECTIONS=true
fi
if [[ -f /etc/crowdsec/local_api_credentials.yaml ]] ; then
chmod 600 /etc/crowdsec/local_api_credentials.yaml
fi
if [[ -f /etc/crowdsec/online_api_credentials.yaml ]]; then
chmod 600 /etc/crowdsec/online_api_credentials.yaml
fi
if [[ ! -f /etc/crowdsec/local_api_credentials.yaml ]] || [[ ! -f /etc/crowdsec/online_api_credentials.yaml ]]; then
if [[ ! -f /etc/crowdsec/local_api_credentials.yaml ]] ; then
install -m 600 /dev/null /etc/crowdsec/local_api_credentials.yaml
fi
if [[ ! -f /etc/crowdsec/online_api_credentials.yaml ]] ; then
install -m 600 /dev/null /etc/crowdsec/online_api_credentials.yaml
fi
db_input medium crowdsec/lapi || true
db_go || true
db_get crowdsec/lapi
LAPI=$RET
if [ "$LAPI" = true ]; then
db_input medium crowdsec/capi || true
db_go || true
db_get crowdsec/capi
CAPI=$RET
[ -s /etc/crowdsec/local_api_credentials.yaml ] || cscli machines add -a --force --error
if [ "$CAPI" = true ]; then
cscli capi register --error
fi
else
db_input medium crowdsec/lapi_host || true
db_go || true
db_get crowdsec/lapi_host
LAPI_HOST=$RET
sed -i "s/127.0.0.1:8080/$LAPI_HOST/g" /etc/crowdsec/config.yaml
fi
fi
echo Updating hub
/usr/bin/cscli hub update
/usr/bin/cscli hub upgrade
if [ "$COLLECTIONS" = true ]; then
set +e
CSCLI_BIN_INSTALLED="/usr/bin/cscli" SILENT=true install_collection
set -e
fi
systemctl --quiet is-enabled crowdsec || systemctl unmask crowdsec && systemctl enable crowdsec
API=$(cscli config show --key "Config.API.Server")
if [ "$API" = "nil" ] ; then
LAPI=false
else
PORT=$(cscli config show --key "Config.API.Server.ListenURI"|cut -d ":" -f2)
fi
if [ "$LAPI" = false ] || [ -z "$(ss -nlt "sport = ${PORT}" | grep -v ^State)" ] ; then
systemctl start crowdsec
else
echo "Not attempting to start crowdsec, port ${PORT} is already used or lapi was disabled"
echo "This port is configured through /etc/crowdsec/config.yaml and /etc/crowdsec/local_api_credentials.yaml"
fi
GREEN='\033[0;32m'
BOLD='\033[1m'
RESET='\033[0m'
echo -e "${BOLD}Get started with CrowdSec:${RESET}"
echo -e " * Go further by following our ${BOLD}post installation steps${RESET} : ${GREEN}${BOLD}https://docs.crowdsec.net/u/getting_started/next_steps${RESET}"
echo -e "===================================================================================================================="
echo -e " * Install a ${BOLD}remediation component${RESET} to block attackers: ${GREEN}${BOLD}https://docs.crowdsec.net/u/bouncers/intro${RESET}"
echo -e "===================================================================================================================="
echo -e " * Find more ${BOLD}collections${RESET}, ${BOLD}parsers${RESET} and ${BOLD}scenarios${RESET} created by the community with the Hub: ${GREEN}${BOLD}https://hub.crowdsec.net${RESET}"
echo -e "===================================================================================================================="
echo -e " * Subscribe to ${BOLD}additional blocklists${RESET}, ${BOLD}visualize${RESET} your alerts and more with the console: ${GREEN}${BOLD}https://app.crowdsec.net${RESET}"
fi
echo "You can always run the configuration again interactively by using '/usr/share/crowdsec/wizard.sh -c'"
Reference in a new issue View git blame Copy permalink