@@ -, +, @@ --- security/crowdsec/Makefile | 107 +++++++++++++++++++---- security/crowdsec/distinfo | 8 +- security/crowdsec/files/crowdsec.in | 48 +++++++--- security/crowdsec/files/patch-Makefile | 11 +++ security/crowdsec/files/pkg-deinstall.in | 8 ++ security/crowdsec/files/pkg-message.in | 11 ++- security/crowdsec/pkg-plist | 30 ++++--- 7 files changed, 178 insertions(+), 45 deletions(-) create mode 100644 security/crowdsec/files/patch-Makefile create mode 100644 security/crowdsec/files/pkg-deinstall.in --- b/security/crowdsec/Makefile +++ b/security/crowdsec/Makefile @@ -1,45 +1,122 @@ PORTNAME= crowdsec -PORTVERSION= 1.1.1 +PORTVERSION= 1.2.1 # NOTE: change BUILD_VERSION and BUILD_TAG as well DISTVERSIONPREFIX= v CATEGORIES= security -MAINTAINER= sbz@FreeBSD.org -COMMENT= Crowdsec lightweight and collaborative security engine +MAINTAINER= marco@crowdsec.net +COMMENT= CrowdSec lightweight and collaborative security engine LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE -USES= go:modules +BUILD_DEPENDS= git:devel/git@lite \ + go:lang/go \ + jq:textproc/jq + +USES= gmake + +USE_GITHUB= yes +GH_ACCOUNT= crowdsecurity +GH_PROJECT= crowdsec +#GH_TAGNAME is automatically set from DISTVERSION USE_RC_SUBR= crowdsec -GO_MODULE= github.com/crowdsecurity/crowdsec +USE_RC_SUBR= crowdsec -GO_BUILDFLAGS= -ldflags "-s -w \ - -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=v${PORTVERSION} \ - -X github.com/crowdsecurity/crowdsec/pkg/cwversion.System=freebsd \ - -X github.com/crowdsecurity/crowdsec/pkg/cwversion.BuildDate=`date -u '+%Y-%m-%d_%I:%M:%S%p'`" +SUB_FILES= pkg-message \ + pkg-deinstall -GO_TARGET= ./cmd/crowdsec \ - ./cmd/crowdsec-cli +# BUILD_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1)) +# BUILD_TAG=$(git rev-parse HEAD) +MAKE_ENV= BUILD_VERSION="v1.2.1" \ + BUILD_TAG="dd03d073558e380c283afe66942f537c3da647ff" -SUB_FILES= pkg-message +PLUGIN_DIR= ${PREFIX}/lib/crowdsec/plugins +STAGE_PLUGINS= ${STAGEDIR}${PLUGIN_DIR} +STAGE_BIN= ${STAGEDIR}${PREFIX}/bin post-patch: @${REINPLACE_CMD} 's,/etc/crowdsec/,${ETCDIR}/,g' \ ${WRKSRC}/pkg/csconfig/config.go \ + ${WRKSRC}/pkg/cstest/hubtest_item.go \ ${WRKSRC}/cmd/crowdsec-cli/machines.go \ ${WRKSRC}/cmd/crowdsec-cli/main.go \ - ${WRKSRC}/cmd/crowdsec/main.go + ${WRKSRC}/cmd/crowdsec/main.go \ + ${WRKSRC}/config/config.yaml \ + ${WRKSRC}/config/profiles.yaml + + @${REINPLACE_CMD} 's,/var/lib/,/var/db/,g' \ + ${WRKSRC}/pkg/csconfig/config.go \ + ${WRKSRC}/pkg/metabase/database.go \ + ${WRKSRC}/config/config.yaml \ + ${WRKSRC}/config/profiles.yaml do-install: + # + # Binaries + # + + ${INSTALL_PROGRAM} ${WRKSRC}/cmd/crowdsec/crowdsec ${STAGE_BIN}/ + ${INSTALL_PROGRAM} ${WRKSRC}/cmd/crowdsec-cli/cscli ${STAGE_BIN}/ + ${LN} -s cscli ${STAGE_BIN}/crowdsec-cli + + @${MKDIR} ${STAGE_PLUGINS} + ${INSTALL_PROGRAM} ${WRKSRC}/plugins/notifications/http/notification-http ${STAGE_PLUGINS}/ + ${INSTALL_PROGRAM} ${WRKSRC}/plugins/notifications/slack/notification-slack ${STAGE_PLUGINS}/ + ${INSTALL_PROGRAM} ${WRKSRC}/plugins/notifications/splunk/notification-splunk ${STAGE_PLUGINS}/ + + # + # Configuration + # + @${MKDIR} ${STAGEDIR}${ETCDIR} @(cd ${WRKSRC}/config && ${COPYTREE_SHARE} . ${STAGEDIR}${ETCDIR}) + @${MV} ${STAGEDIR}${ETCDIR}/acquis.yaml \ + ${STAGEDIR}${ETCDIR}/acquis.yaml.sample + @${MV} ${STAGEDIR}${ETCDIR}/config.yaml \ ${STAGEDIR}${ETCDIR}/config.yaml.sample - ${INSTALL_PROGRAM} ${WRKDIR}/bin/crowdsec ${STAGEDIR}${PREFIX}/bin - ${INSTALL_PROGRAM} ${WRKDIR}/bin/crowdsec-cli ${STAGEDIR}${PREFIX}/bin + @${MV} ${STAGEDIR}${ETCDIR}/profiles.yaml \ + ${STAGEDIR}${ETCDIR}/profiles.yaml.sample + + # managed by "cscli simulation" + @${MV} ${STAGEDIR}${ETCDIR}/simulation.yaml \ + ${STAGEDIR}${ETCDIR}/simulation.yaml.sample + + # + # Plugin configuration + # + + @${MKDIR} ${STAGEDIR}${ETCDIR}/notifications + + @${MKDIR} ${STAGEDIR}${ETCDIR}/notifications/http + @${MV} ${WRKSRC}/plugins/notifications/http/http.yaml \ + ${STAGEDIR}${ETCDIR}/notifications/http/http.yaml.sample + + @${MKDIR} ${STAGEDIR}${ETCDIR}/notifications/slack + @${MV} ${WRKSRC}/plugins/notifications/slack/slack.yaml \ + ${STAGEDIR}${ETCDIR}/notifications/slack/slack.yaml.sample + + @${MKDIR} ${STAGEDIR}${ETCDIR}/notifications/splunk + @${MV} ${WRKSRC}/plugins/notifications/splunk/splunk.yaml \ + ${STAGEDIR}${ETCDIR}/notifications/splunk/splunk.yaml.sample + + # updated by "cscli machines" at first service start + @${MV} ${STAGEDIR}${ETCDIR}/local_api_credentials.yaml \ + ${STAGEDIR}${ETCDIR}/local_api_credentials.yaml.sample + + # updated by "cscli capi" at first service start + @${MV} ${STAGEDIR}${ETCDIR}/online_api_credentials.yaml \ + ${STAGEDIR}${ETCDIR}/online_api_credentials.yaml.sample + + # + # Data + # + + @${MKDIR} ${STAGEDIR}${ETCDIR}/hub + @${MKDIR} ${STAGEDIR}/var/db/crowdsec/data .include --- b/security/crowdsec/distinfo +++ b/security/crowdsec/distinfo @@ -1,5 +1,3 @@ -TIMESTAMP = 1626257804 -SHA256 (go/security_crowdsec/crowdsec-v1.1.1/v1.1.1.mod) = f764f7d850f1e2306f6764e534ace7261f7dc99f3b4884c2b0f617cb791b35de -SIZE (go/security_crowdsec/crowdsec-v1.1.1/v1.1.1.mod) = 3295 -SHA256 (go/security_crowdsec/crowdsec-v1.1.1/v1.1.1.zip) = f7e63641a67392d57412ab1ff86a26ae4deeb9fc8460542f6258f7c9f56238e9 -SIZE (go/security_crowdsec/crowdsec-v1.1.1/v1.1.1.zip) = 640252 +TIMESTAMP = 1637702390 +SHA256 (crowdsecurity-crowdsec-v1.2.1_GH0.tar.gz) = e3a9bbb70b1995a83c5001d06dbbcb5f59d43e4d7c18b60548f305a62d2dd6a3 +SIZE (crowdsecurity-crowdsec-v1.2.1_GH0.tar.gz) = 659398 --- b/security/crowdsec/files/crowdsec.in +++ b/security/crowdsec/files/crowdsec.in @@ -22,9 +22,9 @@ rcvar=crowdsec_enable load_rc_config $name -: ${crowdsec_enable:="NO"} -: ${crowdsec_config:="%%PREFIX%%/etc/crowdsec/config.yaml"} -: ${crowdsec_flags:=""} +: "${crowdsec_enable:=NO}" +: "${crowdsec_config:=%%PREFIX%%/etc/crowdsec/config.yaml}" +: "${crowdsec_flags:=}" pidfile=/var/run/${name}.pid required_files="$crowdsec_config" @@ -35,27 +35,49 @@ configtest_cmd="${name}_configtest" extra_commands="configtest reload" crowdsec_precmd() { - if [ ! -d %%PREFIX%%/etc/crowdsec/hub ]; then - %%PREFIX%%/bin/crowdsec-cli hub update || : + cs_cli() { + "%%PREFIX%%/bin/cscli" -c "${crowdsec_config}" "$@" + } + Config() { + cs_cli config show --key "Config.$1" + } + + HUB_DIR=$(Config ConfigPaths.HubDir) + if ! ls -1qA "$HUB_DIR/*" >/dev/null 2>&1; then + echo "Fetching hub inventory" + cs_cli hub update || : + fi + + if [ -z "$(cs_cli machines list -o raw)" ]; then + echo "Registering LAPI" + cs_cli machines add --auto || : fi - if [ -z "`%%PREFIX%%/bin/crowdsec-cli machines list -o raw`" ]; then - %%PREFIX%%/bin/crowdsec-cli machines add --auto || : + + CONFIG_DIR=$(Config ConfigPaths.ConfigDir) + if [ ! -s "${CONFIG_DIR}/online_api_credentials.yaml" ]; then + echo "Registering CAPI" + cs_cli capi register || : fi - if [ ! -s %%PREFIX%%/etc/crowdsec/online_api_credentials.yaml ]; then - %%PREFIX%%/bin/crowdsec-cli capi register || : + + cs_cli collections inspect crowdsecurity/linux >/dev/null || cs_cli collections install crowdsecurity/linux || : + + DATA_DIR=$(Config ConfigPaths.DataDir) + if [ ! -f "${DATA_DIR}/GeoLite2-City.mmdb" ]; then + echo "Installing GeoIP enricher" + cs_cli parsers install crowdsecurity/geoip-enrich || : fi } crowdsec_start() { - /usr/sbin/daemon -f -p ${pidfile} -t "${desc}" \ - ${command} -c ${crowdsec_config} ${crowdsec_flags} + /usr/sbin/daemon -f -p ${pidfile} -t "${desc}" -- \ + ${command} -c ${crowdsec_config} ${crowdsec_flags} } crowdsec_configtest() { - echo "Performing sanity check on ${name} configuration." - eval ${command} -c ${crowdsec_config} -t + echo "Performing sanity check on ${name} configuration." + eval ${command} -c ${crowdsec_config} -t } run_rc_command "$1" --- /dev/null +++ b/security/crowdsec/files/patch-Makefile @@ -0,0 +1,11 @@ +--- Makefile.orig 2021-11-17 09:15:38 UTC ++++ Makefile +@@ -42,7 +42,7 @@ BUILD_VERSION?="$(shell git describe --tags `git rev-l + BUILD_GOVERSION="$(shell go version | cut -d " " -f3 | sed -E 's/[go]+//g')" + BUILD_CODENAME=$(shell cat RELEASE.json | jq -r .CodeName) + BUILD_TIMESTAMP=$(shell date +%F"_"%T) +-BUILD_TAG="$(shell git rev-parse HEAD)" ++BUILD_TAG?="$(shell git rev-parse HEAD)" + + export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=$(BUILD_VERSION) \ + -X github.com/crowdsecurity/crowdsec/pkg/cwversion.System=$(SYSTEM) \ --- /dev/null +++ b/security/crowdsec/files/pkg-deinstall.in @@ -0,0 +1,8 @@ +#!/bin/sh + +case $2 in + DEINSTALL) + service crowdsec stop || : + ;; +esac + --- b/security/crowdsec/files/pkg-message.in +++ b/security/crowdsec/files/pkg-message.in @@ -4,10 +4,17 @@ crowdsec is installed. -You need to edit the agent config file %%ETCDIR%%/crowdsec.yaml and -enable rc via sysrc. +You need to check/edit the following files in %%ETCDIR%% as described in https://doc.crowdsec.net/docs/configuration/crowdsec_configuration + + - config.yaml: main configuration + - acquis.yaml: where to find logs to parse (this port does not include automatic discovery of the running services) + - profiles.yaml: remediation policies (ban, duration, etc) + +Then you can enable the daemon via sysrc and run it. # sysrc crowdsec_enable="YES" +crowdsec_enable: NO -> YES +# service crowdsec start EOM } ] --- b/security/crowdsec/pkg-plist +++ b/security/crowdsec/pkg-plist @@ -1,12 +1,18 @@ -@sample %%ETCDIR%%/config.yaml.sample +@mode 0755 bin/crowdsec +bin/cscli bin/crowdsec-cli -%%ETCDIR%%/acquis.yaml -%%ETCDIR%%/crowdsec.service -%%ETCDIR%%/crowdsec_pull -%%ETCDIR%%/dev.yaml -%%ETCDIR%%/local_api_credentials.yaml -%%ETCDIR%%/online_api_credentials.yaml +@mode 0600 +@sample %%ETCDIR%%/local_api_credentials.yaml.sample +@sample %%ETCDIR%%/online_api_credentials.yaml.sample +@mode 0644 +@sample %%ETCDIR%%/acquis.yaml.sample +@sample %%ETCDIR%%/config.yaml.sample +@sample %%ETCDIR%%/profiles.yaml.sample +@sample %%ETCDIR%%/simulation.yaml.sample +@sample %%ETCDIR%%/notifications/http/http.yaml.sample +@sample %%ETCDIR%%/notifications/slack/slack.yaml.sample +@sample %%ETCDIR%%/notifications/splunk/splunk.yaml.sample %%ETCDIR%%/patterns/aws %%ETCDIR%%/patterns/bacula %%ETCDIR%%/patterns/bro @@ -31,6 +37,10 @@ bin/crowdsec-cli %%ETCDIR%%/patterns/smb %%ETCDIR%%/patterns/ssh %%ETCDIR%%/patterns/tcpdump -%%ETCDIR%%/profiles.yaml -%%ETCDIR%%/simulation.yaml -%%ETCDIR%%/user.yaml +@mode 0755 +lib/crowdsec/plugins/notification-http +lib/crowdsec/plugins/notification-slack +lib/crowdsec/plugins/notification-splunk +@dir %%ETCDIR%%/hub +@dir /var/db/crowdsec/data +@dir /var/db/crowdsec --