Lines 20-26
Link Here
|
20 |
. /etc/rc.subr |
20 |
. /etc/rc.subr |
21 |
|
21 |
|
22 |
name=crowdsec |
22 |
name=crowdsec |
23 |
desc="Crowdsec Agent" |
|
|
24 |
rcvar=crowdsec_enable |
23 |
rcvar=crowdsec_enable |
25 |
|
24 |
|
26 |
load_rc_config "$name" |
25 |
load_rc_config "$name" |
Lines 30-125
load_rc_config "$name"
Link Here
|
30 |
: "${crowdsec_machine_name:=localhost}" |
29 |
: "${crowdsec_machine_name:=localhost}" |
31 |
: "${crowdsec_flags:=}" |
30 |
: "${crowdsec_flags:=}" |
32 |
|
31 |
|
33 |
pidfile=/var/run/${name}.pid |
32 |
pidfile=/var/run/${name}_daemon.pid |
|
|
33 |
pidfile_crowdsec=/var/run/${name}.pid |
34 |
required_files="$crowdsec_config" |
34 |
required_files="$crowdsec_config" |
35 |
command="%%PREFIX%%/bin/${name}" |
35 |
command="/usr/sbin/daemon" |
36 |
start_cmd="${name}_start" |
36 |
command_crowdsec="%%PREFIX%%/bin/crowdsec" |
37 |
stop_cmd="${name}_stop" |
37 |
command_cscli="%%PREFIX%%/bin/cscli" |
|
|
38 |
command_args="-P ${pidfile} -p ${pidfile_crowdsec} -r -R 10 -t \"${name}\" -- ${command_crowdsec} -c ${crowdsec_config} ${crowdsec_flags}" |
39 |
reload_cmd="${name}_reload" |
38 |
start_precmd="${name}_precmd" |
40 |
start_precmd="${name}_precmd" |
39 |
configtest_cmd="${name}_configtest" |
41 |
configtest_cmd="${name}_configtest" |
40 |
extra_commands="configtest reload" |
42 |
extra_commands="configtest reload" |
41 |
|
43 |
|
42 |
crowdsec_precmd() { |
44 |
crowdsec_precmd() { |
43 |
cs_cli() { |
45 |
cs_cli() { |
44 |
"%%PREFIX%%/bin/cscli" -c "${crowdsec_config}" "$@" |
46 |
"$command_cscli" -c "$crowdsec_config" "$@" |
45 |
} |
47 |
} |
|
|
48 |
|
46 |
Config() { |
49 |
Config() { |
47 |
cs_cli config show --key "Config.$1" |
50 |
cs_cli config show --key "Config.$1" |
48 |
} |
51 |
} |
49 |
|
52 |
|
50 |
HUB_DIR=$(Config ConfigPaths.HubDir) |
|
|
51 |
if ! ls -1qA "$HUB_DIR"/* >/dev/null 2>&1; then |
52 |
echo "Fetching hub inventory" |
53 |
cs_cli hub update || : |
54 |
fi |
55 |
|
56 |
CONFIG_DIR=$(Config ConfigPaths.ConfigDir) |
57 |
|
58 |
# Is the LAPI enabled on this node? |
53 |
# Is the LAPI enabled on this node? |
59 |
if [ "$(cs_cli config show --key Config.API.Server.Enable)" != "false" ]; then |
54 |
if [ "$(Config API.Server.Enable)" != "false" ]; then |
60 |
|
55 |
# There are no machines, we create one for cscli & log processor |
61 |
# There are no machines, we create the main one |
|
|
62 |
if [ "$(cs_cli machines list -o json)" = "[]" ]; then |
56 |
if [ "$(cs_cli machines list -o json)" = "[]" ]; then |
63 |
echo "Registering LAPI" |
57 |
echo "Registering LAPI" |
64 |
cs_cli machines add "${crowdsec_machine_name}" --auto --force --error || : |
58 |
cs_cli machines add "${crowdsec_machine_name}" --auto --force --error || : |
65 |
fi |
59 |
fi |
66 |
|
60 |
|
|
|
61 |
CONFIG_DIR=$(Config ConfigPaths.ConfigDir) |
62 |
|
67 |
# Register to the central server to receive the community blocklist and more |
63 |
# Register to the central server to receive the community blocklist and more |
68 |
if [ ! -s "${CONFIG_DIR}/online_api_credentials.yaml" ]; then |
64 |
if [ ! -s "${CONFIG_DIR}/online_api_credentials.yaml" ]; then |
69 |
echo "Registering CAPI" |
65 |
echo "Registering CAPI" |
70 |
cs_cli capi register || : |
66 |
cs_cli capi register || : |
71 |
fi |
67 |
fi |
72 |
|
|
|
73 |
fi |
68 |
fi |
74 |
|
69 |
|
75 |
# This would work but takes 30secs to timeout while reading the metrics, because crowdsec is not running yet. |
70 |
# install the collection for the first time, or if it has been removed |
76 |
# cs_cli collections inspect crowdsecurity/freebsd 2>/dev/null | grep ^installed | grep -q true || \ |
71 |
cs_cli collections inspect crowdsecurity/freebsd --no-metrics 2>/dev/null | grep ^installed | grep -q true || \ |
77 |
# cs_cli collections install crowdsecurity/freebsd || : |
|
|
78 |
|
79 |
# So we just check for the file |
80 |
if [ ! -e "${CONFIG_DIR}/collections/freebsd.yaml" ]; then |
81 |
cs_cli collections install crowdsecurity/freebsd || : |
72 |
cs_cli collections install crowdsecurity/freebsd || : |
82 |
fi |
|
|
83 |
} |
84 |
|
85 |
crowdsec_stop() |
86 |
{ |
87 |
if [ ! -f "$pidfile" ]; then |
88 |
echo "${name} is not running." |
89 |
return |
90 |
fi |
91 |
pid=$(cat "$pidfile") |
92 |
if kill -0 "$pid" >/dev/null 2>&1; then |
93 |
echo "Stopping ${name}." |
94 |
kill -s TERM "$pid" >/dev/null 2>&1 |
95 |
# shellcheck disable=SC2034 |
96 |
for i in $(seq 1 20); do |
97 |
sleep 1 |
98 |
if ! kill -0 "$pid" >/dev/null 2>&1; then |
99 |
rm -f "$pidfile" |
100 |
return |
101 |
fi |
102 |
done |
103 |
echo "Timeout, terminating ${name} with SIGKILL." |
104 |
kill -s KILL "$pid" >/dev/null 2>&1 |
105 |
rm -f "$pidfile" |
106 |
else |
107 |
echo "${name} is not running." |
108 |
fi |
109 |
} |
110 |
|
111 |
crowdsec_start() |
112 |
{ |
113 |
/usr/sbin/daemon -f -p "$pidfile" -t "$desc" -- \ |
114 |
"$command" -c "$crowdsec_config" ${crowdsec_flags} |
115 |
} |
73 |
} |
116 |
|
74 |
|
117 |
crowdsec_configtest() |
75 |
crowdsec_configtest() |
118 |
{ |
76 |
{ |
119 |
echo "Performing sanity check on ${name} configuration." |
77 |
echo "Performing sanity check on ${name} configuration." |
120 |
if "$command" -c "$crowdsec_config" -t -error; then |
78 |
if ! "$command_crowdsec" -c "$crowdsec_config" -t -error; then |
121 |
echo "Configuration test OK" |
79 |
exit 1 |
122 |
fi |
80 |
fi |
|
|
81 |
echo "Configuration test OK" |
82 |
} |
83 |
|
84 |
crowdsec_reload() { |
85 |
crowdsec_configtest |
86 |
echo "Reloading configuration" |
87 |
kill -HUP "$(cat "$pidfile_crowdsec")" |
123 |
} |
88 |
} |
124 |
|
89 |
|
125 |
run_rc_command "$1" |
90 |
run_rc_command "$1" |