Lines 20-26
Link Here
|
20 |
. /etc/rc.subr |
20 |
. /etc/rc.subr |
21 |
|
21 |
|
22 |
name=crowdsec |
22 |
name=crowdsec |
23 |
desc="Crowdsec Agent" |
|
|
24 |
rcvar=crowdsec_enable |
23 |
rcvar=crowdsec_enable |
25 |
|
24 |
|
26 |
load_rc_config "$name" |
25 |
load_rc_config "$name" |
Lines 30-124
load_rc_config "$name"
Link Here
|
30 |
: "${crowdsec_machine_name:=localhost}" |
29 |
: "${crowdsec_machine_name:=localhost}" |
31 |
: "${crowdsec_flags:=}" |
30 |
: "${crowdsec_flags:=}" |
32 |
|
31 |
|
33 |
pidfile=/var/run/${name}.pid |
32 |
pidfile=/var/run/${name}_daemon.pid |
|
|
33 |
pidfile_crowdsec=/var/run/${name}.pid |
34 |
required_files="$crowdsec_config" |
34 |
required_files="$crowdsec_config" |
35 |
command="%%PREFIX%%/bin/${name}" |
35 |
command="/usr/sbin/daemon" |
36 |
start_cmd="${name}_start" |
36 |
command_crowdsec="%%PREFIX%%/bin/crowdsec" |
37 |
stop_cmd="${name}_stop" |
37 |
command_cscli="%%PREFIX%%/bin/cscli" |
|
|
38 |
command_args="-f -P ${pidfile} -p ${pidfile_crowdsec} -r -R 10 -t \"${name}\" -- ${command_crowdsec} -c ${crowdsec_config} ${crowdsec_flags}" |
39 |
reload_cmd="${name}_reload" |
38 |
start_precmd="${name}_precmd" |
40 |
start_precmd="${name}_precmd" |
39 |
configtest_cmd="${name}_configtest" |
41 |
configtest_cmd="${name}_configtest" |
|
|
42 |
reload_precmd="${name}_configtest" |
43 |
restart_precmd="${name}_configtest" |
44 |
stop_precmd="${name}_stop_precmd" |
45 |
stop_postcmd="${name}_stop_postcmd" |
40 |
extra_commands="configtest reload" |
46 |
extra_commands="configtest reload" |
41 |
|
47 |
|
|
|
48 |
crowdsec_stop_precmd() { |
49 |
# take note of the pid, because sbin/daemon will remove the file |
50 |
# without waiting for crowdsec to exit |
51 |
if [ -r "$pidfile_crowdsec" ]; then |
52 |
_CROWDSECPID="$(check_pidfile "$pidfile_crowdsec" "$command_crowdsec")" |
53 |
export _CROWDSECPID |
54 |
fi |
55 |
} |
56 |
|
57 |
crowdsec_stop_postcmd() { |
58 |
# wait for process to exit before restarting, or it will find the http port in use |
59 |
if [ -n "$_CROWDSECPID" ]; then |
60 |
wait_for_pids "$_CROWDSECPID" |
61 |
fi |
62 |
} |
63 |
|
42 |
crowdsec_precmd() { |
64 |
crowdsec_precmd() { |
43 |
cs_cli() { |
65 |
cs_cli() { |
44 |
"%%PREFIX%%/bin/cscli" -c "${crowdsec_config}" "$@" |
66 |
"$command_cscli" -c "$crowdsec_config" "$@" |
45 |
} |
67 |
} |
|
|
68 |
|
46 |
Config() { |
69 |
Config() { |
47 |
cs_cli config show --key "Config.$1" |
70 |
cs_cli config show --key "Config.$1" |
48 |
} |
71 |
} |
49 |
|
72 |
|
50 |
HUB_DIR=$(Config ConfigPaths.HubDir) |
|
|
51 |
if ! ls -1qA "$HUB_DIR"/* >/dev/null 2>&1; then |
52 |
echo "Fetching hub inventory" |
53 |
cs_cli hub update || : |
54 |
fi |
55 |
|
56 |
CONFIG_DIR=$(Config ConfigPaths.ConfigDir) |
57 |
|
58 |
# Is the LAPI enabled on this node? |
73 |
# Is the LAPI enabled on this node? |
59 |
if [ "$(cs_cli config show --key Config.API.Server.Enable)" != "false" ]; then |
74 |
if [ "$(Config API.Server.Enable)" != "false" ]; then |
60 |
|
75 |
# There are no machines, we create one for cscli & log processor |
61 |
# There are no machines, we create the main one |
76 |
if [ "$(cs_cli machines list -o json --error)" = "[]" ]; then |
62 |
if [ "$(cs_cli machines list -o json)" = "[]" ]; then |
|
|
63 |
echo "Registering LAPI" |
77 |
echo "Registering LAPI" |
64 |
cs_cli machines add "${crowdsec_machine_name}" --auto --force --error || : |
78 |
cs_cli machines add "${crowdsec_machine_name}" --auto --force --error || : |
65 |
fi |
79 |
fi |
66 |
|
80 |
|
|
|
81 |
CONFIG_DIR=$(Config ConfigPaths.ConfigDir) |
82 |
|
67 |
# Register to the central server to receive the community blocklist and more |
83 |
# Register to the central server to receive the community blocklist and more |
68 |
if [ ! -s "${CONFIG_DIR}/online_api_credentials.yaml" ]; then |
84 |
if [ ! -s "${CONFIG_DIR}/online_api_credentials.yaml" ]; then |
69 |
echo "Registering CAPI" |
85 |
echo "Registering CAPI" |
70 |
cs_cli capi register || : |
86 |
cs_cli capi register || : |
71 |
fi |
87 |
fi |
72 |
|
|
|
73 |
fi |
88 |
fi |
74 |
|
89 |
|
75 |
# This would work but takes 30secs to timeout while reading the metrics, because crowdsec is not running yet. |
90 |
# install the collection for the first time, or if it has been removed |
76 |
# cs_cli collections inspect crowdsecurity/freebsd 2>/dev/null | grep ^installed | grep -q true || \ |
91 |
cs_cli collections inspect crowdsecurity/freebsd --no-metrics 2>/dev/null | grep ^installed | grep -q true || \ |
77 |
# cs_cli collections install crowdsecurity/freebsd || : |
|
|
78 |
|
79 |
# So we just check for the file |
80 |
if [ ! -e "${CONFIG_DIR}/collections/freebsd.yaml" ]; then |
81 |
cs_cli collections install crowdsecurity/freebsd || : |
92 |
cs_cli collections install crowdsecurity/freebsd || : |
82 |
fi |
|
|
83 |
} |
93 |
} |
84 |
|
94 |
|
85 |
crowdsec_stop() |
95 |
crowdsec_configtest() { |
86 |
{ |
96 |
echo "Performing sanity check on ${name} configuration." |
87 |
if [ ! -f "$pidfile" ]; then |
97 |
if ! "$command_crowdsec" -c "$crowdsec_config" -t -error; then |
88 |
echo "${name} is not running." |
98 |
exit 1 |
89 |
return |
|
|
90 |
fi |
91 |
pid=$(cat "$pidfile") |
92 |
if kill -0 "$pid" >/dev/null 2>&1; then |
93 |
echo "Stopping ${name}." |
94 |
kill -s TERM "$pid" >/dev/null 2>&1 |
95 |
# shellcheck disable=SC2034 |
96 |
for i in $(seq 1 20); do |
97 |
sleep 1 |
98 |
if ! kill -0 "$pid" >/dev/null 2>&1; then |
99 |
rm -f "$pidfile" |
100 |
return |
101 |
fi |
102 |
done |
103 |
echo "Timeout, terminating ${name} with SIGKILL." |
104 |
kill -s KILL "$pid" >/dev/null 2>&1 |
105 |
rm -f "$pidfile" |
106 |
else |
107 |
echo "${name} is not running." |
108 |
fi |
99 |
fi |
|
|
100 |
echo "Configuration test OK" |
109 |
} |
101 |
} |
110 |
|
102 |
|
111 |
crowdsec_start() |
103 |
crowdsec_reload() { |
112 |
{ |
104 |
echo "Reloading configuration" |
113 |
/usr/sbin/daemon -f -p "$pidfile" -t "$desc" -- \ |
105 |
if [ -r "$pidfile_crowdsec" ]; then |
114 |
"$command" -c "$crowdsec_config" ${crowdsec_flags} |
106 |
kill -HUP "$(check_pidfile "$pidfile_crowdsec" "${command_crowdsec}")" |
115 |
} |
|
|
116 |
|
117 |
crowdsec_configtest() |
118 |
{ |
119 |
echo "Performing sanity check on ${name} configuration." |
120 |
if "$command" -c "$crowdsec_config" -t -error; then |
121 |
echo "Configuration test OK" |
122 |
fi |
107 |
fi |
123 |
} |
108 |
} |
124 |
|
109 |
|