crowdsec-*: seperate discord notify from main pkgs / steal awall policy from alpine repos(lmao)
This commit is contained in:
parent
f7d8eeb96b
commit
45e8a3320d
GPG Key ID:
41D406044E2434BF
@ -1,6 +1,8 @@
|
|||||||
|
# Contributor: Minoplhy <c@3qx.nl>
|
||||||
|
maintainer="Minoplhy <c@3qx.nl>"
|
||||||
pkgname=crowdsec-firewall-bouncer
|
pkgname=crowdsec-firewall-bouncer
|
||||||
pkgver=0.0.31
|
pkgver=0.0.31
|
||||||
pkgrel=0
|
pkgrel=1
|
||||||
pkgdesc="Crowdsec Bouncer: Iptables Firewall"
|
pkgdesc="Crowdsec Bouncer: Iptables Firewall"
|
||||||
url="https://crowdsec.net/"
|
url="https://crowdsec.net/"
|
||||||
arch="all"
|
arch="all"
|
||||||
@ -9,10 +11,12 @@ depends="iptables ipset"
|
|||||||
makedepends="go"
|
makedepends="go"
|
||||||
subpackages="
|
subpackages="
|
||||||
$pkgname-openrc
|
$pkgname-openrc
|
||||||
|
$pkgname-awall::noarch
|
||||||
"
|
"
|
||||||
options="!check" # no test suite identified
|
options="!check" # no test suite identified
|
||||||
source="$pkgname-$pkgver.tar.gz::https://github.com/crowdsecurity/cs-firewall-bouncer/archive/refs/tags/v$pkgver.tar.gz
|
source="$pkgname-$pkgver.tar.gz::https://github.com/crowdsecurity/cs-firewall-bouncer/archive/refs/tags/v$pkgver.tar.gz
|
||||||
"$pkgname".initd
|
"$pkgname".initd
|
||||||
|
awall-policy.json
|
||||||
"
|
"
|
||||||
|
|
||||||
export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}"
|
export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}"
|
||||||
@ -35,9 +39,19 @@ package() {
|
|||||||
install -dm 0755 \
|
install -dm 0755 \
|
||||||
"$pkgdir"/etc/crowdsec/bouncers
|
"$pkgdir"/etc/crowdsec/bouncers
|
||||||
|
|
||||||
install -m 0600 \
|
(umask 077 && BACKEND=iptables API_KEY="" envsubst \
|
||||||
"$builddir"/config/crowdsec-firewall-bouncer.yaml \
|
<config/crowdsec-firewall-bouncer.yaml \
|
||||||
"$pkgdir"/etc/crowdsec/bouncers
|
>"$pkgdir"/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
awall() {
|
||||||
|
pkgdesc="crowdsec bouncer awall policy"
|
||||||
|
depends="$pkgname"
|
||||||
|
install_if="awall $pkgname=$pkgver-r$pkgrel"
|
||||||
|
|
||||||
|
install -Dm0644 "$srcdir"/awall-policy.json \
|
||||||
|
"$subpkgdir"/etc/awall/optional/cs-firewall-bouncer.json
|
||||||
}
|
}
|
||||||
|
|
||||||
sha512sums="
|
sha512sums="
|
||||||
|
|||||||
19
minoplhy-crowdsec-firewall-bouncer/awall-policy.json
Executable file
19
minoplhy-crowdsec-firewall-bouncer/awall-policy.json
Executable file
@ -0,0 +1,19 @@
|
|||||||
|
{
|
||||||
|
"description": "Integration with cs-firewall-bouncer in ipset mode",
|
||||||
|
|
||||||
|
"ipset": {
|
||||||
|
"crowdsec-blacklists": { "type": "hash:ip", "family": "inet", "timeout": true, "size": 65536 },
|
||||||
|
"crowdsec6-blacklists": { "type": "hash:ip", "family": "inet6", "timeout": true, "size": 65536 }
|
||||||
|
},
|
||||||
|
|
||||||
|
"filter": [
|
||||||
|
{
|
||||||
|
"in": "adp-wan",
|
||||||
|
"ipset": [
|
||||||
|
{ "name": "crowdsec-blacklists", "args": ["in"] },
|
||||||
|
{ "name": "crowdsec6-blacklists", "args": ["in"] }
|
||||||
|
],
|
||||||
|
"action": "drop"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
@ -9,10 +9,19 @@ description_reload="Reload configuration"
|
|||||||
|
|
||||||
depend() {
|
depend() {
|
||||||
need net
|
need net
|
||||||
after firewall
|
after firewall crowdsec
|
||||||
use logger
|
use logger
|
||||||
}
|
}
|
||||||
|
|
||||||
|
start_pre() {
|
||||||
|
ebegin "Validating CrowdSec firewall bouncer config"
|
||||||
|
${command} -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml -t || return 1
|
||||||
|
eend $?
|
||||||
|
|
||||||
|
# Wait for Crowdsec to start(in case of boot)
|
||||||
|
sleep 2
|
||||||
|
}
|
||||||
|
|
||||||
reload() {
|
reload() {
|
||||||
ebegin "Reloading $RC_SVCNAME"
|
ebegin "Reloading $RC_SVCNAME"
|
||||||
start-stop-daemon --signal HUP --pidfile "$pidfile"
|
start-stop-daemon --signal HUP --pidfile "$pidfile"
|
||||||
|
|||||||
37
minoplhy-crowdsec-notify/APKBUILD
Executable file
37
minoplhy-crowdsec-notify/APKBUILD
Executable file
@ -0,0 +1,37 @@
|
|||||||
|
# Contributor: Minoplhy <c@3qx.nl>
|
||||||
|
maintainer="Minoplhy <c@3qx.nl>"
|
||||||
|
pkgname=crowdsec-notify
|
||||||
|
pkgver=0.0.1
|
||||||
|
pkgrel=0
|
||||||
|
pkgdesc="Crowdsec Notifications"
|
||||||
|
url="https://crowdsec.net/"
|
||||||
|
arch="all"
|
||||||
|
license="MIT"
|
||||||
|
subpackages="$pkgname-discord:_plugin"
|
||||||
|
options="!check" # no test suite identified
|
||||||
|
source="discord.yaml::https://owu.se/p-p/minoplhy/scriptbox/raw/branch/main/crowdsec-notifications/discord.yaml"
|
||||||
|
|
||||||
|
package() {
|
||||||
|
install -dm 0755 \
|
||||||
|
"$pkgdir"/etc/crowdsec/notifications
|
||||||
|
|
||||||
|
install -m 0600 \
|
||||||
|
"$srcdir"/discord.yaml \
|
||||||
|
"$pkgdir"/etc/crowdsec/notifications
|
||||||
|
}
|
||||||
|
|
||||||
|
_plugin() {
|
||||||
|
_subpkgname="${subpkgname:9:(${#subpkgname}-16)}"
|
||||||
|
pkgdesc="$pkgname plugin: $_subpkgname"
|
||||||
|
depends="$pkgname=$pkgver-r$pkgrel"
|
||||||
|
amove etc/crowdsec/notifications/$_subpkgname.yaml
|
||||||
|
# Excerpt from minoplhy's original modification of minoplhy-crowdsec
|
||||||
|
#
|
||||||
|
#if [[ $_subpkgname -ne "discord" ]]; then
|
||||||
|
# amove usr/libexec/crowdsec/plugins/notification-$_subpkgname
|
||||||
|
#fi
|
||||||
|
}
|
||||||
|
|
||||||
|
sha512sums="
|
||||||
|
445c731b0b01a8219b00cac3ad5c02af3c9676ce620b6c202a0e85afb04ce9b351b408a07c2d5f07fba1f23d75a9427807f0852eb43658f91d49b39ed02ec49a discord.yaml
|
||||||
|
"
|
||||||
@ -3,11 +3,12 @@
|
|||||||
# Maintainer: Nicolas Lorin <androw95220@gmail.com>
|
# Maintainer: Nicolas Lorin <androw95220@gmail.com>
|
||||||
pkgname=crowdsec
|
pkgname=crowdsec
|
||||||
pkgver=1.6.8
|
pkgver=1.6.8
|
||||||
pkgrel=0
|
pkgrel=1
|
||||||
pkgdesc="behavior detection engine, coupled with a global IP reputation network"
|
pkgdesc="behavior detection engine, coupled with a global IP reputation network"
|
||||||
url="https://crowdsec.net/"
|
url="https://crowdsec.net/"
|
||||||
arch="all"
|
arch="all"
|
||||||
license="MIT"
|
license="MIT"
|
||||||
|
install="$pkgname.post-install"
|
||||||
makedepends="go sqlite-dev re2-dev"
|
makedepends="go sqlite-dev re2-dev"
|
||||||
subpackages="
|
subpackages="
|
||||||
$pkgname-openrc
|
$pkgname-openrc
|
||||||
@ -16,11 +17,9 @@ subpackages="
|
|||||||
$pkgname-sentinel-plugin:_plugin
|
$pkgname-sentinel-plugin:_plugin
|
||||||
$pkgname-slack-plugin:_plugin
|
$pkgname-slack-plugin:_plugin
|
||||||
$pkgname-splunk-plugin:_plugin
|
$pkgname-splunk-plugin:_plugin
|
||||||
$pkgname-discord-plugin:_plugin
|
|
||||||
"
|
"
|
||||||
options="!check" # no test suite identified
|
options="!check" # no test suite identified
|
||||||
source="$pkgname-$pkgver-2.tar.gz::https://github.com/crowdsecurity/crowdsec/archive/refs/tags/v$pkgver.tar.gz
|
source="$pkgname-$pkgver-2.tar.gz::https://github.com/crowdsecurity/crowdsec/archive/refs/tags/v$pkgver.tar.gz
|
||||||
discord.yaml::https://owu.se/p-p/minoplhy/scriptbox/raw/branch/main/crowdsec-notifications/discord.yaml
|
|
||||||
system-sqlite.patch
|
system-sqlite.patch
|
||||||
crowdsec.initd
|
crowdsec.initd
|
||||||
"
|
"
|
||||||
@ -64,7 +63,6 @@ package() {
|
|||||||
cmd/notification-slack/slack.yaml \
|
cmd/notification-slack/slack.yaml \
|
||||||
cmd/notification-splunk/splunk.yaml \
|
cmd/notification-splunk/splunk.yaml \
|
||||||
cmd/notification-sentinel/sentinel.yaml \
|
cmd/notification-sentinel/sentinel.yaml \
|
||||||
"$srcdir"/discord.yaml \
|
|
||||||
"$pkgdir"/etc/crowdsec/notifications
|
"$pkgdir"/etc/crowdsec/notifications
|
||||||
install -m 0551 \
|
install -m 0551 \
|
||||||
cmd/notification-email/notification-email \
|
cmd/notification-email/notification-email \
|
||||||
@ -90,14 +88,11 @@ _plugin() {
|
|||||||
pkgdesc="$pkgname plugin: $_subpkgname"
|
pkgdesc="$pkgname plugin: $_subpkgname"
|
||||||
depends="$pkgname=$pkgver-r$pkgrel"
|
depends="$pkgname=$pkgver-r$pkgrel"
|
||||||
amove etc/crowdsec/notifications/$_subpkgname.yaml
|
amove etc/crowdsec/notifications/$_subpkgname.yaml
|
||||||
if [[ $_subpkgname -ne "discord" ]]; then
|
|
||||||
amove usr/libexec/crowdsec/plugins/notification-$_subpkgname
|
amove usr/libexec/crowdsec/plugins/notification-$_subpkgname
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sha512sums="
|
sha512sums="
|
||||||
088456e434ca5908b4dd2ca90dc886a262bd12ff2f8e3e38430355500d19f5b0e1c8cc2ac4c6967cd0126a087c473b734a53ffda0e1a28eba89100278b2a5614 crowdsec-1.6.8-2.tar.gz
|
088456e434ca5908b4dd2ca90dc886a262bd12ff2f8e3e38430355500d19f5b0e1c8cc2ac4c6967cd0126a087c473b734a53ffda0e1a28eba89100278b2a5614 crowdsec-1.6.8-2.tar.gz
|
||||||
445c731b0b01a8219b00cac3ad5c02af3c9676ce620b6c202a0e85afb04ce9b351b408a07c2d5f07fba1f23d75a9427807f0852eb43658f91d49b39ed02ec49a discord.yaml
|
|
||||||
3cb94cb663195bcc9d3d2f155c7bcb4c1f53b0660155140a7a91b5c0c6f41a234024a8f38f68c9da7adae2a2291f7ebe36187f89aab2fe2a0d1c8df34861c990 system-sqlite.patch
|
3cb94cb663195bcc9d3d2f155c7bcb4c1f53b0660155140a7a91b5c0c6f41a234024a8f38f68c9da7adae2a2291f7ebe36187f89aab2fe2a0d1c8df34861c990 system-sqlite.patch
|
||||||
098db47afd457c9d68c69097c31fae29cd0c0dc98199b254f75b130ac228ac43c024182bebd7eae756ae4fa2f54682b7f0534cb04311468224d9df2ce4f67ec2 crowdsec.initd
|
098db47afd457c9d68c69097c31fae29cd0c0dc98199b254f75b130ac228ac43c024182bebd7eae756ae4fa2f54682b7f0534cb04311468224d9df2ce4f67ec2 crowdsec.initd
|
||||||
"
|
"
|
||||||
|
|||||||
19
minoplhy-crowdsec/crowdsec.post-install
Executable file
19
minoplhy-crowdsec/crowdsec.post-install
Executable file
@ -0,0 +1,19 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
[ -s /etc/crowdsec/local_api_credentials.yaml ] || cscli machines add -a --force --error
|
||||||
|
|
||||||
|
|
||||||
|
cat >&2 <<EOF
|
||||||
|
*
|
||||||
|
* Recommended command before starting Crowdsec
|
||||||
|
*
|
||||||
|
* Force Register capi:
|
||||||
|
* cscli capi register --error
|
||||||
|
* Hub update:
|
||||||
|
* cscli hub update
|
||||||
|
* Hub upgrade:
|
||||||
|
* cscli hub upgrade
|
||||||
|
*
|
||||||
|
EOF
|
||||||
|
|
||||||
|
exit 0
|
||||||
Loading…
x
Reference in New Issue
Block a user