crowdsec-*: seperate discord notify from main pkgs / steal awall policy from alpine repos(lmao)
This commit is contained in:
parent
f7d8eeb96b
commit
45e8a3320d
@ -1,6 +1,8 @@
|
||||
# Contributor: Minoplhy <c@3qx.nl>
|
||||
maintainer="Minoplhy <c@3qx.nl>"
|
||||
pkgname=crowdsec-firewall-bouncer
|
||||
pkgver=0.0.31
|
||||
pkgrel=0
|
||||
pkgrel=1
|
||||
pkgdesc="Crowdsec Bouncer: Iptables Firewall"
|
||||
url="https://crowdsec.net/"
|
||||
arch="all"
|
||||
@ -9,10 +11,12 @@ depends="iptables ipset"
|
||||
makedepends="go"
|
||||
subpackages="
|
||||
$pkgname-openrc
|
||||
$pkgname-awall::noarch
|
||||
"
|
||||
options="!check" # no test suite identified
|
||||
source="$pkgname-$pkgver.tar.gz::https://github.com/crowdsecurity/cs-firewall-bouncer/archive/refs/tags/v$pkgver.tar.gz
|
||||
"$pkgname".initd
|
||||
awall-policy.json
|
||||
"
|
||||
|
||||
export GOCACHE="${GOCACHE:-"$srcdir/go-cache"}"
|
||||
@ -35,9 +39,19 @@ package() {
|
||||
install -dm 0755 \
|
||||
"$pkgdir"/etc/crowdsec/bouncers
|
||||
|
||||
install -m 0600 \
|
||||
"$builddir"/config/crowdsec-firewall-bouncer.yaml \
|
||||
"$pkgdir"/etc/crowdsec/bouncers
|
||||
(umask 077 && BACKEND=iptables API_KEY="" envsubst \
|
||||
<config/crowdsec-firewall-bouncer.yaml \
|
||||
>"$pkgdir"/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml)
|
||||
}
|
||||
|
||||
|
||||
awall() {
|
||||
pkgdesc="crowdsec bouncer awall policy"
|
||||
depends="$pkgname"
|
||||
install_if="awall $pkgname=$pkgver-r$pkgrel"
|
||||
|
||||
install -Dm0644 "$srcdir"/awall-policy.json \
|
||||
"$subpkgdir"/etc/awall/optional/cs-firewall-bouncer.json
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
|
19
minoplhy-crowdsec-firewall-bouncer/awall-policy.json
Executable file
19
minoplhy-crowdsec-firewall-bouncer/awall-policy.json
Executable file
@ -0,0 +1,19 @@
|
||||
{
|
||||
"description": "Integration with cs-firewall-bouncer in ipset mode",
|
||||
|
||||
"ipset": {
|
||||
"crowdsec-blacklists": { "type": "hash:ip", "family": "inet", "timeout": true, "size": 65536 },
|
||||
"crowdsec6-blacklists": { "type": "hash:ip", "family": "inet6", "timeout": true, "size": 65536 }
|
||||
},
|
||||
|
||||
"filter": [
|
||||
{
|
||||
"in": "adp-wan",
|
||||
"ipset": [
|
||||
{ "name": "crowdsec-blacklists", "args": ["in"] },
|
||||
{ "name": "crowdsec6-blacklists", "args": ["in"] }
|
||||
],
|
||||
"action": "drop"
|
||||
}
|
||||
]
|
||||
}
|
@ -9,10 +9,19 @@ description_reload="Reload configuration"
|
||||
|
||||
depend() {
|
||||
need net
|
||||
after firewall
|
||||
after firewall crowdsec
|
||||
use logger
|
||||
}
|
||||
|
||||
start_pre() {
|
||||
ebegin "Validating CrowdSec firewall bouncer config"
|
||||
${command} -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml -t || return 1
|
||||
eend $?
|
||||
|
||||
# Wait for Crowdsec to start(in case of boot)
|
||||
sleep 2
|
||||
}
|
||||
|
||||
reload() {
|
||||
ebegin "Reloading $RC_SVCNAME"
|
||||
start-stop-daemon --signal HUP --pidfile "$pidfile"
|
||||
|
37
minoplhy-crowdsec-notify/APKBUILD
Executable file
37
minoplhy-crowdsec-notify/APKBUILD
Executable file
@ -0,0 +1,37 @@
|
||||
# Contributor: Minoplhy <c@3qx.nl>
|
||||
maintainer="Minoplhy <c@3qx.nl>"
|
||||
pkgname=crowdsec-notify
|
||||
pkgver=0.0.1
|
||||
pkgrel=0
|
||||
pkgdesc="Crowdsec Notifications"
|
||||
url="https://crowdsec.net/"
|
||||
arch="all"
|
||||
license="MIT"
|
||||
subpackages="$pkgname-discord:_plugin"
|
||||
options="!check" # no test suite identified
|
||||
source="discord.yaml::https://owu.se/p-p/minoplhy/scriptbox/raw/branch/main/crowdsec-notifications/discord.yaml"
|
||||
|
||||
package() {
|
||||
install -dm 0755 \
|
||||
"$pkgdir"/etc/crowdsec/notifications
|
||||
|
||||
install -m 0600 \
|
||||
"$srcdir"/discord.yaml \
|
||||
"$pkgdir"/etc/crowdsec/notifications
|
||||
}
|
||||
|
||||
_plugin() {
|
||||
_subpkgname="${subpkgname:9:(${#subpkgname}-16)}"
|
||||
pkgdesc="$pkgname plugin: $_subpkgname"
|
||||
depends="$pkgname=$pkgver-r$pkgrel"
|
||||
amove etc/crowdsec/notifications/$_subpkgname.yaml
|
||||
# Excerpt from minoplhy's original modification of minoplhy-crowdsec
|
||||
#
|
||||
#if [[ $_subpkgname -ne "discord" ]]; then
|
||||
# amove usr/libexec/crowdsec/plugins/notification-$_subpkgname
|
||||
#fi
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
445c731b0b01a8219b00cac3ad5c02af3c9676ce620b6c202a0e85afb04ce9b351b408a07c2d5f07fba1f23d75a9427807f0852eb43658f91d49b39ed02ec49a discord.yaml
|
||||
"
|
@ -3,11 +3,12 @@
|
||||
# Maintainer: Nicolas Lorin <androw95220@gmail.com>
|
||||
pkgname=crowdsec
|
||||
pkgver=1.6.8
|
||||
pkgrel=0
|
||||
pkgrel=1
|
||||
pkgdesc="behavior detection engine, coupled with a global IP reputation network"
|
||||
url="https://crowdsec.net/"
|
||||
arch="all"
|
||||
license="MIT"
|
||||
install="$pkgname.post-install"
|
||||
makedepends="go sqlite-dev re2-dev"
|
||||
subpackages="
|
||||
$pkgname-openrc
|
||||
@ -16,11 +17,9 @@ subpackages="
|
||||
$pkgname-sentinel-plugin:_plugin
|
||||
$pkgname-slack-plugin:_plugin
|
||||
$pkgname-splunk-plugin:_plugin
|
||||
$pkgname-discord-plugin:_plugin
|
||||
"
|
||||
options="!check" # no test suite identified
|
||||
source="$pkgname-$pkgver-2.tar.gz::https://github.com/crowdsecurity/crowdsec/archive/refs/tags/v$pkgver.tar.gz
|
||||
discord.yaml::https://owu.se/p-p/minoplhy/scriptbox/raw/branch/main/crowdsec-notifications/discord.yaml
|
||||
system-sqlite.patch
|
||||
crowdsec.initd
|
||||
"
|
||||
@ -64,7 +63,6 @@ package() {
|
||||
cmd/notification-slack/slack.yaml \
|
||||
cmd/notification-splunk/splunk.yaml \
|
||||
cmd/notification-sentinel/sentinel.yaml \
|
||||
"$srcdir"/discord.yaml \
|
||||
"$pkgdir"/etc/crowdsec/notifications
|
||||
install -m 0551 \
|
||||
cmd/notification-email/notification-email \
|
||||
@ -90,14 +88,11 @@ _plugin() {
|
||||
pkgdesc="$pkgname plugin: $_subpkgname"
|
||||
depends="$pkgname=$pkgver-r$pkgrel"
|
||||
amove etc/crowdsec/notifications/$_subpkgname.yaml
|
||||
if [[ $_subpkgname -ne "discord" ]]; then
|
||||
amove usr/libexec/crowdsec/plugins/notification-$_subpkgname
|
||||
fi
|
||||
}
|
||||
|
||||
sha512sums="
|
||||
088456e434ca5908b4dd2ca90dc886a262bd12ff2f8e3e38430355500d19f5b0e1c8cc2ac4c6967cd0126a087c473b734a53ffda0e1a28eba89100278b2a5614 crowdsec-1.6.8-2.tar.gz
|
||||
445c731b0b01a8219b00cac3ad5c02af3c9676ce620b6c202a0e85afb04ce9b351b408a07c2d5f07fba1f23d75a9427807f0852eb43658f91d49b39ed02ec49a discord.yaml
|
||||
3cb94cb663195bcc9d3d2f155c7bcb4c1f53b0660155140a7a91b5c0c6f41a234024a8f38f68c9da7adae2a2291f7ebe36187f89aab2fe2a0d1c8df34861c990 system-sqlite.patch
|
||||
098db47afd457c9d68c69097c31fae29cd0c0dc98199b254f75b130ac228ac43c024182bebd7eae756ae4fa2f54682b7f0534cb04311468224d9df2ce4f67ec2 crowdsec.initd
|
||||
"
|
||||
|
19
minoplhy-crowdsec/crowdsec.post-install
Executable file
19
minoplhy-crowdsec/crowdsec.post-install
Executable file
@ -0,0 +1,19 @@
|
||||
#!/bin/sh
|
||||
|
||||
[ -s /etc/crowdsec/local_api_credentials.yaml ] || cscli machines add -a --force --error
|
||||
|
||||
|
||||
cat >&2 <<EOF
|
||||
*
|
||||
* Recommended command before starting Crowdsec
|
||||
*
|
||||
* Force Register capi:
|
||||
* cscli capi register --error
|
||||
* Hub update:
|
||||
* cscli hub update
|
||||
* Hub upgrade:
|
||||
* cscli hub upgrade
|
||||
*
|
||||
EOF
|
||||
|
||||
exit 0
|
Loading…
x
Reference in New Issue
Block a user