mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-14 03:10:47 +00:00
security/crowdsec: update to 1.2.1
Update to 1.2.1 release and pass the maintainership to the submitter. PR: 260262
This commit is contained in:
Sofian Brabez
parent
9224581a10
commit
6713efec42
@ -1,45 +1,122 @@
|
||||
PORTNAME= crowdsec
|
||||
PORTVERSION= 1.1.1
|
||||
PORTVERSION= 1.2.1 # NOTE: change BUILD_VERSION and BUILD_TAG as well
|
||||
DISTVERSIONPREFIX= v
|
||||
CATEGORIES= security
|
||||
|
||||
MAINTAINER= sbz@FreeBSD.org
|
||||
COMMENT= Crowdsec lightweight and collaborative security engine
|
||||
MAINTAINER= marco@crowdsec.net
|
||||
COMMENT= CrowdSec lightweight and collaborative security engine
|
||||
|
||||
LICENSE= MIT
|
||||
LICENSE_FILE= ${WRKSRC}/LICENSE
|
||||
|
||||
USES= go:modules
|
||||
BUILD_DEPENDS= git:devel/git@lite \
|
||||
go:lang/go \
|
||||
jq:textproc/jq
|
||||
|
||||
USES= gmake
|
||||
|
||||
USE_GITHUB= yes
|
||||
GH_ACCOUNT= crowdsecurity
|
||||
GH_PROJECT= crowdsec
|
||||
#GH_TAGNAME is automatically set from DISTVERSION
|
||||
|
||||
USE_RC_SUBR= crowdsec
|
||||
|
||||
GO_MODULE= github.com/crowdsecurity/crowdsec
|
||||
USE_RC_SUBR= crowdsec
|
||||
|
||||
GO_BUILDFLAGS= -ldflags "-s -w \
|
||||
-X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=v${PORTVERSION} \
|
||||
-X github.com/crowdsecurity/crowdsec/pkg/cwversion.System=freebsd \
|
||||
-X github.com/crowdsecurity/crowdsec/pkg/cwversion.BuildDate=`date -u '+%Y-%m-%d_%I:%M:%S%p'`"
|
||||
SUB_FILES= pkg-message \
|
||||
pkg-deinstall
|
||||
|
||||
GO_TARGET= ./cmd/crowdsec \
|
||||
./cmd/crowdsec-cli
|
||||
# BUILD_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1))
|
||||
# BUILD_TAG=$(git rev-parse HEAD)
|
||||
MAKE_ENV= BUILD_VERSION="v1.2.1" \
|
||||
BUILD_TAG="dd03d073558e380c283afe66942f537c3da647ff"
|
||||
|
||||
SUB_FILES= pkg-message
|
||||
PLUGIN_DIR= ${PREFIX}/lib/crowdsec/plugins
|
||||
STAGE_PLUGINS= ${STAGEDIR}${PLUGIN_DIR}
|
||||
STAGE_BIN= ${STAGEDIR}${PREFIX}/bin
|
||||
|
||||
post-patch:
|
||||
@${REINPLACE_CMD} 's,/etc/crowdsec/,${ETCDIR}/,g' \
|
||||
${WRKSRC}/pkg/csconfig/config.go \
|
||||
${WRKSRC}/pkg/cstest/hubtest_item.go \
|
||||
${WRKSRC}/cmd/crowdsec-cli/machines.go \
|
||||
${WRKSRC}/cmd/crowdsec-cli/main.go \
|
||||
${WRKSRC}/cmd/crowdsec/main.go
|
||||
${WRKSRC}/cmd/crowdsec/main.go \
|
||||
${WRKSRC}/config/config.yaml \
|
||||
${WRKSRC}/config/profiles.yaml
|
||||
|
||||
@${REINPLACE_CMD} 's,/var/lib/,/var/db/,g' \
|
||||
${WRKSRC}/pkg/csconfig/config.go \
|
||||
${WRKSRC}/pkg/metabase/database.go \
|
||||
${WRKSRC}/config/config.yaml \
|
||||
${WRKSRC}/config/profiles.yaml
|
||||
|
||||
do-install:
|
||||
#
|
||||
# Binaries
|
||||
#
|
||||
|
||||
${INSTALL_PROGRAM} ${WRKSRC}/cmd/crowdsec/crowdsec ${STAGE_BIN}/
|
||||
${INSTALL_PROGRAM} ${WRKSRC}/cmd/crowdsec-cli/cscli ${STAGE_BIN}/
|
||||
${LN} -s cscli ${STAGE_BIN}/crowdsec-cli
|
||||
|
||||
@${MKDIR} ${STAGE_PLUGINS}
|
||||
${INSTALL_PROGRAM} ${WRKSRC}/plugins/notifications/http/notification-http ${STAGE_PLUGINS}/
|
||||
${INSTALL_PROGRAM} ${WRKSRC}/plugins/notifications/slack/notification-slack ${STAGE_PLUGINS}/
|
||||
${INSTALL_PROGRAM} ${WRKSRC}/plugins/notifications/splunk/notification-splunk ${STAGE_PLUGINS}/
|
||||
|
||||
#
|
||||
# Configuration
|
||||
#
|
||||
|
||||
@${MKDIR} ${STAGEDIR}${ETCDIR}
|
||||
@(cd ${WRKSRC}/config && ${COPYTREE_SHARE} . ${STAGEDIR}${ETCDIR})
|
||||
|
||||
@${MV} ${STAGEDIR}${ETCDIR}/acquis.yaml \
|
||||
${STAGEDIR}${ETCDIR}/acquis.yaml.sample
|
||||
|
||||
@${MV} ${STAGEDIR}${ETCDIR}/config.yaml \
|
||||
${STAGEDIR}${ETCDIR}/config.yaml.sample
|
||||
|
||||
${INSTALL_PROGRAM} ${WRKDIR}/bin/crowdsec ${STAGEDIR}${PREFIX}/bin
|
||||
${INSTALL_PROGRAM} ${WRKDIR}/bin/crowdsec-cli ${STAGEDIR}${PREFIX}/bin
|
||||
@${MV} ${STAGEDIR}${ETCDIR}/profiles.yaml \
|
||||
${STAGEDIR}${ETCDIR}/profiles.yaml.sample
|
||||
|
||||
# managed by "cscli simulation"
|
||||
@${MV} ${STAGEDIR}${ETCDIR}/simulation.yaml \
|
||||
${STAGEDIR}${ETCDIR}/simulation.yaml.sample
|
||||
|
||||
#
|
||||
# Plugin configuration
|
||||
#
|
||||
|
||||
@${MKDIR} ${STAGEDIR}${ETCDIR}/notifications
|
||||
|
||||
@${MKDIR} ${STAGEDIR}${ETCDIR}/notifications/http
|
||||
@${MV} ${WRKSRC}/plugins/notifications/http/http.yaml \
|
||||
${STAGEDIR}${ETCDIR}/notifications/http/http.yaml.sample
|
||||
|
||||
@${MKDIR} ${STAGEDIR}${ETCDIR}/notifications/slack
|
||||
@${MV} ${WRKSRC}/plugins/notifications/slack/slack.yaml \
|
||||
${STAGEDIR}${ETCDIR}/notifications/slack/slack.yaml.sample
|
||||
|
||||
@${MKDIR} ${STAGEDIR}${ETCDIR}/notifications/splunk
|
||||
@${MV} ${WRKSRC}/plugins/notifications/splunk/splunk.yaml \
|
||||
${STAGEDIR}${ETCDIR}/notifications/splunk/splunk.yaml.sample
|
||||
|
||||
# updated by "cscli machines" at first service start
|
||||
@${MV} ${STAGEDIR}${ETCDIR}/local_api_credentials.yaml \
|
||||
${STAGEDIR}${ETCDIR}/local_api_credentials.yaml.sample
|
||||
|
||||
# updated by "cscli capi" at first service start
|
||||
@${MV} ${STAGEDIR}${ETCDIR}/online_api_credentials.yaml \
|
||||
${STAGEDIR}${ETCDIR}/online_api_credentials.yaml.sample
|
||||
|
||||
#
|
||||
# Data
|
||||
#
|
||||
|
||||
@${MKDIR} ${STAGEDIR}${ETCDIR}/hub
|
||||
@${MKDIR} ${STAGEDIR}/var/db/crowdsec/data
|
||||
|
||||
.include <bsd.port.mk>
|
||||
|
||||
@ -1,5 +1,3 @@
|
||||
TIMESTAMP = 1626257804
|
||||
SHA256 (go/security_crowdsec/crowdsec-v1.1.1/v1.1.1.mod) = f764f7d850f1e2306f6764e534ace7261f7dc99f3b4884c2b0f617cb791b35de
|
||||
SIZE (go/security_crowdsec/crowdsec-v1.1.1/v1.1.1.mod) = 3295
|
||||
SHA256 (go/security_crowdsec/crowdsec-v1.1.1/v1.1.1.zip) = f7e63641a67392d57412ab1ff86a26ae4deeb9fc8460542f6258f7c9f56238e9
|
||||
SIZE (go/security_crowdsec/crowdsec-v1.1.1/v1.1.1.zip) = 640252
|
||||
TIMESTAMP = 1637702390
|
||||
SHA256 (crowdsecurity-crowdsec-v1.2.1_GH0.tar.gz) = e3a9bbb70b1995a83c5001d06dbbcb5f59d43e4d7c18b60548f305a62d2dd6a3
|
||||
SIZE (crowdsecurity-crowdsec-v1.2.1_GH0.tar.gz) = 659398
|
||||
|
||||
@ -22,9 +22,9 @@ rcvar=crowdsec_enable
|
||||
|
||||
load_rc_config $name
|
||||
|
||||
: ${crowdsec_enable:="NO"}
|
||||
: ${crowdsec_config:="%%PREFIX%%/etc/crowdsec/config.yaml"}
|
||||
: ${crowdsec_flags:=""}
|
||||
: "${crowdsec_enable:=NO}"
|
||||
: "${crowdsec_config:=%%PREFIX%%/etc/crowdsec/config.yaml}"
|
||||
: "${crowdsec_flags:=}"
|
||||
|
||||
pidfile=/var/run/${name}.pid
|
||||
required_files="$crowdsec_config"
|
||||
@ -35,27 +35,49 @@ configtest_cmd="${name}_configtest"
|
||||
extra_commands="configtest reload"
|
||||
|
||||
crowdsec_precmd() {
|
||||
if [ ! -d %%PREFIX%%/etc/crowdsec/hub ]; then
|
||||
%%PREFIX%%/bin/crowdsec-cli hub update || :
|
||||
cs_cli() {
|
||||
"%%PREFIX%%/bin/cscli" -c "${crowdsec_config}" "$@"
|
||||
}
|
||||
Config() {
|
||||
cs_cli config show --key "Config.$1"
|
||||
}
|
||||
|
||||
HUB_DIR=$(Config ConfigPaths.HubDir)
|
||||
if ! ls -1qA "$HUB_DIR/*" >/dev/null 2>&1; then
|
||||
echo "Fetching hub inventory"
|
||||
cs_cli hub update || :
|
||||
fi
|
||||
if [ -z "`%%PREFIX%%/bin/crowdsec-cli machines list -o raw`" ]; then
|
||||
%%PREFIX%%/bin/crowdsec-cli machines add --auto || :
|
||||
|
||||
if [ -z "$(cs_cli machines list -o raw)" ]; then
|
||||
echo "Registering LAPI"
|
||||
cs_cli machines add --auto || :
|
||||
fi
|
||||
if [ ! -s %%PREFIX%%/etc/crowdsec/online_api_credentials.yaml ]; then
|
||||
%%PREFIX%%/bin/crowdsec-cli capi register || :
|
||||
|
||||
CONFIG_DIR=$(Config ConfigPaths.ConfigDir)
|
||||
if [ ! -s "${CONFIG_DIR}/online_api_credentials.yaml" ]; then
|
||||
echo "Registering CAPI"
|
||||
cs_cli capi register || :
|
||||
fi
|
||||
|
||||
cs_cli collections inspect crowdsecurity/linux >/dev/null || cs_cli collections install crowdsecurity/linux || :
|
||||
|
||||
DATA_DIR=$(Config ConfigPaths.DataDir)
|
||||
if [ ! -f "${DATA_DIR}/GeoLite2-City.mmdb" ]; then
|
||||
echo "Installing GeoIP enricher"
|
||||
cs_cli parsers install crowdsecurity/geoip-enrich || :
|
||||
fi
|
||||
}
|
||||
|
||||
crowdsec_start()
|
||||
{
|
||||
/usr/sbin/daemon -f -p ${pidfile} -t "${desc}" \
|
||||
${command} -c ${crowdsec_config} ${crowdsec_flags}
|
||||
/usr/sbin/daemon -f -p ${pidfile} -t "${desc}" -- \
|
||||
${command} -c ${crowdsec_config} ${crowdsec_flags}
|
||||
}
|
||||
|
||||
crowdsec_configtest()
|
||||
{
|
||||
echo "Performing sanity check on ${name} configuration."
|
||||
eval ${command} -c ${crowdsec_config} -t
|
||||
echo "Performing sanity check on ${name} configuration."
|
||||
eval ${command} -c ${crowdsec_config} -t
|
||||
}
|
||||
|
||||
run_rc_command "$1"
|
||||
|
||||
11
security/crowdsec/files/patch-Makefile
Normal file
11
security/crowdsec/files/patch-Makefile
Normal file
@ -0,0 +1,11 @@
|
||||
--- Makefile.orig 2021-11-17 09:15:38 UTC
|
||||
+++ Makefile
|
||||
@@ -42,7 +42,7 @@ BUILD_VERSION?="$(shell git describe --tags `git rev-l
|
||||
BUILD_GOVERSION="$(shell go version | cut -d " " -f3 | sed -E 's/[go]+//g')"
|
||||
BUILD_CODENAME=$(shell cat RELEASE.json | jq -r .CodeName)
|
||||
BUILD_TIMESTAMP=$(shell date +%F"_"%T)
|
||||
-BUILD_TAG="$(shell git rev-parse HEAD)"
|
||||
+BUILD_TAG?="$(shell git rev-parse HEAD)"
|
||||
|
||||
export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=$(BUILD_VERSION) \
|
||||
-X github.com/crowdsecurity/crowdsec/pkg/cwversion.System=$(SYSTEM) \
|
||||
8
security/crowdsec/files/pkg-deinstall.in
Normal file
8
security/crowdsec/files/pkg-deinstall.in
Normal file
@ -0,0 +1,8 @@
|
||||
#!/bin/sh
|
||||
|
||||
case $2 in
|
||||
DEINSTALL)
|
||||
service crowdsec stop || :
|
||||
;;
|
||||
esac
|
||||
|
||||
@ -4,10 +4,17 @@
|
||||
|
||||
crowdsec is installed.
|
||||
|
||||
You need to edit the agent config file %%ETCDIR%%/crowdsec.yaml and
|
||||
enable rc via sysrc.
|
||||
You need to check/edit the following files in %%ETCDIR%% as described in https://doc.crowdsec.net/docs/configuration/crowdsec_configuration
|
||||
|
||||
- config.yaml: main configuration
|
||||
- acquis.yaml: where to find logs to parse (this port does not include automatic discovery of the running services)
|
||||
- profiles.yaml: remediation policies (ban, duration, etc)
|
||||
|
||||
Then you can enable the daemon via sysrc and run it.
|
||||
|
||||
# sysrc crowdsec_enable="YES"
|
||||
crowdsec_enable: NO -> YES
|
||||
# service crowdsec start
|
||||
EOM
|
||||
}
|
||||
]
|
||||
|
||||
@ -1,12 +1,18 @@
|
||||
@sample %%ETCDIR%%/config.yaml.sample
|
||||
@mode 0755
|
||||
bin/crowdsec
|
||||
bin/cscli
|
||||
bin/crowdsec-cli
|
||||
%%ETCDIR%%/acquis.yaml
|
||||
%%ETCDIR%%/crowdsec.service
|
||||
%%ETCDIR%%/crowdsec_pull
|
||||
%%ETCDIR%%/dev.yaml
|
||||
%%ETCDIR%%/local_api_credentials.yaml
|
||||
%%ETCDIR%%/online_api_credentials.yaml
|
||||
@mode 0600
|
||||
@sample %%ETCDIR%%/local_api_credentials.yaml.sample
|
||||
@sample %%ETCDIR%%/online_api_credentials.yaml.sample
|
||||
@mode 0644
|
||||
@sample %%ETCDIR%%/acquis.yaml.sample
|
||||
@sample %%ETCDIR%%/config.yaml.sample
|
||||
@sample %%ETCDIR%%/profiles.yaml.sample
|
||||
@sample %%ETCDIR%%/simulation.yaml.sample
|
||||
@sample %%ETCDIR%%/notifications/http/http.yaml.sample
|
||||
@sample %%ETCDIR%%/notifications/slack/slack.yaml.sample
|
||||
@sample %%ETCDIR%%/notifications/splunk/splunk.yaml.sample
|
||||
%%ETCDIR%%/patterns/aws
|
||||
%%ETCDIR%%/patterns/bacula
|
||||
%%ETCDIR%%/patterns/bro
|
||||
@ -31,6 +37,10 @@ bin/crowdsec-cli
|
||||
%%ETCDIR%%/patterns/smb
|
||||
%%ETCDIR%%/patterns/ssh
|
||||
%%ETCDIR%%/patterns/tcpdump
|
||||
%%ETCDIR%%/profiles.yaml
|
||||
%%ETCDIR%%/simulation.yaml
|
||||
%%ETCDIR%%/user.yaml
|
||||
@mode 0755
|
||||
lib/crowdsec/plugins/notification-http
|
||||
lib/crowdsec/plugins/notification-slack
|
||||
lib/crowdsec/plugins/notification-splunk
|
||||
@dir %%ETCDIR%%/hub
|
||||
@dir /var/db/crowdsec/data
|
||||
@dir /var/db/crowdsec
|
||||
|
||||
Loading…
Reference in New Issue
Block a user