From 4c1acbd1eb3199260094f48f069fa69b0d1b2633 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Thu, 18 Feb 2021 00:00:09 +0100
Subject: [PATCH] Update to 2021-02-18 00:00

---
 roles/crowdsec/defaults/main.yml                   | 19 +++++++
 roles/crowdsec/tasks/conf.yml                      | 61 ++++++++++++++++++++++
 .../templates/local_api_credentials.yaml.j2        |  3 ++
 .../parsers/s02-enrich/trusted_ip.yaml.j2          | 16 ++++++
 4 files changed, 99 insertions(+)
 create mode 100644 roles/crowdsec/templates/local_api_credentials.yaml.j2
 create mode 100644 roles/crowdsec/templates/parsers/s02-enrich/trusted_ip.yaml.j2

diff --git a/roles/crowdsec/defaults/main.yml b/roles/crowdsec/defaults/main.yml
index 3011b9b..39eefd6 100644
--- a/roles/crowdsec/defaults/main.yml
+++ b/roles/crowdsec/defaults/main.yml
@@ -47,3 +47,22 @@ crowdsec_prometheus_src_ip: []
 
 # Default duration of a ban
 crowdsec_ban_duration: 15m
+
+# List of parsers to install from the hub
+crowdsec_parsers:
+  - crowdsecurity/syslog-logs
+  - crowdsecurity/geoip-enrich
+  - crowdsecurity/dateparse-enrich
+  - crowdsecurity/whitelists
+  - crowdsecurity/sshd-logs
+  - crowdsecurity/iptables-logs
+# List of scenarios to install from the hub
+crowdsec_scenarios:
+  - crowdsecurity/ban-defcon-drop_range
+  - crowdsecurity/ssh-bf
+# List of postoverflows to install from the hub
+crowdsec_postoverflows:
+  - crowdsecurity/cdn-whitelist
+  - crowdsecurity/rdns
+  - crowdsecurity/seo-bots-whitelist
+
diff --git a/roles/crowdsec/tasks/conf.yml b/roles/crowdsec/tasks/conf.yml
index 3b109c0..f98bcac 100644
--- a/roles/crowdsec/tasks/conf.yml
+++ b/roles/crowdsec/tasks/conf.yml
@@ -7,6 +7,7 @@
     - acquis.yaml
     - simulation.yaml
     - profile.yaml
+    - parsers/s02-enrich/trusted_ip.yaml
   notify: reload crowdsec
   tags: crowdsec
 
@@ -51,3 +52,63 @@
     - local
   notify: restart crowdsec
   tags: crowdsec
+
+- name: List installed parsers
+  shell: cscli parsers list -o json
+  register: crowdsec_installed_parsers
+  changed_when: False
+  tags: crowdsec
+
+- name: Install parsers
+  command: cscli parsers install {{ item }}
+  when: item not in crowdsec_installed_parsers.stdout | from_json | map(attribute='name') | list
+  loop: "{{ crowdsec_parsers }}"
+  notify: reload crowdsec
+  tags: crowdsec
+
+- name: Upgrade parsers
+  command: csscli parsers upgrade {{ item }}
+  loop: "{{ crowdsec_parsers }}"
+  when: crowdsec_install_mode == 'upgrade'
+  notify: reload crowdsec
+  tags: crowdsec
+
+- name: List installed scenarios
+  command: cscli scenarios list -o json
+  register: crowdsec_installed_scenarios
+  changed_when: False
+  tags: crowdsec
+
+- name: Install scenarios
+  command: cscli scenarios install {{ item }}
+  when: item not in crowdsec_installed_scenarios.stdout | from_json | map(attribute='name') | list
+  loop: "{{ crowdsec_scenarios }}"
+  notify: reload crowdsec
+  tags: crowdsec
+
+- name: Upgrade scenarios
+  command: csscli scenarios upgrade {{ item }}
+  loop: "{{ crowdsec_scenarios }}"
+  when: crowdsec_install_mode == 'upgrade'
+  notify: reload crowdsec
+  tags: crowdsec
+
+- name: List installed postoverflows
+  command: cscli postoverflows list -o json
+  register: crowdsec_installed_postoverflows
+  changed_when: False
+  tags: crowdsec
+
+- name: Install postoverflows
+  command: cscli postoverflows install {{ item }}
+  when: item not in crowdsec_installed_postoverflows.stdout | from_json | map(attribute='name') | list
+  loop: "{{ crowdsec_postoverflows }}"
+  notify: reload crowdsec
+  tags: crowdsec
+
+- name: Upgrade postoverflows
+  command: csscli postoverflows upgrade {{ item }}
+  loop: "{{ crowdsec_postoverflows }}"
+  when: crowdsec_install_mode == 'upgrade'
+  notify: reload crowdsec
+  tags: crowdsec
diff --git a/roles/crowdsec/templates/local_api_credentials.yaml.j2 b/roles/crowdsec/templates/local_api_credentials.yaml.j2
new file mode 100644
index 0000000..08b83fa
--- /dev/null
+++ b/roles/crowdsec/templates/local_api_credentials.yaml.j2
@@ -0,0 +1,3 @@
+url: {{ crowdsec_lapi_url }}
+login: {{ crowdsec_lapi_user }}
+password: {{ crowdsec_lapi_pass }}
diff --git a/roles/crowdsec/templates/parsers/s02-enrich/trusted_ip.yaml.j2 b/roles/crowdsec/templates/parsers/s02-enrich/trusted_ip.yaml.j2
new file mode 100644
index 0000000..173f25e
--- /dev/null
+++ b/roles/crowdsec/templates/parsers/s02-enrich/trusted_ip.yaml.j2
@@ -0,0 +1,16 @@
+name: fws/trusted_ip
+description: "Whitelist events from trusted ip"
+whitelist:
+  reason: "trusted ip"
+  ip:
+{% for ip in trusted_ip | default([]) %}
+{% if ip is not search('/\d+$') %}
+    - "{{ ip }}"
+{% endif %}
+{% endfor %}
+  cidr:
+{% for ip in trusted_ip | default([]) %}
+{% if ip is search('/\d+$') %}
+    - "{{ ip }}"
+{% endif %}
+{% endfor %}