Update to 2021-02-18 00:00

master
Daniel Berteaud 4 years ago
parent 7bf5081950
commit 4c1acbd1eb
  1. 19
      roles/crowdsec/defaults/main.yml
  2. 61
      roles/crowdsec/tasks/conf.yml
  3. 3
      roles/crowdsec/templates/local_api_credentials.yaml.j2
  4. 16
      roles/crowdsec/templates/parsers/s02-enrich/trusted_ip.yaml.j2

@ -47,3 +47,22 @@ crowdsec_prometheus_src_ip: []
# Default duration of a ban # Default duration of a ban
crowdsec_ban_duration: 15m crowdsec_ban_duration: 15m
# List of parsers to install from the hub
crowdsec_parsers:
- crowdsecurity/syslog-logs
- crowdsecurity/geoip-enrich
- crowdsecurity/dateparse-enrich
- crowdsecurity/whitelists
- crowdsecurity/sshd-logs
- crowdsecurity/iptables-logs
# List of scenarios to install from the hub
crowdsec_scenarios:
- crowdsecurity/ban-defcon-drop_range
- crowdsecurity/ssh-bf
# List of postoverflows to install from the hub
crowdsec_postoverflows:
- crowdsecurity/cdn-whitelist
- crowdsecurity/rdns
- crowdsecurity/seo-bots-whitelist

@ -7,6 +7,7 @@
- acquis.yaml - acquis.yaml
- simulation.yaml - simulation.yaml
- profile.yaml - profile.yaml
- parsers/s02-enrich/trusted_ip.yaml
notify: reload crowdsec notify: reload crowdsec
tags: crowdsec tags: crowdsec
@ -51,3 +52,63 @@
- local - local
notify: restart crowdsec notify: restart crowdsec
tags: crowdsec tags: crowdsec
- name: List installed parsers
shell: cscli parsers list -o json
register: crowdsec_installed_parsers
changed_when: False
tags: crowdsec
- name: Install parsers
command: cscli parsers install {{ item }}
when: item not in crowdsec_installed_parsers.stdout | from_json | map(attribute='name') | list
loop: "{{ crowdsec_parsers }}"
notify: reload crowdsec
tags: crowdsec
- name: Upgrade parsers
command: csscli parsers upgrade {{ item }}
loop: "{{ crowdsec_parsers }}"
when: crowdsec_install_mode == 'upgrade'
notify: reload crowdsec
tags: crowdsec
- name: List installed scenarios
command: cscli scenarios list -o json
register: crowdsec_installed_scenarios
changed_when: False
tags: crowdsec
- name: Install scenarios
command: cscli scenarios install {{ item }}
when: item not in crowdsec_installed_scenarios.stdout | from_json | map(attribute='name') | list
loop: "{{ crowdsec_scenarios }}"
notify: reload crowdsec
tags: crowdsec
- name: Upgrade scenarios
command: csscli scenarios upgrade {{ item }}
loop: "{{ crowdsec_scenarios }}"
when: crowdsec_install_mode == 'upgrade'
notify: reload crowdsec
tags: crowdsec
- name: List installed postoverflows
command: cscli postoverflows list -o json
register: crowdsec_installed_postoverflows
changed_when: False
tags: crowdsec
- name: Install postoverflows
command: cscli postoverflows install {{ item }}
when: item not in crowdsec_installed_postoverflows.stdout | from_json | map(attribute='name') | list
loop: "{{ crowdsec_postoverflows }}"
notify: reload crowdsec
tags: crowdsec
- name: Upgrade postoverflows
command: csscli postoverflows upgrade {{ item }}
loop: "{{ crowdsec_postoverflows }}"
when: crowdsec_install_mode == 'upgrade'
notify: reload crowdsec
tags: crowdsec

@ -0,0 +1,3 @@
url: {{ crowdsec_lapi_url }}
login: {{ crowdsec_lapi_user }}
password: {{ crowdsec_lapi_pass }}

@ -0,0 +1,16 @@
name: fws/trusted_ip
description: "Whitelist events from trusted ip"
whitelist:
reason: "trusted ip"
ip:
{% for ip in trusted_ip | default([]) %}
{% if ip is not search('/\d+$') %}
- "{{ ip }}"
{% endif %}
{% endfor %}
cidr:
{% for ip in trusted_ip | default([]) %}
{% if ip is search('/\d+$') %}
- "{{ ip }}"
{% endif %}
{% endfor %}
Loading…
Cancel
Save