Browse Source

Update to 2021-02-23 19:00

master
Daniel Berteaud 2 days ago
parent
commit
e8311ecfce
14 changed files with 171 additions and 171 deletions
  1. +35
    -35
      roles/crowdsec/defaults/main.yml
  2. +1
    -1
      roles/crowdsec/meta/main.yml
  3. +2
    -2
      roles/crowdsec/tasks/cleanup.yml
  4. +51
    -51
      roles/crowdsec/tasks/conf.yml
  5. +1
    -1
      roles/crowdsec/tasks/directories.yml
  6. +36
    -36
      roles/crowdsec/tasks/facts.yml
  7. +10
    -10
      roles/crowdsec/tasks/install.yml
  8. +7
    -7
      roles/crowdsec/tasks/iptables.yml
  9. +1
    -1
      roles/crowdsec/tasks/services.yml
  10. +11
    -11
      roles/crowdsec/templates/config.yaml.j2
  11. +3
    -3
      roles/crowdsec/templates/local_api_credentials.yaml.j2
  12. +4
    -4
      roles/crowdsec/templates/online_api_credentials.yaml.j2
  13. +8
    -8
      roles/crowdsec/templates/pre-backup.j2
  14. +1
    -1
      roles/crowdsec/templates/profiles.yaml.j2

+ 35
- 35
roles/crowdsec/defaults/main.yml View File

@ -1,71 +1,71 @@
---
# Version to install
crowdsec_version: 1.0.7
cs_version: 1.0.7
# URL of the archive
crowdsec_archive_url: https://github.com/crowdsecurity/crowdsec/releases/download/v{{ crowdsec_version }}/crowdsec-release.tgz
cs_archive_url: https://github.com/crowdsecurity/crowdsec/releases/download/v{{ cs_version }}/crowdsec-release.tgz
# Expected sha1 of the archive
crowdsec_archive_sha1: 7c9dc58c6648c8fd43b297427d6a53fe940cbf13
cs_archive_sha1: 7c9dc58c6648c8fd43b297427d6a53fe940cbf13
# Can be sqlite or mysql
crowdsec_db_engine: sqlite
cs_db_engine: sqlite
# This is for mysql backend
crowdsec_db_server: "{{ mysql_server | default('localhost') }}"
crowdsec_db_port: 3306
crowdsec_db_name: crowdsec
crowdsec_db_user: crowdsec
cs_db_server: "{{ mysql_server | default('localhost') }}"
cs_db_port: 3306
cs_db_name: crowdsec
cs_db_user: crowdsec
# If not defined, a random one will be generated and store in /etc/crowdsec/meta/ansible_dbpass
# crowdsec_db_pass: S3cr3t.
# cs_db_pass: S3cr3t.
# You can disable the Local API, if using a remote one for example
crowdsec_lapi_enabled: True
cs_lapi_enabled: True
# Set to true if Local API is enabled, and you intend to use it through a trusted reverse proxy
crowdsec_use_forwarded_headers: False
cs_use_forwarded_headers: False
# Port on which the Local API will listen
crowdsec_lapi_port: 8080
# List of IP/CIDR allowed to access crowdsec_lapi_port
crowdsec_lapi_src_ip: []
cs_lapi_port: 8080
# List of IP/CIDR allowed to access cs_lapi_port
cs_lapi_src_ip: []
# Address of the Local API server
# The default config will make it standalone
crowdsec_lapi_url: http://localhost:{{ crowdsec_lapi_port }}/
crowdsec_lapi_user: "{{ inventory_hostname }}"
cs_lapi_url: http://localhost:{{ cs_lapi_port }}/
cs_lapi_user: "{{ inventory_hostname }}"
# On installation, ansible will register this host on the Local API
# And will then validate the registration on the following server.
# So set it to your own Local API server so ansible will delegate the task
crowdsec_lapi_server: "{{ inventory_hostname }}"
cs_lapi_server: "{{ inventory_hostname }}"
# Use the central API, to share your banned IP, and received list of IP to ban
# Requires crowdsec_lapi_enabled to be true too
crowdsec_capi_enabled: False
# Requires cs_lapi_enabled to be true too
cs_capi_enabled: False
# You can either register manuelly and the the user/pass with those variable
# Else, ansible will register and configure the credentials
# crowdsec_capi_user: 123456789
# crowdsec_capi_pass: azertyuiop
# cs_capi_user: 123456789
# cs_capi_pass: azertyuiop
# Port on which the prometheus metric endpoint will bind to
crowdsec_prometheus_port: 6060
cs_prometheus_port: 6060
# List of IP/CIDR allowed to access the prometheus port
crowdsec_prometheus_src_ip: []
cs_prometheus_src_ip: []
# Default duration of a ban
crowdsec_ban_duration: 15m
cs_ban_duration: 15m
# List of parsers to install from the hub
crowdsec_parsers:
- crowdsecurity/syslog-logs
- crowdsecurity/geoip-enrich
- crowdsecurity/dateparse-enrich
- crowdsecurity/whitelists
cs_parsers: []
# - crowdsecurity/syslog-logs
# - crowdsecurity/geoip-enrich
# - crowdsecurity/dateparse-enrich
# - crowdsecurity/whitelists
# - crowdsecurity/sshd-logs
# - crowdsecurity/iptables-logs
# List of scenarios to install from the hub
crowdsec_scenarios:
- crowdsecurity/ban-defcon-drop_range
cs_scenarios: []
# - crowdsecurity/ban-defcon-drop_range
# - crowdsecurity/ssh-bf
# List of postoverflows to install from the hub
crowdsec_postoverflows:
- crowdsecurity/cdn-whitelist
- crowdsecurity/rdns
- crowdsecurity/seo-bots-whitelist
cs_postoverflows: []
# - crowdsecurity/cdn-whitelist
# - crowdsecurity/rdns
# - crowdsecurity/seo-bots-whitelist

+ 1
- 1
roles/crowdsec/meta/main.yml View File

@ -2,4 +2,4 @@
dependencies:
- role: mysql_server
when: crowdsec_db_server in ['localhost','127.0.0.1']
when: cs_db_server in ['localhost','127.0.0.1']

+ 2
- 2
roles/crowdsec/tasks/cleanup.yml View File

@ -4,5 +4,5 @@
file: path={{ item }} state=absent
loop:
- /tmp/crowdsec-release.tgz
- /tmp/crowdsec-v{{ crowdsec_version }}
tags: crowdsec
- /tmp/crowdsec-v{{ cs_version }}
tags: cs

+ 51
- 51
roles/crowdsec/tasks/conf.yml View File

@ -9,45 +9,45 @@
- profiles.yaml
- parsers/s02-enrich/trusted_ip.yaml
notify: reload crowdsec
tags: crowdsec
tags: cs
# Create the database
- import_tasks: ../includes/webapps_create_mysql_db.yml
vars:
- db_name: "{{ crowdsec_db_name }}"
- db_user: "{{ crowdsec_db_user }}"
- db_server: "{{ crowdsec_db_server }}"
- db_pass: "{{ crowdsec_db_pass }}"
- db_name: "{{ cs_db_name }}"
- db_user: "{{ cs_db_user }}"
- db_server: "{{ cs_db_server }}"
- db_pass: "{{ cs_db_pass }}"
when:
- crowdsec_db_engine == 'mysql'
- crowdsec_lapi_enabled
tags: crowdsec
- cs_db_engine == 'mysql'
- cs_lapi_enabled
tags: cs
- when: crowdsec_lapi_pass is not defined
- when: cs_lapi_pass is not defined
block:
- name: Declare on the local API
command: cscli machines add {{ crowdsec_lapi_user }} --auto --force --file /dev/stdout --output raw
register: crowdsec_lapi_credentials
delegate_to: "{{ crowdsec_lapi_server }}"
- set_fact: crowdsec_lapi_credentials_yaml={{ crowdsec_lapi_credentials.stdout | from_yaml }}
- copy: content={{ crowdsec_lapi_credentials_yaml.password }} dest=/etc/crowdsec/meta/lapi_pass mode=600
- set_fact: crowdsec_lapi_pass={{ crowdsec_lapi_credentials_yaml.password }}
tags: crowdsec
command: cscli machines add {{ cs_lapi_user }} --auto --force --file /dev/stdout --output raw
register: cs_lapi_credentials
delegate_to: "{{ cs_lapi_server }}"
- set_fact: cs_lapi_credentials_yaml={{ cs_lapi_credentials.stdout | from_yaml }}
- copy: content={{ cs_lapi_credentials_yaml.password }} dest=/etc/crowdsec/meta/lapi_pass mode=600
- set_fact: cs_lapi_pass={{ cs_lapi_credentials_yaml.password }}
tags: cs
- when:
- crowdsec_lapi_enabled
- crowdsec_capi_enabled
- crowdsec_capi_user is not defined or crowdsec_capi_pass is not defined
- cs_lapi_enabled
- cs_capi_enabled
- cs_capi_user is not defined or cs_capi_pass is not defined
block:
- name: Register on the central API
command: cscli capi register -o raw -f /dev/stdout
register: crowdsec_capi_credentials
- set_fact: crowdsec_capi_credentials_yaml={{ crowdsec_capi_credentials.stdout | from_yaml }}
- copy: content={{ crowdsec_capi_credentials_yaml.login }} dest=/etc/crowdsec/meta/capi_user mode=600
- copy: content={{ crowdsec_capi_credentials_yaml.password }} dest=/etc/crowdsec/meta/capi_pass mode=600
- set_fact: crowdsec_capi_user={{ crowdsec_capi_credentials_yaml.login }}
- set_fact: crowdsec_capi_pass={{ crowdsec_capi_credentials_yaml.password }}
tags: crowdsec
register: cs_capi_credentials
- set_fact: cs_capi_credentials_yaml={{ cs_capi_credentials.stdout | from_yaml }}
- copy: content={{ cs_capi_credentials_yaml.login }} dest=/etc/crowdsec/meta/capi_user mode=600
- copy: content={{ cs_capi_credentials_yaml.password }} dest=/etc/crowdsec/meta/capi_pass mode=600
- set_fact: cs_capi_user={{ cs_capi_credentials_yaml.login }}
- set_fact: cs_capi_pass={{ cs_capi_credentials_yaml.password }}
tags: cs
- name: Deploy credentials config
template: src={{ item }}_api_credentials.yaml.j2 dest=/etc/crowdsec/{{ item }}_api_credentials.yaml mode=600
@ -55,64 +55,64 @@
- online
- local
notify: restart crowdsec
tags: crowdsec
tags: cs
- name: List installed parsers
shell: cscli parsers list -o json
register: crowdsec_installed_parsers
register: cs_installed_parsers
changed_when: False
tags: crowdsec
tags: cs
- name: Install parsers
command: cscli parsers install {{ item }}
when: item not in crowdsec_installed_parsers.stdout | from_json | map(attribute='name') | list
loop: "{{ crowdsec_parsers }}"
when: item not in cs_installed_parsers.stdout | from_json | map(attribute='name') | list
loop: "{{ cs_parsers }}"
notify: reload crowdsec
tags: crowdsec
tags: cs
- name: Upgrade parsers
command: csscli parsers upgrade {{ item }}
loop: "{{ crowdsec_parsers }}"
when: crowdsec_install_mode == 'upgrade'
loop: "{{ cs_parsers }}"
when: cs_install_mode == 'upgrade'
notify: reload crowdsec
tags: crowdsec
tags: cs
- name: List installed scenarios
command: cscli scenarios list -o json
register: crowdsec_installed_scenarios
register: cs_installed_scenarios
changed_when: False
tags: crowdsec
tags: cs
- name: Install scenarios
command: cscli scenarios install {{ item }}
when: item not in crowdsec_installed_scenarios.stdout | from_json | map(attribute='name') | list
loop: "{{ crowdsec_scenarios }}"
when: item not in cs_installed_scenarios.stdout | from_json | map(attribute='name') | list
loop: "{{ cs_scenarios }}"
notify: reload crowdsec
tags: crowdsec
tags: cs
- name: Upgrade scenarios
command: csscli scenarios upgrade {{ item }}
loop: "{{ crowdsec_scenarios }}"
when: crowdsec_install_mode == 'upgrade'
loop: "{{ cs_scenarios }}"
when: cs_install_mode == 'upgrade'
notify: reload crowdsec
tags: crowdsec
tags: cs
- name: List installed postoverflows
command: cscli postoverflows list -o json
register: crowdsec_installed_postoverflows
register: cs_installed_postoverflows
changed_when: False
tags: crowdsec
tags: cs
- name: Install postoverflows
command: cscli postoverflows install {{ item }}
when: item not in crowdsec_installed_postoverflows.stdout | from_json | map(attribute='name') | list
loop: "{{ crowdsec_postoverflows }}"
when: item not in cs_installed_postoverflows.stdout | from_json | map(attribute='name') | list
loop: "{{ cs_postoverflows }}"
notify: reload crowdsec
tags: crowdsec
tags: cs
- name: Upgrade postoverflows
command: csscli postoverflows upgrade {{ item }}
loop: "{{ crowdsec_postoverflows }}"
when: crowdsec_install_mode == 'upgrade'
loop: "{{ cs_postoverflows }}"
when: cs_install_mode == 'upgrade'
notify: reload crowdsec
tags: crowdsec
tags: cs

+ 1
- 1
roles/crowdsec/tasks/directories.yml View File

@ -14,4 +14,4 @@
- dir: /etc/crowdsec/scenarios
- dir: /etc/crowdsec/postoverflows/s00-enrich
- dir: /etc/crowdsec/postoverflows/s01-whitelist
tags: crowdsec
tags: cs

+ 36
- 36
roles/crowdsec/tasks/facts.yml View File

@ -2,34 +2,34 @@
- name: Set initial facts
block:
- set_fact: crowdsec_install_mode='none'
- set_fact: crowdsec_current_version=''
tags: crowdsec
- set_fact: cs_install_mode='none'
- set_fact: cs_current_version=''
tags: cs
- name: Check if crowdsec is installed
stat: path=/usr/local/bin/crowdsec
register: crowdsec_bin
tags: crowdsec
register: cs_bin
tags: cs
- name: Check installed version
shell: |
crowdsec -version 2>&1 | perl -ne 'm/version: v(\d+(\.\d+)*)/ && print $1'
register: crowdsec_current_version
register: cs_current_version
changed_when: False
when: crowdsec_bin.stat.exists
tags: crowdsec
when: cs_bin.stat.exists
tags: cs
- name: Set install mode
set_fact: crowdsec_install_mode='install'
when: not crowdsec_bin.stat.exists
tags: crowdsec
set_fact: cs_install_mode='install'
when: not cs_bin.stat.exists
tags: cs
- name: Set upgrade mode
set_fact: crowdsec_install_mode='upgrade'
set_fact: cs_install_mode='upgrade'
when:
- crowdsec_bin.stat.exists
- crowdsec_current_version.stdout != crowdsec_version
tags: crowdsec
- cs_bin.stat.exists
- cs_current_version.stdout != cs_version
tags: cs
# Create a random db password if needed
- block:
@ -37,48 +37,48 @@
vars:
- pass_file: "/etc/crowdsec/meta/ansible_db_pass"
- complex: False
- set_fact: crowdsec_db_pass={{ rand_pass }}
- set_fact: cs_db_pass={{ rand_pass }}
when:
- crowdsec_db_pass is not defined
- crowdsec_lapi_enabled
tags: crowdsec
- cs_db_pass is not defined
- cs_lapi_enabled
tags: cs
# Check if local API credentials are available in the meta dir
- name: Check local API credential files
stat: path=/etc/crowdsec/meta/lapi_pass
register: crowdsec_lapi_pass_file
tags: crowdsec
register: cs_lapi_pass_file
tags: cs
- name: Read the local API pass
block:
- slurp: src=/etc/crowdsec/meta/lapi_pass
register: crowdsec_lapi_pass_meta
- set_fact: crowdsec_lapi_pass={{ crowdsec_lapi_pass_meta.content | b64decode | trim }}
when: crowdsec_lapi_pass is not defined and crowdsec_lapi_pass_file.stat.exists
tags: crowdsec
register: cs_lapi_pass_meta
- set_fact: cs_lapi_pass={{ cs_lapi_pass_meta.content | b64decode | trim }}
when: cs_lapi_pass is not defined and cs_lapi_pass_file.stat.exists
tags: cs
# Check if central API credentials are available in the meta dir
- name: Check central API credential files
block:
- stat: path=/etc/crowdsec/meta/capi_user
register: crowdsec_capi_user_file
register: cs_capi_user_file
- stat: path=/etc/crowdsec/meta/capi_pass
register: crowdsec_capi_pass_file
tags: crowdsec
register: cs_capi_pass_file
tags: cs
- name: Read the central API user
block:
- slurp: src=/etc/crowdsec/meta/capi_user
register: crowdsec_capi_user_meta
- set_fact: crowdsec_capi_user={{ crowdsec_capi_user_meta.content | b64decode | trim }}
when: crowdsec_capi_user is not defined and crowdsec_capi_user_file.stat.exists
tags: crowdsec
register: cs_capi_user_meta
- set_fact: cs_capi_user={{ cs_capi_user_meta.content | b64decode | trim }}
when: cs_capi_user is not defined and cs_capi_user_file.stat.exists
tags: cs
- name: Read the central API pass
block:
- slurp: src=/etc/crowdsec/meta/capi_pass
register: crowdsec_capi_pass_meta
- set_fact: crowdsec_capi_pass={{ crowdsec_capi_pass_meta.content | b64decode | trim }}
when: crowdsec_capi_pass is not defined and crowdsec_capi_pass_file.stat.exists
tags: crowdsec
register: cs_capi_pass_meta
- set_fact: cs_capi_pass={{ cs_capi_pass_meta.content | b64decode | trim }}
when: cs_capi_pass is not defined and cs_capi_pass_file.stat.exists
tags: cs

+ 10
- 10
roles/crowdsec/tasks/install.yml View File

@ -1,12 +1,12 @@
---
- when: crowdsec_install_mode != 'none'
- when: cs_install_mode != 'none'
block:
- name: Download crowdsec
get_url:
url: "{{ crowdsec_archive_url }}"
url: "{{ cs_archive_url }}"
dest: /tmp/
checksum: sha1:{{ crowdsec_archive_sha1 }}
checksum: sha1:{{ cs_archive_sha1 }}
- name: Extract crowdsec
unarchive:
@ -15,19 +15,19 @@
remote_src: True
- name: Install or upgrade crowdsec
command: ./wizard.sh --bin{{ crowdsec_install_mode }}
command: ./wizard.sh --bin{{ cs_install_mode }}
args:
chdir: /tmp/crowdsec-v{{ crowdsec_version }}/
chdir: /tmp/crowdsec-v{{ cs_version }}/
notify: restart crowdsec
- name: Update crowdsec hub
command: cscli hub update
tags: crowdsec
tags: cs
- name: Create the systemd unit snippet dir
file: path=/etc/systemd/system/crowdsec.service.d state=directory
tags: crowdsec
tags: cs
- name: Make the service restart on failure
copy:
@ -39,16 +39,16 @@
dest: /etc/systemd/system/crowdsec.service.d/restart.conf
register: crodwsec_unit
notify: restart crowdsec
tags: crowdsec
tags: cs
- name: Reload systemd
systemd: daemon_reload=True
when: crodwsec_unit.changed
tags: crowdsec
tags: cs
- name: Install pre and post backup hooks
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/crowdsec mode=700
loop:
- pre
- post
tags: crowdsec
tags: cs

+ 7
- 7
roles/crowdsec/tasks/iptables.yml View File

@ -6,10 +6,10 @@
state: "{{ (item.src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ item.port }} -s {{ item.src_ip | join(',') }} -j ACCEPT"
loop:
- name: crowdsec_lapi_port
port: "{{ crowdsec_lapi_port }}"
src_ip: "{{ crowdsec_lapi_src_ip }}"
- name: crowdsec_prometheus_port
port: "{{ crowdsec_prometheus_port }}"
src_ip: "{{ crowdsec_prometheus_src_ip }}"
tags: firewall,crowdsec
- name: cs_lapi_port
port: "{{ cs_lapi_port }}"
src_ip: "{{ cs_lapi_src_ip }}"
- name: cs_prometheus_port
port: "{{ cs_prometheus_port }}"
src_ip: "{{ cs_prometheus_src_ip }}"
tags: firewall,cs

+ 1
- 1
roles/crowdsec/tasks/services.yml View File

@ -2,4 +2,4 @@
- name: Start and enable the service
service: name=crowdsec state=started enabled=True
tags: crowdsec
tags: cs

+ 11
- 11
roles/crowdsec/templates/config.yaml.j2 View File

@ -22,13 +22,13 @@ cscli:
db_config:
log_level: info
{% if crowdsec_db_engine == 'mysql' %}
{% if cs_db_engine == 'mysql' %}
type: mysql
user: {{ crowdsec_db_user }}
password: {{ crowdsec_db_pass | quote }}
db_name: {{ crowdsec_db_name }}
host: {{ crowdsec_db_server }}
port: {{ crowdsec_db_port }}
user: {{ cs_db_user }}
password: {{ cs_db_pass | quote }}
db_name: {{ cs_db_name }}
host: {{ cs_db_server }}
port: {{ cs_db_port }}
{% else %}
db_path: /var/lib/crowdsec/data/crowdsec.db
{% endif %}
@ -41,12 +41,12 @@ api:
insecure_skip_verify: false
credentials_path: /etc/crowdsec/local_api_credentials.yaml
{% if crowdsec_lapi_enabled %}
{% if cs_lapi_enabled %}
server:
log_level: info
listen_uri: 0.0.0.0:{{ crowdsec_lapi_port }}
listen_uri: 0.0.0.0:{{ cs_lapi_port }}
profiles_path: /etc/crowdsec/profiles.yaml
{% if crowdsec_capi_enabled %}
{% if cs_capi_enabled %}
online_client:
credentials_path: /etc/crowdsec/online_api_credentials.yaml
{% endif %}
@ -55,6 +55,6 @@ api:
prometheus:
enabled: true
level: full
listen_addr: {{ (crowdsec_prometheus_src_ip | length > 0) | ternary(ansible_all_ipv4_addresses[0],'127.0.0.1') }}
listen_port: {{ crowdsec_prometheus_port }}
listen_addr: {{ (cs_prometheus_src_ip | length > 0) | ternary(ansible_all_ipv4_addresses[0],'127.0.0.1') }}
listen_port: {{ cs_prometheus_port }}

+ 3
- 3
roles/crowdsec/templates/local_api_credentials.yaml.j2 View File

@ -1,3 +1,3 @@
url: {{ crowdsec_lapi_enabled | ternary('http://127.0.0.1:' ~ crowdsec_lapi_port,(crowdsec_lapi_url is search('/$')) | ternary(crowdsec_lapi_url, crowdsec_lapi_url ~ '/')) }}
login: {{ crowdsec_lapi_user }}
password: {{ crowdsec_lapi_pass }}
url: {{ cs_lapi_enabled | ternary('http://127.0.0.1:' ~ cs_lapi_port,(cs_lapi_url is search('/$')) | ternary(cs_lapi_url, cs_lapi_url ~ '/')) }}
login: {{ cs_lapi_user }}
password: {{ cs_lapi_pass }}

+ 4
- 4
roles/crowdsec/templates/online_api_credentials.yaml.j2 View File

@ -1,7 +1,7 @@
url: https://api.crowdsec.net/
{% if crowdsec_capi_user is defined %}
login: {{ crowdsec_capi_user }}
{% if cs_capi_user is defined %}
login: {{ cs_capi_user }}
{% endif %}
{% if crowdsec_capi_pass is defined %}
password: {{ crowdsec_capi_pass }}
{% if cs_capi_pass is defined %}
password: {{ cs_capi_pass }}
{% endif %}

+ 8
- 8
roles/crowdsec/templates/pre-backup.j2 View File

@ -1,17 +1,17 @@
#!/bin/bash -e
mkdir -p /home/lbkp/crowdsec/
{% if crowdsec_lapi_enabled %}
{% if crowdsec_db_engine == 'mysql' %}
{% if cs_lapi_enabled %}
{% if cs_db_engine == 'mysql' %}
/usr/bin/mysqldump \
{% if crowdsec_db_server not in ['localhost','127.0.0.1'] %}
--user={{ crowdsec_db_user | quote }} \
--password={{ crowdsec_db_pass | quote }} \
--host={{ crowdsec_db_server | quote }} \
--port={{ crowdsec_db_port | quote }} \
{% if cs_db_server not in ['localhost','127.0.0.1'] %}
--user={{ cs_db_user | quote }} \
--password={{ cs_db_pass | quote }} \
--host={{ cs_db_server | quote }} \
--port={{ cs_db_port | quote }} \
{% endif %}
--quick --single-transaction \
--add-drop-table {{ crowdsec_db_name | quote }} | zstd -c > /home/lbkp/crowdsec/{{ crowdsec_db_name }}.sql.zst
--add-drop-table {{ cs_db_name | quote }} | zstd -c > /home/lbkp/crowdsec/{{ cs_db_name }}.sql.zst
{% else %}
sqlite3 /var/lib/crowdsec/data/crowdsec.db .dump | zstd -c > /home/lbkp/crowdsec/crowdsec.sql.zst
{% endif %}


+ 1
- 1
roles/crowdsec/templates/profiles.yaml.j2 View File

@ -3,5 +3,5 @@ filters:
- Alert.Remediation == true && Alert.GetScope() == "Ip"
decisions:
- type: ban
duration: {{ crowdsec_ban_duration }}
duration: {{ cs_ban_duration }}
on_success: break

Loading…
Cancel
Save