Update to 2021-02-19 19:00

master
Daniel Berteaud 3 years ago
parent 279527d27a
commit f1444d088c
  1. 6
      roles/crowdsec/defaults/main.yml
  2. 4
      roles/crowdsec/tasks/conf.yml
  3. 7
      roles/crowdsec/tasks/directories.yml
  4. 27
      roles/crowdsec/tasks/install.yml
  5. 2
      roles/crowdsec/templates/local_api_credentials.yaml.j2
  6. 3
      roles/crowdsec/templates/post-backup.j2
  7. 18
      roles/crowdsec/templates/pre-backup.j2
  8. 4
      roles/ntp_client/handlers/main.yml
  9. 4
      roles/squid/files/acl/software_various.domains

@ -57,12 +57,12 @@ crowdsec_parsers:
- crowdsecurity/geoip-enrich
- crowdsecurity/dateparse-enrich
- crowdsecurity/whitelists
- crowdsecurity/sshd-logs
- crowdsecurity/iptables-logs
# - crowdsecurity/sshd-logs
# - crowdsecurity/iptables-logs
# List of scenarios to install from the hub
crowdsec_scenarios:
- crowdsecurity/ban-defcon-drop_range
- crowdsecurity/ssh-bf
# - crowdsecurity/ssh-bf
# List of postoverflows to install from the hub
crowdsec_postoverflows:
- crowdsecurity/cdn-whitelist

@ -18,7 +18,9 @@
- db_user: "{{ crowdsec_db_user }}"
- db_server: "{{ crowdsec_db_server }}"
- db_pass: "{{ crowdsec_db_pass }}"
when: crowdsec_db_engine == 'mysql'
when:
- crowdsec_db_engine == 'mysql'
- crowdsec_lapi_enabled
tags: crowdsec
- when: crowdsec_lapi_pass is not defined

@ -7,4 +7,11 @@
mode: 755
- dir: /etc/crowdsec/meta
mode: 700
- dir: /home/lbkp/crowdsec
- dir: /etc/crowdsec/parsers/s00-raw
- dir: /etc/crowdsec/parsers/s01-parse
- dir: /etc/crowdsec/parsers/s02-enrich
- dir: /etc/crowdsec/scenarios
- dir: /etc/crowdsec/postoverflows/s00-enrich
- dir: /etc/crowdsec/postoverflows/s01-whitelist
tags: crowdsec

@ -25,3 +25,30 @@
tags: crowdsec
- name: Create the systemd unit snippet dir
file: path=/etc/systemd/system/crowdsec.service.d state=directory
tags: crowdsec
- name: Make the service restart on failure
copy:
content: |
[Service]
Restart=on-failure
StartLimitInterval=0
RestartSec=30
dest: /etc/systemd/system/crowdsec.service.d/restart.conf
register: crodwsec_unit
notify: restart crodwsec
tags: crowdsec
- name: Reload systemd
systemd: daemon_reload=True
when: crodwsec_unit.changed
tags: crowdsec
- name: Install pre and post backup hooks
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/crowdsec mode=700
loop:
- pre
- post
tags: crowdsec

@ -1,3 +1,3 @@
url: {{ crowdsec_lapi_url }}
url: {{ crowdsec_lapi_enabled | ternary('http://127.0.0.1:' ~ crowdsec_lapi_port,crowdsec_lapi_url) }}
login: {{ crowdsec_lapi_user }}
password: {{ crowdsec_lapi_pass }}

@ -0,0 +1,3 @@
#!/bin/bash -e
rm -f /home/lbkp/crowdsec/*

@ -0,0 +1,18 @@
#!/bin/bash -e
mkdir -p /home/lbkp/crowdsec/
{% if crowdsec_lapi_enabled %}
{% if crowdsec_db_engine == 'mysql' %}
/usr/bin/mysqldump \
{% if crowdsec_db_server not in ['localhost','127.0.0.1'] %}
--user={{ crowdsec_db_user | quote }} \
--password={{ crowdsec_db_pass | quote }} \
--host={{ crowdsec_db_server | quote }} \
--port={{ crowdsec_db_port | quote }} \
{% endif %}
--quick --single-transaction \
--add-drop-table {{ crowdsec_db_name | quote }} | zstd -c > /home/lbkp/crowdsec/{{ crowdsec_db_name }}.sql.zst
{% else %}
sqlite3 /var/lib/crowdsec/data/crowdsec.db .dump | zstd -c > /home/lbkp/crowdsec/crowdsec.sql.zst
{% endif %}
{% endif %}

@ -1,7 +1,7 @@
---
- name: restart ntpd
service: name={{ ntp_service }} state=restarted
service: name={{ ntp_ntpd_service }} state=restarted
- name: restart chrony
service: name={{ chrony_service }} state=restarted
service: name={{ ntp_chrony_service }} state=restarted

@ -348,3 +348,7 @@ store.itophub.io
crowdsec-statics-assets.s3-eu-west-1.amazonaws.com
api.crowdsec.com
www.cloudflare.com
# Metabase
static.metabase.com
downloads.metabase.com

Loading…
Cancel
Save