Compare commits
2 commits
40187d4b2d
...
68450870cf
| Author | SHA1 | Date | |
|---|---|---|---|
 Tristan Daniël Maat
|
68450870cf
|
||
|
Tristan Daniël Maat
|
2831fdb0f2
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, ... }:
|
{ config, lib, ... }:
|
||||||
{
|
{
|
||||||
security.crowdsec = {
|
security.crowdsec = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
@ -7,21 +7,39 @@
|
||||||
"1.64.239.213"
|
"1.64.239.213"
|
||||||
];
|
];
|
||||||
|
|
||||||
settings.crowdsec_service.acquisition_path = pkgs.writeText "crowdsec-acquisitions.yaml" ''
|
extraGroups = [
|
||||||
---
|
"systemd-journal"
|
||||||
source: journalctl
|
"nginx"
|
||||||
journalctl_filter:
|
];
|
||||||
- "SYSLOG_IDENTIFIER=Nextcloud"
|
|
||||||
labels:
|
acquisitions = [
|
||||||
type: syslog
|
{
|
||||||
---
|
source = "journalctl";
|
||||||
source: journalctl
|
labels.type = "syslog";
|
||||||
journalctl_filter:
|
journalctl_filter = [
|
||||||
- "SYSLOG_IDENTIFIER=sshd-session"
|
"SYSLOG_IDENTIFIER=Nextcloud"
|
||||||
labels:
|
];
|
||||||
type: syslog
|
}
|
||||||
---
|
|
||||||
'';
|
{
|
||||||
|
source = "journalctl";
|
||||||
|
labels.type = "syslog";
|
||||||
|
journalctl_filter = [
|
||||||
|
"SYSLOG_IDENTIFIER=sshd-session"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
labels.type = "nginx";
|
||||||
|
filenames =
|
||||||
|
[
|
||||||
|
"/var/log/nginx/*.log"
|
||||||
|
]
|
||||||
|
++ lib.mapAttrsToList (
|
||||||
|
vHost: _: "/var/log/nginx/${vHost}/access.log"
|
||||||
|
) config.services.nginx.virtualHosts;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
remediationComponents.firewallBouncer = {
|
remediationComponents.firewallBouncer = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
|
|
@ -28,6 +28,12 @@ let
|
||||||
|
|
||||||
$sudo ${crowdsec}/bin/cscli "$@"
|
$sudo ${crowdsec}/bin/cscli "$@"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
acquisitions = ''
|
||||||
|
---
|
||||||
|
${lib.concatMapStringsSep "\n---\n" builtins.toJSON cfg.acquisitions}
|
||||||
|
---
|
||||||
|
'';
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [ ./remediations ];
|
imports = [ ./remediations ];
|
||||||
|
|
@ -82,6 +88,24 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
acquisitions = lib.mkOption {
|
||||||
|
type = listOf settingsFormat.type;
|
||||||
|
default = [ ];
|
||||||
|
description = ''
|
||||||
|
Log acquisitions.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
extraGroups = lib.mkOption {
|
||||||
|
type = listOf str;
|
||||||
|
default = [ ];
|
||||||
|
description = ''
|
||||||
|
Additional groups to make the service part of.
|
||||||
|
|
||||||
|
Required to permit reading from various log sources.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
hubConfigurations = {
|
hubConfigurations = {
|
||||||
collections = lib.mkOption {
|
collections = lib.mkOption {
|
||||||
type = listOf str;
|
type = listOf str;
|
||||||
|
|
@ -190,7 +214,13 @@ in
|
||||||
plugin_dir = lib.mkDefault "/var/empty/";
|
plugin_dir = lib.mkDefault "/var/empty/";
|
||||||
};
|
};
|
||||||
|
|
||||||
crowdsec_service.acquisition_path = lib.mkDefault "${cfg.package}/share/crowdsec/config/acquis.yaml";
|
crowdsec_service.acquisition_path =
|
||||||
|
# Using an if/else here because `mkMerge` does not work in
|
||||||
|
# YAML-type options
|
||||||
|
if cfg.acquisitions == [ ] then
|
||||||
|
"${cfg.package}/share/crowdsec/config/acquis.yaml"
|
||||||
|
else
|
||||||
|
pkgs.writeText "acquis.yaml" acquisitions;
|
||||||
|
|
||||||
cscli = {
|
cscli = {
|
||||||
prometheus_uri = lib.mkDefault "127.0.0.1:6060";
|
prometheus_uri = lib.mkDefault "127.0.0.1:6060";
|
||||||
|
|
@ -339,7 +369,7 @@ in
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = "crowdsec";
|
User = "crowdsec";
|
||||||
Group = "crowdsec";
|
Group = "crowdsec";
|
||||||
SupplementaryGroups = [ "systemd-journal" ];
|
SupplementaryGroups = cfg.extraGroups;
|
||||||
|
|
||||||
StateDirectory = "crowdsec";
|
StateDirectory = "crowdsec";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue