feat(crowdsec): add secubox-app daemon

2025-12-30 13:00:59 +01:00 · 2025-12-30 13:00:59 +01:00 · 029b1796d4
commit 029b1796d4
parent 559e5d40ea
8 changed files with 372 additions and 1 deletions
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@ -165,7 +165,9 @@
      "WebFetch(domain:docs.crowdsec.net)",
      "Bash(timeout 600 make:*)",
      "Bash(timeout 300 make:*)",
-      "Bash(timeout 120 make:*)"
+      "Bash(timeout 120 make:*)",
+      "Bash(ln:*)",
+      "Bash(tee:*)"
    ]
  }
 }
--- a/package/secubox/secubox-app-crowdsec/Makefile
+++ b/package/secubox/secubox-app-crowdsec/Makefile
@ -0,0 +1,154 @@
+# SPDX-License-Identifier: MIT
+#
+# Copyright (C) 2021-2022 Gerald Kerma <gandalf@gk2.net>
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=crowdsec
+PKG_VERSION:=1.7.4
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/crowdsecurity/crowdsec/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=755b5c2c1a8cef24b56fd2fbc7d2942f6fc525c625a78f9c65229e5b3b305327
+
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Gerald Kerma <gandalf@gk2.net>
+
+PKG_BUILD_DEPENDS:=golang/host
+PKG_BUILD_PARALLEL:=1
+PKG_BUILD_FLAGS:=no-mips16
+
+CWD_SYSTEM:=openwrt
+
+CWD_BUILD_VERSION?=v$(PKG_VERSION)
+CWD_BUILD_GOVERSION:=$(shell go version | cut -d " " -f3 | sed -E 's/[go]+//g')
+CWD_BUILD_CODENAME:=alphaga
+CWD_BUILD_TIMESTAMP:=$(shell date +%F"_"%T)
+CWD_BUILD_TAG:=openwrt-$(PKG_VERSION)-$(PKG_RELEASE)
+
+CWD_VERSION_PKG:=github.com/crowdsecurity/go-cs-lib/version
+
+GO_PKG:=github.com/crowdsecurity/crowdsec
+GO_PKG_INSTALL_ALL:=1
+GO_PKG_LDFLAGS_X:=$(CWD_VERSION_PKG).Version=$(CWD_BUILD_VERSION) \
+	$(CWD_VERSION_PKG).System=$(CWD_SYSTEM) \
+	$(CWD_VERSION_PKG).BuildDate=$(CWD_BUILD_TIMESTAMP) \
+	$(CWD_VERSION_PKG).Codename=$(CWD_BUILD_CODENAME)  \
+	$(CWD_VERSION_PKG).Tag=$(CWD_BUILD_TAG) \
+	$(CWD_VERSION_PKG).GoVersion=$(CWD_BUILD_GOVERSION)
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/golang/golang-package.mk
+
+define Package/crowdsec/Default
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=Crowdsec detection engine
+  URL:=https://crowdsec.net/
+endef
+
+define Package/crowdsec
+$(call Package/crowdsec/Default)
+  DEPENDS:=$(GO_ARCH_DEPENDS)
+endef
+
+define Package/golang-crowdsec-dev
+$(call Package/crowdsec/Default)
+$(call GoPackage/GoSubMenu)
+  TITLE+= (source files)
+  DEPENDS:=$(GO_ARCH_DEPENDS)
+  PKGARCH:=all
+endef
+
+define Package/crowdsec/Default/description
+  Crowdsec - An open-source, lightweight agent to detect
+  and respond to bad behaviours.
+  It also automatically benefits from a global
+  community-wide IP reputation database.
+endef
+
+define Package/crowdsec/description
+$(call Package/crowdsec/Default/description)
+
+  This package contains the main program.
+endef
+
+define Package/golang-crowdsec-dev/description
+$(call Package/crowdsec/Default/description)
+
+  This package provides the source files for the program.
+endef
+
+ifneq ($(CONFIG_USE_MUSL),)
+  TARGET_CFLAGS += -D_LARGEFILE64_SOURCE
+endif
+
+define Package/crowdsec/install
+	$(call GoPackage/Package/Install/Bin,$(1))
+
+	$(INSTALL_DIR) $(1)/etc/crowdsec
+	$(INSTALL_DIR) $(1)/etc/crowdsec/scenarios
+	$(INSTALL_DIR) $(1)/etc/crowdsec/postoverflows
+	$(INSTALL_DIR) $(1)/etc/crowdsec/collections
+	$(INSTALL_DIR) $(1)/etc/crowdsec/patterns
+	$(INSTALL_DIR) $(1)/etc/crowdsec/hub
+
+	$(INSTALL_DATA) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/config.yaml \
+		$(1)/etc/crowdsec
+	$(INSTALL_DATA) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/dev.yaml \
+		$(1)/etc/crowdsec
+	$(INSTALL_DATA) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/user.yaml \
+		$(1)/etc/crowdsec
+	$(INSTALL_DATA) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/acquis.yaml \
+		$(1)/etc/crowdsec
+	$(INSTALL_DATA) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/profiles.yaml \
+		$(1)/etc/crowdsec
+	$(INSTALL_DATA) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/simulation.yaml \
+		$(1)/etc/crowdsec
+	$(INSTALL_DATA) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/local_api_credentials.yaml \
+		$(1)/etc/crowdsec
+	$(INSTALL_DATA) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/online_api_credentials.yaml \
+		$(1)/etc/crowdsec
+
+	$(CP) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/patterns/* \
+		$(1)/etc/crowdsec/patterns
+
+	$(INSTALL_DIR) $(1)/srv/crowdsec/data/
+
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) \
+		./files/crowdsec.initd \
+		$(1)/etc/init.d/crowdsec
+
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_CONF) \
+		./files/crowdsec.config \
+		$(1)/etc/config/crowdsec
+
+	$(LN) /usr/bin/crowdsec-cli $(1)/usr/bin/cscli
+
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_BIN) \
+		./files/crowdsec.defaults \
+		$(1)/etc/uci-defaults/99_crowdsec
+endef
+
+define Package/crowdsec/conffiles
+/etc/crowdsec/
+/etc/config/crowdsec
+endef
+
+$(eval $(call GoBinPackage,crowdsec))
+$(eval $(call BuildPackage,crowdsec))
--- a/package/secubox/secubox-app-crowdsec/README.md
+++ b/package/secubox/secubox-app-crowdsec/README.md
@ -0,0 +1,120 @@
+# SecuBox App - CrowdSec
+
+## Version
+- **Package**: secubox-app-crowdsec
+- **CrowdSec Core**: v1.7.4
+- **Release**: 1
+- **Last Updated**: December 30, 2024
+
+## Description
+CrowdSec is an open-source, lightweight security engine that detects and responds to malicious behaviors. This SecuBox package provides CrowdSec for OpenWrt routers.
+
+## Key Features (v1.7.4)
+- ✅ WAF capability with DropRequest helper for request blocking
+- ✅ Refactored syslog acquisition using RestartableStreamer
+- ✅ Optional pure-go SQLite driver for better compatibility
+- ✅ Enhanced logging configuration with syslog media support
+- ✅ Configurable usage metrics export (api.server.disable_usage_metrics_export)
+- ✅ Fixed LAPI metrics cardinality issues with Prometheus
+- ✅ Data race prevention in Docker acquisition
+- ✅ Database query optimization for decision streams
+
+## Package Contents
+- **Makefile**: OpenWrt package definition for CrowdSec v1.7.4
+- **files/**: Configuration and init scripts
+  - `crowdsec.initd`: Init script for service management
+  - `crowdsec.config`: UCI configuration
+  - `crowdsec.defaults`: Default configuration (uci-defaults)
+- **patches/**: Patches for OpenWrt compatibility
+  - `001-fix_config_data_dir.patch`: Fix data directory path for OpenWrt
+
+## Installation
+```bash
+# From SecuBox build environment
+cd /home/reepost/CyberMindStudio/_files/secubox-openwrt
+make package/secubox/secubox-app-crowdsec/compile V=s
+
+# Install on router
+opkg install crowdsec_1.7.4-1_*.ipk
+```
+
+## Configuration
+CrowdSec configuration files are located at:
+- Main config: `/etc/crowdsec/config.yaml`
+- Acquisition: `/etc/crowdsec/acquis.yaml`
+- Profiles: `/etc/crowdsec/profiles.yaml`
+- Local API: `/etc/crowdsec/local_api_credentials.yaml`
+
+Data directory: `/srv/crowdsec/data/`
+
+## Service Management
+```bash
+# Start CrowdSec
+/etc/init.d/crowdsec start
+
+# Stop CrowdSec
+/etc/init.d/crowdsec stop
+
+# Restart CrowdSec
+/etc/init.d/crowdsec restart
+
+# Check status
+/etc/init.d/crowdsec status
+```
+
+## CLI Usage
+CrowdSec CLI is available via `cscli`:
+```bash
+# Check version
+cscli version
+
+# List decisions
+cscli decisions list
+
+# View alerts
+cscli alerts list
+
+# Manage collections
+cscli collections list
+cscli collections install crowdsecurity/nginx
+
+# Manage bouncers
+cscli bouncers list
+cscli bouncers add firewall-bouncer
+```
+
+## Integration with SecuBox
+This package integrates with:
+- **luci-app-crowdsec-dashboard** v0.5.0+
+- **SecuBox Theme System**
+- **SecuBox Logging** (`secubox-log`)
+
+## Dependencies
+- Go compiler (build-time)
+- SQLite3
+- OpenWrt base system
+
+## References
+- Upstream: https://github.com/crowdsecurity/crowdsec
+- Documentation: https://docs.crowdsec.net/
+- Hub: https://hub.crowdsec.net/
+- SecuBox Project: https://cybermind.fr
+
+## Changelog
+
+### v1.7.4-1 (2024-12-30)
+- Updated from v1.6.2 to v1.7.4
+- Added WAF/AppSec support
+- Improved syslog acquisition
+- Enhanced metrics export configuration
+- Fixed Prometheus cardinality issues
+
+### v1.6.2-1 (Previous)
+- Initial SecuBox integration
+- Basic OpenWrt compatibility patches
+
+## License
+MIT License
+
+## Maintainer
+CyberMind.fr - Gandalf <gandalf@gk2.net>
--- a/package/secubox/secubox-app-crowdsec/files/crowdsec.config
+++ b/package/secubox/secubox-app-crowdsec/files/crowdsec.config
@ -0,0 +1,4 @@
+config crowdsec 'crowdsec'
+	option data_dir '/srv/crowdsec/data'
+	option db_path '/srv/crowdsec/data/crowdsec.db'
+
--- a/package/secubox/secubox-app-crowdsec/files/crowdsec.defaults
+++ b/package/secubox/secubox-app-crowdsec/files/crowdsec.defaults
@ -0,0 +1,26 @@
+#!/bin/sh
+
+CONFIG=/etc/crowdsec/config.yaml
+data_dir=`uci get "crowdsec.crowdsec.data_dir"`
+sed -i "s,^\(\s*data_dir\s*:\s*\).*\$,\1$data_dir," $CONFIG
+db_path=`uci get "crowdsec.crowdsec.db_path"`
+sed -i "s,^\(\s*db_path\s*:\s*\).*\$,\1$db_path," $CONFIG
+
+# Create data dir & permissions if needed
+if [ ! -d "${data_dir}" ]; then
+	mkdir -m 0755 -p "${data_dir}"
+fi;
+
+if grep -q "login:" /etc/crowdsec/local_api_credentials.yaml; then
+	echo local API already registered...
+else
+	cscli -c /etc/crowdsec/config.yaml machines add -a -f /etc/crowdsec/local_api_credentials.yaml
+fi
+if [ -s /etc/crowdsec/online_api_credentials.yaml ]; then
+	echo online API already registered...
+else
+	cscli -c /etc/crowdsec/config.yaml capi register -f /etc/crowdsec/online_api_credentials.yaml
+fi
+cscli hub update && cscli collections install crowdsecurity/linux && cscli parsers install crowdsecurity/whitelists && cscli hub upgrade
+
+exit 0
--- a/package/secubox/secubox-app-crowdsec/files/crowdsec.initd
+++ b/package/secubox/secubox-app-crowdsec/files/crowdsec.initd
@ -0,0 +1,44 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2021-2022 Gerald Kerma <gandalf@gk2.net>
+
+START=99
+USE_PROCD=1
+NAME=crowdsec
+PROG=/usr/bin/crowdsec
+CONFIG=/etc/crowdsec/config.yaml
+RUNCONFDIR=/srv/crowdsec/data
+VARCONFIGDIR=/var/etc/crowdsec
+VARCONFIG=/var/etc/crowdsec/config.yaml
+
+service_triggers() {
+	procd_add_reload_trigger crowdsec
+}
+
+init_config() {
+	config_load crowdsec
+	config_get data_dir crowdsec data_dir "${RUNCONFDIR}"
+	config_get db_path crowdsec db_path "${RUNCONFDIR}/crowdsec.db"
+
+	# Create tmp dir & permissions if needed
+	if [ ! -d "${VARCONFIGDIR}" ]; then
+		mkdir -m 0755 -p "${VARCONFIGDIR}"
+	fi;
+
+	cp $CONFIG $VARCONFIG
+
+	sed -i "s,^\(\s*data_dir\s*:\s*\).*\$,\1$data_dir," $VARCONFIG
+	sed -i "s,^\(\s*db_path\s*:\s*\).*\$,\1$db_path," $VARCONFIG
+
+	# Create data dir & permissions if needed
+	if [ ! -d "${RUNCONFDIR}" ]; then
+		mkdir -m 0755 -p "${RUNCONFDIR}"
+	fi;
+}
+
+start_service() {
+	init_config
+
+	procd_open_instance
+	procd_set_param command "$PROG" -c "$VARCONFIG"
+	procd_close_instance
+}
--- a/package/secubox/secubox-app-crowdsec/patches/001-fix_config_data_dir.patch
+++ b/package/secubox/secubox-app-crowdsec/patches/001-fix_config_data_dir.patch
@ -0,0 +1,20 @@
+--- a/config/config.yaml
+++ b/config/config.yaml
+@@ -8,7 +8,7 @@ common:
+   log_max_files: 10
+ config_paths:
+   config_dir: /etc/crowdsec/
+-  data_dir: /var/lib/crowdsec/data/
+  data_dir: /srv/crowdsec/data/
+   simulation_path: /etc/crowdsec/simulation.yaml
+   hub_dir: /etc/crowdsec/hub/
+   index_path: /etc/crowdsec/hub/.index.json
+@@ -25,7 +25,7 @@ cscli:
+ db_config:
+   log_level: info
+   type: sqlite
+-  db_path: /var/lib/crowdsec/data/crowdsec.db
+  db_path: /srv/crowdsec/data/crowdsec.db
+   #max_open_conns: 100
+   #user: 
+   #password:
--- a/1
+++ b/1
@ -0,0 +1 @@
+package/secubox/secubox-app-crowdsec