From 029b1796d4b423dfa346590e314bdc727336b629 Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Tue, 30 Dec 2025 13:00:59 +0100 Subject: [PATCH] feat(crowdsec): add secubox-app daemon --- .claude/settings.local.json | 4 +- package/secubox/secubox-app-crowdsec/Makefile | 154 ++++++++++++++++++ .../secubox/secubox-app-crowdsec/README.md | 120 ++++++++++++++ .../files/crowdsec.config | 4 + .../files/crowdsec.defaults | 26 +++ .../secubox-app-crowdsec/files/crowdsec.initd | 44 +++++ .../patches/001-fix_config_data_dir.patch | 20 +++ secubox-app-crowdsec | 1 + 8 files changed, 372 insertions(+), 1 deletion(-) create mode 100644 package/secubox/secubox-app-crowdsec/Makefile create mode 100644 package/secubox/secubox-app-crowdsec/README.md create mode 100644 package/secubox/secubox-app-crowdsec/files/crowdsec.config create mode 100644 package/secubox/secubox-app-crowdsec/files/crowdsec.defaults create mode 100755 package/secubox/secubox-app-crowdsec/files/crowdsec.initd create mode 100644 package/secubox/secubox-app-crowdsec/patches/001-fix_config_data_dir.patch create mode 120000 secubox-app-crowdsec diff --git a/.claude/settings.local.json b/.claude/settings.local.json index 1db381a2..440ce07f 100644 --- a/.claude/settings.local.json +++ b/.claude/settings.local.json @@ -165,7 +165,9 @@ "WebFetch(domain:docs.crowdsec.net)", "Bash(timeout 600 make:*)", "Bash(timeout 300 make:*)", - "Bash(timeout 120 make:*)" + "Bash(timeout 120 make:*)", + "Bash(ln:*)", + "Bash(tee:*)" ] } } diff --git a/package/secubox/secubox-app-crowdsec/Makefile b/package/secubox/secubox-app-crowdsec/Makefile new file mode 100644 index 00000000..a4edb33a --- /dev/null +++ b/package/secubox/secubox-app-crowdsec/Makefile @@ -0,0 +1,154 @@ +# SPDX-License-Identifier: MIT +# +# Copyright (C) 2021-2022 Gerald Kerma +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=crowdsec +PKG_VERSION:=1.7.4 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/crowdsecurity/crowdsec/tar.gz/v$(PKG_VERSION)? +PKG_HASH:=755b5c2c1a8cef24b56fd2fbc7d2942f6fc525c625a78f9c65229e5b3b305327 + +PKG_LICENSE:=MIT +PKG_LICENSE_FILES:=LICENSE +PKG_MAINTAINER:=Gerald Kerma + +PKG_BUILD_DEPENDS:=golang/host +PKG_BUILD_PARALLEL:=1 +PKG_BUILD_FLAGS:=no-mips16 + +CWD_SYSTEM:=openwrt + +CWD_BUILD_VERSION?=v$(PKG_VERSION) +CWD_BUILD_GOVERSION:=$(shell go version | cut -d " " -f3 | sed -E 's/[go]+//g') +CWD_BUILD_CODENAME:=alphaga +CWD_BUILD_TIMESTAMP:=$(shell date +%F"_"%T) +CWD_BUILD_TAG:=openwrt-$(PKG_VERSION)-$(PKG_RELEASE) + +CWD_VERSION_PKG:=github.com/crowdsecurity/go-cs-lib/version + +GO_PKG:=github.com/crowdsecurity/crowdsec +GO_PKG_INSTALL_ALL:=1 +GO_PKG_LDFLAGS_X:=$(CWD_VERSION_PKG).Version=$(CWD_BUILD_VERSION) \ + $(CWD_VERSION_PKG).System=$(CWD_SYSTEM) \ + $(CWD_VERSION_PKG).BuildDate=$(CWD_BUILD_TIMESTAMP) \ + $(CWD_VERSION_PKG).Codename=$(CWD_BUILD_CODENAME) \ + $(CWD_VERSION_PKG).Tag=$(CWD_BUILD_TAG) \ + $(CWD_VERSION_PKG).GoVersion=$(CWD_BUILD_GOVERSION) + +include $(INCLUDE_DIR)/package.mk +include ../../lang/golang/golang-package.mk + +define Package/crowdsec/Default + SECTION:=net + CATEGORY:=Network + TITLE:=Crowdsec detection engine + URL:=https://crowdsec.net/ +endef + +define Package/crowdsec +$(call Package/crowdsec/Default) + DEPENDS:=$(GO_ARCH_DEPENDS) +endef + +define Package/golang-crowdsec-dev +$(call Package/crowdsec/Default) +$(call GoPackage/GoSubMenu) + TITLE+= (source files) + DEPENDS:=$(GO_ARCH_DEPENDS) + PKGARCH:=all +endef + +define Package/crowdsec/Default/description + Crowdsec - An open-source, lightweight agent to detect + and respond to bad behaviours. + It also automatically benefits from a global + community-wide IP reputation database. +endef + +define Package/crowdsec/description +$(call Package/crowdsec/Default/description) + + This package contains the main program. +endef + +define Package/golang-crowdsec-dev/description +$(call Package/crowdsec/Default/description) + + This package provides the source files for the program. +endef + +ifneq ($(CONFIG_USE_MUSL),) + TARGET_CFLAGS += -D_LARGEFILE64_SOURCE +endif + +define Package/crowdsec/install + $(call GoPackage/Package/Install/Bin,$(1)) + + $(INSTALL_DIR) $(1)/etc/crowdsec + $(INSTALL_DIR) $(1)/etc/crowdsec/scenarios + $(INSTALL_DIR) $(1)/etc/crowdsec/postoverflows + $(INSTALL_DIR) $(1)/etc/crowdsec/collections + $(INSTALL_DIR) $(1)/etc/crowdsec/patterns + $(INSTALL_DIR) $(1)/etc/crowdsec/hub + + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/config.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/dev.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/user.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/acquis.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/profiles.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/simulation.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/local_api_credentials.yaml \ + $(1)/etc/crowdsec + $(INSTALL_DATA) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/online_api_credentials.yaml \ + $(1)/etc/crowdsec + + $(CP) \ + $(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/patterns/* \ + $(1)/etc/crowdsec/patterns + + $(INSTALL_DIR) $(1)/srv/crowdsec/data/ + + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) \ + ./files/crowdsec.initd \ + $(1)/etc/init.d/crowdsec + + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) \ + ./files/crowdsec.config \ + $(1)/etc/config/crowdsec + + $(LN) /usr/bin/crowdsec-cli $(1)/usr/bin/cscli + + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_BIN) \ + ./files/crowdsec.defaults \ + $(1)/etc/uci-defaults/99_crowdsec +endef + +define Package/crowdsec/conffiles +/etc/crowdsec/ +/etc/config/crowdsec +endef + +$(eval $(call GoBinPackage,crowdsec)) +$(eval $(call BuildPackage,crowdsec)) diff --git a/package/secubox/secubox-app-crowdsec/README.md b/package/secubox/secubox-app-crowdsec/README.md new file mode 100644 index 00000000..1ffb4377 --- /dev/null +++ b/package/secubox/secubox-app-crowdsec/README.md @@ -0,0 +1,120 @@ +# SecuBox App - CrowdSec + +## Version +- **Package**: secubox-app-crowdsec +- **CrowdSec Core**: v1.7.4 +- **Release**: 1 +- **Last Updated**: December 30, 2024 + +## Description +CrowdSec is an open-source, lightweight security engine that detects and responds to malicious behaviors. This SecuBox package provides CrowdSec for OpenWrt routers. + +## Key Features (v1.7.4) +- ✅ WAF capability with DropRequest helper for request blocking +- ✅ Refactored syslog acquisition using RestartableStreamer +- ✅ Optional pure-go SQLite driver for better compatibility +- ✅ Enhanced logging configuration with syslog media support +- ✅ Configurable usage metrics export (api.server.disable_usage_metrics_export) +- ✅ Fixed LAPI metrics cardinality issues with Prometheus +- ✅ Data race prevention in Docker acquisition +- ✅ Database query optimization for decision streams + +## Package Contents +- **Makefile**: OpenWrt package definition for CrowdSec v1.7.4 +- **files/**: Configuration and init scripts + - `crowdsec.initd`: Init script for service management + - `crowdsec.config`: UCI configuration + - `crowdsec.defaults`: Default configuration (uci-defaults) +- **patches/**: Patches for OpenWrt compatibility + - `001-fix_config_data_dir.patch`: Fix data directory path for OpenWrt + +## Installation +```bash +# From SecuBox build environment +cd /home/reepost/CyberMindStudio/_files/secubox-openwrt +make package/secubox/secubox-app-crowdsec/compile V=s + +# Install on router +opkg install crowdsec_1.7.4-1_*.ipk +``` + +## Configuration +CrowdSec configuration files are located at: +- Main config: `/etc/crowdsec/config.yaml` +- Acquisition: `/etc/crowdsec/acquis.yaml` +- Profiles: `/etc/crowdsec/profiles.yaml` +- Local API: `/etc/crowdsec/local_api_credentials.yaml` + +Data directory: `/srv/crowdsec/data/` + +## Service Management +```bash +# Start CrowdSec +/etc/init.d/crowdsec start + +# Stop CrowdSec +/etc/init.d/crowdsec stop + +# Restart CrowdSec +/etc/init.d/crowdsec restart + +# Check status +/etc/init.d/crowdsec status +``` + +## CLI Usage +CrowdSec CLI is available via `cscli`: +```bash +# Check version +cscli version + +# List decisions +cscli decisions list + +# View alerts +cscli alerts list + +# Manage collections +cscli collections list +cscli collections install crowdsecurity/nginx + +# Manage bouncers +cscli bouncers list +cscli bouncers add firewall-bouncer +``` + +## Integration with SecuBox +This package integrates with: +- **luci-app-crowdsec-dashboard** v0.5.0+ +- **SecuBox Theme System** +- **SecuBox Logging** (`secubox-log`) + +## Dependencies +- Go compiler (build-time) +- SQLite3 +- OpenWrt base system + +## References +- Upstream: https://github.com/crowdsecurity/crowdsec +- Documentation: https://docs.crowdsec.net/ +- Hub: https://hub.crowdsec.net/ +- SecuBox Project: https://cybermind.fr + +## Changelog + +### v1.7.4-1 (2024-12-30) +- Updated from v1.6.2 to v1.7.4 +- Added WAF/AppSec support +- Improved syslog acquisition +- Enhanced metrics export configuration +- Fixed Prometheus cardinality issues + +### v1.6.2-1 (Previous) +- Initial SecuBox integration +- Basic OpenWrt compatibility patches + +## License +MIT License + +## Maintainer +CyberMind.fr - Gandalf diff --git a/package/secubox/secubox-app-crowdsec/files/crowdsec.config b/package/secubox/secubox-app-crowdsec/files/crowdsec.config new file mode 100644 index 00000000..2cfe5757 --- /dev/null +++ b/package/secubox/secubox-app-crowdsec/files/crowdsec.config @@ -0,0 +1,4 @@ +config crowdsec 'crowdsec' + option data_dir '/srv/crowdsec/data' + option db_path '/srv/crowdsec/data/crowdsec.db' + diff --git a/package/secubox/secubox-app-crowdsec/files/crowdsec.defaults b/package/secubox/secubox-app-crowdsec/files/crowdsec.defaults new file mode 100644 index 00000000..23506167 --- /dev/null +++ b/package/secubox/secubox-app-crowdsec/files/crowdsec.defaults @@ -0,0 +1,26 @@ +#!/bin/sh + +CONFIG=/etc/crowdsec/config.yaml +data_dir=`uci get "crowdsec.crowdsec.data_dir"` +sed -i "s,^\(\s*data_dir\s*:\s*\).*\$,\1$data_dir," $CONFIG +db_path=`uci get "crowdsec.crowdsec.db_path"` +sed -i "s,^\(\s*db_path\s*:\s*\).*\$,\1$db_path," $CONFIG + +# Create data dir & permissions if needed +if [ ! -d "${data_dir}" ]; then + mkdir -m 0755 -p "${data_dir}" +fi; + +if grep -q "login:" /etc/crowdsec/local_api_credentials.yaml; then + echo local API already registered... +else + cscli -c /etc/crowdsec/config.yaml machines add -a -f /etc/crowdsec/local_api_credentials.yaml +fi +if [ -s /etc/crowdsec/online_api_credentials.yaml ]; then + echo online API already registered... +else + cscli -c /etc/crowdsec/config.yaml capi register -f /etc/crowdsec/online_api_credentials.yaml +fi +cscli hub update && cscli collections install crowdsecurity/linux && cscli parsers install crowdsecurity/whitelists && cscli hub upgrade + +exit 0 diff --git a/package/secubox/secubox-app-crowdsec/files/crowdsec.initd b/package/secubox/secubox-app-crowdsec/files/crowdsec.initd new file mode 100755 index 00000000..98962758 --- /dev/null +++ b/package/secubox/secubox-app-crowdsec/files/crowdsec.initd @@ -0,0 +1,44 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2021-2022 Gerald Kerma + +START=99 +USE_PROCD=1 +NAME=crowdsec +PROG=/usr/bin/crowdsec +CONFIG=/etc/crowdsec/config.yaml +RUNCONFDIR=/srv/crowdsec/data +VARCONFIGDIR=/var/etc/crowdsec +VARCONFIG=/var/etc/crowdsec/config.yaml + +service_triggers() { + procd_add_reload_trigger crowdsec +} + +init_config() { + config_load crowdsec + config_get data_dir crowdsec data_dir "${RUNCONFDIR}" + config_get db_path crowdsec db_path "${RUNCONFDIR}/crowdsec.db" + + # Create tmp dir & permissions if needed + if [ ! -d "${VARCONFIGDIR}" ]; then + mkdir -m 0755 -p "${VARCONFIGDIR}" + fi; + + cp $CONFIG $VARCONFIG + + sed -i "s,^\(\s*data_dir\s*:\s*\).*\$,\1$data_dir," $VARCONFIG + sed -i "s,^\(\s*db_path\s*:\s*\).*\$,\1$db_path," $VARCONFIG + + # Create data dir & permissions if needed + if [ ! -d "${RUNCONFDIR}" ]; then + mkdir -m 0755 -p "${RUNCONFDIR}" + fi; +} + +start_service() { + init_config + + procd_open_instance + procd_set_param command "$PROG" -c "$VARCONFIG" + procd_close_instance +} diff --git a/package/secubox/secubox-app-crowdsec/patches/001-fix_config_data_dir.patch b/package/secubox/secubox-app-crowdsec/patches/001-fix_config_data_dir.patch new file mode 100644 index 00000000..4b1118dc --- /dev/null +++ b/package/secubox/secubox-app-crowdsec/patches/001-fix_config_data_dir.patch @@ -0,0 +1,20 @@ +--- a/config/config.yaml ++++ b/config/config.yaml +@@ -8,7 +8,7 @@ common: + log_max_files: 10 + config_paths: + config_dir: /etc/crowdsec/ +- data_dir: /var/lib/crowdsec/data/ ++ data_dir: /srv/crowdsec/data/ + simulation_path: /etc/crowdsec/simulation.yaml + hub_dir: /etc/crowdsec/hub/ + index_path: /etc/crowdsec/hub/.index.json +@@ -25,7 +25,7 @@ cscli: + db_config: + log_level: info + type: sqlite +- db_path: /var/lib/crowdsec/data/crowdsec.db ++ db_path: /srv/crowdsec/data/crowdsec.db + #max_open_conns: 100 + #user: + #password: diff --git a/secubox-app-crowdsec b/secubox-app-crowdsec new file mode 120000 index 00000000..bba66a0e --- /dev/null +++ b/secubox-app-crowdsec @@ -0,0 +1 @@ +package/secubox/secubox-app-crowdsec \ No newline at end of file