gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4325197e35
secubox-openwrt/package/secubox/secubox-app-crowdsec/README.md

121 lines
3.1 KiB
Markdown
Raw Blame History

# SecuBox App - CrowdSec
## Version
- **Package**: secubox-app-crowdsec
- **CrowdSec Core**: v1.7.4
- **Release**: 1
- **Last Updated**: December 30, 2024
## Description
CrowdSec is an open-source, lightweight security engine that detects and responds to malicious behaviors. This SecuBox package provides CrowdSec for OpenWrt routers.
## Key Features (v1.7.4)
- ✅ WAF capability with DropRequest helper for request blocking
- ✅ Refactored syslog acquisition using RestartableStreamer
- ✅ Optional pure-go SQLite driver for better compatibility
- ✅ Enhanced logging configuration with syslog media support
- ✅ Configurable usage metrics export (api.server.disable_usage_metrics_export)
- ✅ Fixed LAPI metrics cardinality issues with Prometheus
- ✅ Data race prevention in Docker acquisition
- ✅ Database query optimization for decision streams
## Package Contents
- **Makefile**: OpenWrt package definition for CrowdSec v1.7.4
- **files/**: Configuration and init scripts
- `crowdsec.initd`: Init script for service management
- `crowdsec.config`: UCI configuration
- `crowdsec.defaults`: Default configuration (uci-defaults)
- **patches/**: Patches for OpenWrt compatibility
- `001-fix_config_data_dir.patch`: Fix data directory path for OpenWrt
## Installation
```bash
# From SecuBox build environment
cd /home/reepost/CyberMindStudio/_files/secubox-openwrt
make package/secubox/secubox-app-crowdsec/compile V=s
# Install on router
opkg install crowdsec_1.7.4-1_*.ipk
```
## Configuration
CrowdSec configuration files are located at:
- Main config: `/etc/crowdsec/config.yaml`
- Acquisition: `/etc/crowdsec/acquis.yaml`
- Profiles: `/etc/crowdsec/profiles.yaml`
- Local API: `/etc/crowdsec/local_api_credentials.yaml`
Data directory: `/srv/crowdsec/data/`
## Service Management
```bash
# Start CrowdSec
/etc/init.d/crowdsec start
# Stop CrowdSec
/etc/init.d/crowdsec stop
# Restart CrowdSec
/etc/init.d/crowdsec restart
# Check status
/etc/init.d/crowdsec status
```
## CLI Usage
CrowdSec CLI is available via `cscli`:
```bash
# Check version
cscli version
# List decisions
cscli decisions list
# View alerts
cscli alerts list
# Manage collections
cscli collections list
cscli collections install crowdsecurity/nginx
# Manage bouncers
cscli bouncers list
cscli bouncers add firewall-bouncer
```
## Integration with SecuBox
This package integrates with:
- **luci-app-crowdsec-dashboard** v0.5.0+
- **SecuBox Theme System**
- **SecuBox Logging** (`secubox-log`)
## Dependencies
- Go compiler (build-time)
- SQLite3
- OpenWrt base system
## References
- Upstream: https://github.com/crowdsecurity/crowdsec
- Documentation: https://docs.crowdsec.net/
- Hub: https://hub.crowdsec.net/
- SecuBox Project: https://cybermind.fr
## Changelog
### v1.7.4-1 (2024-12-30)
- Updated from v1.6.2 to v1.7.4
- Added WAF/AppSec support
- Improved syslog acquisition
- Enhanced metrics export configuration
- Fixed Prometheus cardinality issues
### v1.6.2-1 (Previous)
- Initial SecuBox integration
- Basic OpenWrt compatibility patches
## License
MIT License
## Maintainer
CyberMind.fr - Gandalf <gandalf@gk2.net>
Reference in New Issue View Git Blame Copy Permalink