From: Thibault "bui" Koechlin <thibault@crowdsec.net>
Date: Fri, 12 Mar 2021 15:01:53 +0000 (+0100)
Subject: [PATCH] remove broken scenario `ban-report-ssh_bf_report` (#181)
X-Git-Tag: archive/raspbian/1.0.9-2+rpi1~2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=7f352c28d7c2a8f223712956d43b3338d4d97b74;p=crowdsec.git

[PATCH] remove broken scenario `ban-report-ssh_bf_report` (#181)

* remove broken scenario

* Update index

Co-authored-by: GitHub Action <action@github.com>

Gbp-Pq: Name 0008-hub-disable-broken-scenario.patch
---

diff --git a/hub1/.index.json b/hub1/.index.json
index 785da1f..b78978c 100644
--- a/hub1/.index.json
+++ b/hub1/.index.json
@@ -732,27 +732,6 @@
     "remediation": "true"
    }
   },
-  "crowdsecurity/ban-report-ssh_bf_report": {
-   "path": "scenarios/crowdsecurity/ban-report-ssh_bf_report.yaml",
-   "version": "0.2",
-   "versions": {
-    "0.1": {
-     "digest": "0a7bc501a12b4a8aff250d95d3a08dd0f53ad9eb874ac523ba9c628302749c4d",
-     "deprecated": false
-    },
-    "0.2": {
-     "digest": "34d80ea3e271c1c1735e55076610063b137a2311a11d51fecff93715b9a4ac39",
-     "deprecated": false
-    }
-   },
-   "long_description": "Q291bnQgdGhlIG51bWJlciBvZiB1bmlxdWUgaXBzIHRoYXQgcGVyZm9ybWVkIHNzaF9icnV0ZWZvcmNlcywgcmVwb3J0IGV2ZXJ5IDEwIG1pbnV0ZXMuCg==",
-   "content": "dHlwZTogY291bnRlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2Jhbi1yZXBvcnRzLXNzaF9iZl9yZXBvcnQKZGVzY3JpcHRpb246ICJDb3VudCB1bmlxdWUgaXBzIHBlcmZvcm1pbmcgc3NoIGJydXRlZm9yY2UiCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuT3ZlcmZsb3cuQWxlcnQuU2NlbmFyaW8gPT0gJ3NzaF9icnV0ZWZvcmNlJyIKZGlzdGluY3Q6ICJldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLklQIgpjYXBhY2l0eTogLTEKZHVyYXRpb246IDEwbQpsYWJlbHM6CiAgc2VydmljZTogc3NoCg==",
-   "description": "Count unique ips performing ssh bruteforce",
-   "author": "crowdsecurity",
-   "labels": {
-    "service": "ssh"
-   }
-  },
   "crowdsecurity/dovecot-spam": {
    "path": "scenarios/crowdsecurity/dovecot-spam.yaml",
    "version": "0.1",
diff --git a/hub1/scenarios/crowdsecurity/ban-report-ssh_bf_report.md b/hub1/scenarios/crowdsecurity/ban-report-ssh_bf_report.md
deleted file mode 100644
index a8dfb90..0000000
--- a/hub1/scenarios/crowdsecurity/ban-report-ssh_bf_report.md
+++ /dev/null
@@ -1 +0,0 @@
-Count the number of unique ips that performed ssh_bruteforces, report every 10 minutes.
diff --git a/hub1/scenarios/crowdsecurity/ban-report-ssh_bf_report.yaml b/hub1/scenarios/crowdsecurity/ban-report-ssh_bf_report.yaml
deleted file mode 100644
index 3f26040..0000000
--- a/hub1/scenarios/crowdsecurity/ban-report-ssh_bf_report.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-type: counter
-name: crowdsecurity/ban-reports-ssh_bf_report
-description: "Count unique ips performing ssh bruteforce"
-#debug: true
-filter: "evt.Overflow.Alert.Scenario == 'ssh_bruteforce'"
-distinct: "evt.Overflow.Alert.Source.IP"
-capacity: -1
-duration: 10m
-labels:
-  service: ssh