summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Manuel Sabban [Thu, 19 Aug 2021 07:08:20 +0000 (09:08 +0200)]
[PATCH] Download datafile (#895)
* add the ability to download datafile on cscli hub upgrade on files are missing
* fix stuff + lint
* fix error management
Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
Gbp-Pq: Name 0011-
4dbbd4b3c4-automatically-download-files-when-needed.patch
AlteredCoder [Thu, 9 Sep 2021 14:27:30 +0000 (16:27 +0200)]
[PATCH] fix stacktrace when mmdb file are not present (#935)
* fix stacktrace when mmdb file are not present
Gbp-Pq: Name 0010-
5ae69aa293-fix-stacktrace-when-mmdb-files-are-not-present.patch
Thibault "bui" Koechlin [Thu, 22 Apr 2021 09:08:16 +0000 (11:08 +0200)]
[PATCH] Improve http bad user agent : use regexp (#197)
* switch to regexp with word boundaries to avoid false positives when a legit user agent contains a bad one
Co-authored-by: GitHub Action <action@github.com>
Gbp-Pq: Name 0009-Improve-http-bad-user-agent-use-regexp-197.patch
Thibault "bui" Koechlin [Fri, 12 Mar 2021 15:01:53 +0000 (16:01 +0100)]
[PATCH] remove broken scenario `ban-report-ssh_bf_report` (#181)
* remove broken scenario
* Update index
Co-authored-by: GitHub Action <action@github.com>
Gbp-Pq: Name 0008-hub-disable-broken-scenario.patch
Cyril Brulebois [Mon, 1 Mar 2021 20:40:04 +0000 (20:40 +0000)]
Automatically enable the online hub
By default, crowdsec comes with an offline copy of the hub (see
README.Debian). When running `cscli hub update`, ensure switching from
this offline copy to the online hub.
To ensure cscli doesn't disable anything that was configured (due to
symlinks from /etc/crowdsec becoming dangling all of a sudden), copy the
offline hub in the live directory (/var/lib/crowdsec/hub), and let
further operations (`cscli hub upgrade`, or `cscli <type> install`)
update the live directory as required.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0007-automatically-enable-online-hub.patch
Cyril Brulebois [Mon, 1 Mar 2021 20:40:04 +0000 (20:40 +0000)]
Prefer `systemctl restart crowdsec` to `systemctl reload crowdsec`
As of version 1.0.8, reloading doesn't work due to failures to reopen
the database:
https://github.com/crowdsecurity/crowdsec/issues/656
Until this is fixed, advertise `systemctl restart crowdsec` instead.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0006-prefer-systemctl-restart.patch
Cyril Brulebois [Mon, 1 Mar 2021 14:11:36 +0000 (14:11 +0000)]
Adjust default config
Let's have all hub-related data under /var/lib/crowdsec/hub instead of
the default /etc/crowdsec/hub directory.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0005-adjust-config.patch
Cyril Brulebois [Fri, 22 Jan 2021 14:35:42 +0000 (14:35 +0000)]
Disable geoip-enrich in the hub files
It would download GeoLite2*.mmdb files from the network. Let users
enable the hub by themselves if they want to use it.
Gbp-Pq: Name 0004-disable-geoip-enrich.patch
Cyril Brulebois [Fri, 22 Jan 2021 13:25:54 +0000 (13:25 +0000)]
Adjust systemd unit
- Drop PIDFile (that uses an obsolete path, and doesn't seem to be
used at all).
- Adjust paths for the packaged crowdsec binary (/usr/bin).
- Drop commented out ExecStartPost entirely.
- Drop syslog.target dependency, it's socket-activated (thanks to the
systemd-service-file-refers-to-obsolete-target lintian tag).
- Ensure both local and online API credentials have been defined.
Gbp-Pq: Name 0003-adjust-systemd-unit.patch
Cyril Brulebois [Fri, 8 Jan 2021 17:27:15 +0000 (17:27 +0000)]
Use _foreign_keys=1 instead of _fk=1
The _foreign_keys=1 syntax is widely supported but the _fk=1 alias for
it was only added in version 1.8.0 of the sqlite3 driver. Avoid using
the alias for the time being (the freeze is near).
Gbp-Pq: Name 0002-add-compatibility-for-older-sqlite-driver.patch
Cyril Brulebois [Thu, 7 Jan 2021 17:07:12 +0000 (17:07 +0000)]
Use local machineid implementation
Let's avoid a dependency on an extra package (denisbrodbeck/machineid),
since its ID() function is mostly about trying to read from two files.
Signed-off-by: Manuel Sabban <manuel@crowdsec.net>
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
Gbp-Pq: Name 0001-use-a-local-machineid-implementation.patch
Cyril Brulebois [Sat, 4 Dec 2021 04:03:33 +0000 (04:03 +0000)]
crowdsec (1.0.9-3) unstable; urgency=medium
* Backport upstream patches to deal with missing MMDB files gracefully
(geolocation files aren't shipped by default):
-
5ae69aa293: fix stacktrace when mmdb files are not present (#935)
-
4dbbd4b3c4: automatically download files when needed (#895), so
that switching to the online hub doesn't require extra steps to
fetch files.
[dgit import unpatched crowdsec 1.0.9-3]
Cyril Brulebois [Sat, 4 Dec 2021 04:03:33 +0000 (04:03 +0000)]
Import crowdsec_1.0.9-3.debian.tar.xz
[dgit import tarball crowdsec 1.0.9-3 crowdsec_1.0.9-3.debian.tar.xz]
Cyril Brulebois [Mon, 15 Mar 2021 00:19:43 +0000 (00:19 +0000)]
Import crowdsec_1.0.9.orig.tar.gz
[dgit import orig crowdsec_1.0.9.orig.tar.gz]
Cyril Brulebois [Mon, 15 Mar 2021 00:19:43 +0000 (00:19 +0000)]
Import crowdsec_1.0.9.orig-data1.tar.gz
[dgit import orig crowdsec_1.0.9.orig-data1.tar.gz]
Cyril Brulebois [Mon, 15 Mar 2021 00:19:43 +0000 (00:19 +0000)]
Import crowdsec_1.0.9.orig-hub1.tar.gz
[dgit import orig crowdsec_1.0.9.orig-hub1.tar.gz]
projects / crowdsec.git / log