Merge pull request #23 from openappsec/crowdsec

Crowdsec
2025-06-28 16:41:02 +03:00 · 2023-05-14 21:46:58 +03:00 · 2023-05-14 21:46:58 +03:00 · 3b49cfec54
commit 3b49cfec54
parent 240f58217a d7494b1bbc
9 changed files with 79102 additions and 2 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,2 @@
+build_system/docker/install-cp-agent-intelligence-service.sh binary
+build_system/docker/install-cp-crowdsec-aux.sh binary
--- a/build_system/docker/CMakeLists.txt
+++ b/build_system/docker/CMakeLists.txt
@ -1,4 +1,4 @@
-install(FILES Dockerfile entry.sh DESTINATION .)
+install(FILES Dockerfile entry.sh install-cp-agent-intelligence-service.sh install-cp-crowdsec-aux.sh DESTINATION .)

 add_custom_command(
    OUTPUT ${CMAKE_INSTALL_PREFIX}/agent-docker.img
--- a/build_system/docker/entry.sh
+++ b/build_system/docker/entry.sh
@ -1,5 +1,7 @@
 #!/bin/bash

+INTELLIGENCE_INSTALLATION_SCRIPT="install-cp-agent-intelligence-service.sh"
+CROWDSEC_INSTALLATION_SCRIPT="install-cp-crowdsec-aux.sh"
 HTTP_TRANSACTION_HANDLER_SERVICE="install-cp-nano-service-http-transaction-handler.sh"
 ATTACHMENT_REGISTRATION_SERVICE="install-cp-nano-attachment-registration-manager.sh"
 ORCHESTRATION_INSTALLATION_SCRIPT="install-cp-nano-agent.sh"
@ -29,6 +31,9 @@ while true; do
    elif [ "$1" == "--token" ]; then
        shift
        var_token="$1"
+    elif [ "$1" == "--standalone" ]; then
+        var_mode="--hybrid_mode"
+        var_token="cp-3fb5c718-5e39-47e6-8d5e-99b4bc5660b74b4b7fc8-5312-451d-a763-aaf7872703c0"
    fi
    shift
 done
@ -56,6 +61,11 @@ fi
 /nano-service-installers/$ATTACHMENT_REGISTRATION_SERVICE --install
 /nano-service-installers/$HTTP_TRANSACTION_HANDLER_SERVICE --install

+if [ ! -z $CROWDSEC_ENABLED ]; then
+    /nano-service-installers/$INTELLIGENCE_INSTALLATION_SCRIPT --install
+    /nano-service-installers/$CROWDSEC_INSTALLATION_SCRIPT --install
+fi
+
 # use advanced model if exist as data for agent
 FILE=/advanced-model/open-appsec-advanced-model.tgz
 if [ -f "$FILE" ]; then
--- a/build_system/docker/install-cp-agent-intelligence-service.sh
+++ b/build_system/docker/install-cp-agent-intelligence-service.sh
--- a/build_system/docker/install-cp-crowdsec-aux.sh
+++ b/build_system/docker/install-cp-crowdsec-aux.sh
--- a/nodes/http_transaction_handler/CMakeLists.txt
+++ b/nodes/http_transaction_handler/CMakeLists.txt
@ -32,6 +32,7 @@ target_link_libraries(cp-nano-http-transaction-handler
 	waap
 	waap_clib
 	reputation
+	l7_access_control
 	-Wl,--end-group
 )

--- a/nodes/http_transaction_handler/main.cc
+++ b/nodes/http_transaction_handler/main.cc
@ -16,6 +16,7 @@
 #include "nginx_attachment.h"
 #include "gradual_deployment.h"
 #include "http_manager.h"
+#include "layer_7_access_control.h"
 #include "waap.h"

 int
@ -26,6 +27,7 @@ main(int argc, char **argv)
        NginxAttachment,
        GradualDeployment,
        HttpManager,
+        Layer7AccessControl,
 	WaapComponent
    > comps;

--- a/nodes/orchestration/package/cp-nano-package-list
+++ b/nodes/orchestration/package/cp-nano-package-list
@ -27,4 +27,5 @@ sdwan="sdwan 1204 SD-WAN"
 sdwan_logger="sdwanLogger 2204 SD-WAN_Logger"
 cpview_metric_provider="cpviewMetricProvider 8282"
 hello_world="hello_world"
+crowdsec_aux="crowdsecAux 8081"
 # ** Please do not remove this comment - newline at end of file required.
--- a/nodes/orchestration/package/watchdog/watchdog
+++ b/nodes/orchestration/package/watchdog/watchdog
@ -667,7 +667,7 @@ load_services()
            fi

            log "load_services" "Respawn ${service}"
-            if [ "${service}" == "/etc/cp/agentIntelligence/redis/redis-server" ]; then
+            if [ "${service}" == "/etc/cp/agentIntelligence/redis/redis-server" ] || [ "${service}" = "/etc/cp/crowdsecAux/cp-nano-crowdsec-aux" ]; then
                eval "LD_LIBRARY_PATH=${NGEN_LIB_PATH} ${service} ${execution_flags} &"
            else
                eval "LD_LIBRARY_PATH=${NGEN_LIB_PATH} ${service} ${execution_flags} --filesystem_path=${FILESYSTEM_PATH} --log_files_path=${LOG_FILE_PATH} &"