smu44
October 22, 2023, 6:47am
1
Hi there!
Some weeks ago, I successfully installed Crowdsec on a RPI Zero 2 W using this tutorial: https://www.crowdsec.net/blog/how-to-secure-your-raspberry-pi-with-crowdsec .
Itโs running fine
Many thanks for that, CrowdSec is awesome and you guys rocks!
But today, running a cscli hup update
, I got this:
WARN[22-10-2023 06:40:35] Crowdsec is not the latest version. Current version is โv1.5.2โ and the latest stable version is โv1.5.4โ. Please update it!
WARN[22-10-2023 06:40:35] As a result, you will not be able to use parsers/scenarios/collections added to Crowdsec Hub after CrowdSec v1.5.4
Okay, classic stuff. Ran apt update
, CrowdSec repo is configured OK:
Hit:5 https://packagecloud.io/crowdsec/crowdsec/raspbian bullseye InRelease
But then, no new CrowdSec package is listed with apt list --upgradable
So, the package has probably not been updated (or not available anymore) on the repository.
Will arm Raspbian builds get maintained, updated for bullseye?
Should I switch to bookworm, althrough it is not listed here: packagecloud Documentation - Documentation for the Command-Line Interface (CLI) and automation tools , forget about pre-built CrowdSec Raspbian packages,โฆ?
I can see that debian builds for bullseye are getting updated: debian/bullseye/crowdsec_1.5.4_arm64.deb - crowdsec/crowdsec ยท packagecloud .
Thanks in advance for any clue
sabban
October 23, 2023, 11:23am
2
Hi,
We just had an issue when we released 1.5.4 with armhf builds, so to not delay the release we decided to ship it without armhf packages (raspberry builds). We are about to ship 1.5.5 in a short time, and this one will be shipped without armhf packages as well, but I intend to fix it in the forthcoming weeks. As soon as the build issue is fixed, armhf packages will be released as well.
So tl,dr, armhf build will be there, but you have to be a bit more patient
Sorry and thanks for using CrowdSec,
1 Like
smu44
October 23, 2023, 3:35pm
3
Thanks @sabban for your comprehensive reply!
Knowing that this format is not discontinued Iโll wait patiently, no problem.
I wish you luck and success with the builds!
Meanwhile, Raspberry OS bullseye has been overtaken by bookworm (Operating system images โ Raspberry Pi ). Will you publish for bookworm as well?
iiAmLoz
October 24, 2023, 10:38am
4
Yes, we already publish for bookworm, so most likely we will support this also.
smu44
October 24, 2023, 4:06pm
5
Thatโs very good news, thanks!
sabban
November 21, 2023, 10:30am
6
I just uploaded a version for armhf in the crowdsec-testing repository: crowdsec/crowdsec-testing - Packages ยท packagecloud
Sorry for the delay, it was a bit tricky to achieve. And, I want it to be a bit tested before pushing it to the stable repository.
Thank you for patience !
smu44
November 21, 2023, 11:49am
7
Hi @sabban , and thanks for the follow-up!
Do you want me to help with testing? Only HTTP Nginx is exposed on this deviceโฆ
sabban
November 21, 2023, 12:14pm
8
Hi,
We usually use this https://github.com/crowdsecurity/crowdsec/tree/master/test to internally test crowdsec releases, but Iโve not any full armhf devices to test the release on. OTOH Iโll gladly have a look into any issues that would be reported on this
smu44
November 22, 2023, 5:33am
9
Hi,
Upgraded successfully by adding โcrowdsec-testingโ repo.
Firewall bouncer came with a new configuration file, no big deal. I just had to delete previous bouncer.
No issue to report, I could run every command (except โsimulationโ) and update everything, without error.
I could add some scenarios I previously deleted (VCSA, Fortinet), install/remove a collection, etc.
Version and metrics so far:
root@pi:~# cscli version
2023/11/22 06:02:25 version: v1.5.5-debian-pragmatic-arm-d2d788c5dc0a9e387635276623c6781774a9dfd4
2023/11/22 06:02:25 Codename: alphaga
2023/11/22 06:02:25 BuildDate: 2023-11-21_09:48:21
2023/11/22 06:02:25 GoVersion: 1.21.3
2023/11/22 06:02:25 Platform: linux
2023/11/22 06:02:25 libre2: C++
2023/11/22 06:02:25 Constraint_parser: >= 1.0, <= 2.0
2023/11/22 06:02:25 Constraint_scenario: >= 1.0, < 3.0
2023/11/22 06:02:25 Constraint_api: v1
2023/11/22 06:02:25 Constraint_acquis: >= 1.0, < 2.0
root@pi:~# crowdsec-firewall-bouncer -V
version: v0.0.28~rc1-debian-pragmatic-c8322311d6486a54ff8791930d9735f8700bd296
BuildDate: 2023-06-19_09:23:47
GoVersion: 1.20.1
root@pi:~# cscli metrics
Acquisition Metrics:
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Source โ Lines read โ Lines parsed โ Lines unparsed โ Lines poured to bucket โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโผโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโค
โ file:/var/log/nginx/access.log โ 4 โ 3 โ 1 โ 1 โ
โ file:/var/log/syslog โ 4 โ - โ 4 โ - โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโฏ
Bucket Metrics:
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโฌโโโโโโโโโโโโโโโฌโโโโโโโโโฌโโโโโโโโโโฎ
โ Bucket โ Current Count โ Overflows โ Instantiated โ Poured โ Expired โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโผโโโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโโโโค
โ crowdsecurity/http-crawl-non_statics โ - โ - โ 1 โ 1 โ 1 โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโดโโโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโดโโโโโโโโโโฏ
Parser Metrics:
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโฌโโโโโโโโโฌโโโโโโโโโโโฎ
โ Parsers โ Hits โ Parsed โ Unparsed โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโผโโโโโโโโโผโโโโโโโโโโโค
โ child-crowdsecurity/http-logs โ 9 โ 6 โ 3 โ
โ child-crowdsecurity/nginx-logs โ 5 โ 3 โ 2 โ
โ child-crowdsecurity/syslog-logs โ 4 โ 4 โ - โ
โ crowdsecurity/dateparse-enrich โ 3 โ 3 โ - โ
โ crowdsecurity/geoip-enrich โ 3 โ 3 โ - โ
โ crowdsecurity/http-logs โ 3 โ 3 โ - โ
โ crowdsecurity/nginx-logs โ 4 โ 3 โ 1 โ
โ crowdsecurity/non-syslog โ 4 โ 4 โ - โ
โ crowdsecurity/syslog-logs โ 4 โ 4 โ - โ
โ crowdsecurity/whitelists โ 3 โ 3 โ - โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโดโโโโโโโโโดโโโโโโโโโโโฏ
Local API Metrics:
โญโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโฌโโโโโโโฎ
โ Route โ Method โ Hits โ
โโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโค
โ /v1/alerts โ GET โ 2 โ
โ /v1/decisions/stream โ GET โ 25 โ
โ /v1/heartbeat โ GET โ 7 โ
โ /v1/watchers/login โ POST โ 4 โ
โฐโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโดโโโโโโโฏ
Local API Machines Metrics:
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโฌโโโโโโโโโฌโโโโโโโฎ
โ Machine โ Route โ Method โ Hits โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโค
โ ------------------------------------------------ โ /v1/alerts โ GET โ 2 โ
โ ------------------------------------------------ โ /v1/heartbeat โ GET โ 7 โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโดโโโโโโโโโดโโโโโโโฏ
Local API Bouncers Metrics:
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโฌโโโโโโโฎ
โ Bouncer โ Route โ Method โ Hits โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโค
โ cs-firewall-bouncer-1700627702 โ /v1/decisions/stream โ GET โ 25 โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโดโโโโโโโฏ
Local API Decisions:
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโฌโโโโโโโโโฌโโโโโโโโฎ
โ Reason โ Origin โ Action โ Count โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโผโโโโโโโโโผโโโโโโโโค
โ crowdsecurity/http-backdoors-attempts โ CAPI โ ban โ 866 โ
โ crowdsecurity/http-sensitive-files โ CAPI โ ban โ 19 โ
โ crowdsecurity/ssh-bf โ CAPI โ ban โ 17264 โ
โ crowdsecurity/apache_log4j2_cve-2021-44228 โ CAPI โ ban โ 380 โ
โ crowdsecurity/http-bad-user-agent โ CAPI โ ban โ 6150 โ
โ crowdsecurity/http-bad-user-agent โ crowdsec โ ban โ 11 โ
โ crowdsecurity/ssh-slow-bf โ CAPI โ ban โ 50 โ
โ crowdsecurity/CVE-2022-41082 โ CAPI โ ban โ 1025 โ
โ crowdsecurity/CVE-2023-22515 โ CAPI โ ban โ 5 โ
โ crowdsecurity/http-cve-2021-41773 โ CAPI โ ban โ 42 โ
โ crowdsecurity/http-open-proxy โ CAPI โ ban โ 600 โ
โ crowdsecurity/http-open-proxy โ crowdsec โ ban โ 1 โ
โ crowdsecurity/http-probing โ CAPI โ ban โ 1892 โ
โ crowdsecurity/http-probing โ crowdsec โ ban โ 5 โ
โ crowdsecurity/CVE-2022-26134 โ CAPI โ ban โ 213 โ
โ crowdsecurity/http-crawl-non_statics โ CAPI โ ban โ 432 โ
โ crowdsecurity/http-crawl-non_statics โ crowdsec โ ban โ 2 โ
โ crowdsecurity/thinkphp-cve-2018-20062 โ CAPI โ ban โ 48 โ
โ crowdsecurity/CVE-2022-35914 โ CAPI โ ban โ 55 โ
โ crowdsecurity/http-generic-bf โ CAPI โ ban โ 19 โ
โ firehol_cruzit_web_attacks โ lists โ ban โ 13167 โ
โ firehol_greensnow โ lists โ ban โ 7034 โ
โ crowdsecurity/CVE-2022-37042 โ CAPI โ ban โ 17 โ
โ crowdsecurity/CVE-2022-42889 โ CAPI โ ban โ 13 โ
โ crowdsecurity/grafana-cve-2021-43798 โ CAPI โ ban โ 66 โ
โ crowdsecurity/http-path-traversal-probing โ CAPI โ ban โ 71 โ
โ crowdsecurity/CVE-2019-18935 โ CAPI โ ban โ 65 โ
โ crowdsecurity/CVE-2023-22518 โ CAPI โ ban โ 14 โ
โ crowdsecurity/nginx-req-limit-exceeded โ CAPI โ ban โ 114 โ
โ ltsich/http-w00tw00t โ CAPI โ ban โ 1 โ
โ firehol_botscout_7d โ lists โ ban โ 3025 โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโดโโโโโโโโโดโโโโโโโโฏ
Local API Alerts:
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโฎ
โ Reason โ Count โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโค
โ crowdsecurity/http-probing โ 5 โ
โ crowdsecurity/http-bad-user-agent โ 11 โ
โ crowdsecurity/http-crawl-non_statics โ 2 โ
โ crowdsecurity/http-open-proxy โ 1 โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโฏ
On console everything looks fine:
Thanks for the awesome work!