Crowdsec v1.1 : new packages, new life

As stated here crowdsec 1.1 is here, fresh outta github.
Most notably, we have switched repositories over to packagecloud.io and added a lot more packages (including bouncers). Users should switch repositories asap : old repositories won’t be updated and hopefully decommissioned within a few weeks !

As usual, drop a rant or a shoutout on gitter if you face any issues !

1 Like

Installed on Red Hat 8. Thanks.

what about this:
WARN[08-07-2021 09:12:51 PM] whitelists.yaml : not downloaded, please install.

Config:

[root@emp87 crowdsec-v1.1.1]# cscli hub list
INFO[08-07-2021 09:17:26 PM] Loaded 20 collecs, 26 parsers, 28 scenarios, 3 post-overflow parsers
INFO[08-07-2021 09:17:26 PM] unmanaged items : 1 local, 0 tainted
INFO[08-07-2021 09:17:26 PM] PARSERS:
--------------------------------------------------------------------------------------------------------------------
 NAME                            📦 STATUS          VERSION  LOCAL PATH
--------------------------------------------------------------------------------------------------------------------
 crowdsecurity/postfix-logs      ✔️  enabled         0.3      /etc/crowdsec/parsers/s01-parse/postfix-logs.yaml
 crowdsecurity/geoip-enrich      ✔️  enabled         0.2      /etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml
 crowdsecurity/iptables-logs     ✔️  enabled         0.2      /etc/crowdsec/parsers/s01-parse/iptables-logs.yaml
 crowdsecurity/sshd-logs         ✔️  enabled         0.6      /etc/crowdsec/parsers/s01-parse/sshd-logs.yaml
 whitelists.yaml                 🏠  enabled,local           /etc/crowdsec/parsers/s02-enrich/whitelists.yaml
 crowdsecurity/postscreen-logs   ✔️  enabled         0.1      /etc/crowdsec/parsers/s01-parse/postscreen-logs.yaml
 crowdsecurity/syslog-logs       ✔️  enabled         0.1      /etc/crowdsec/parsers/s00-raw/syslog-logs.yaml
 crowdsecurity/dateparse-enrich  ✔️  enabled         0.1      /etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml
--------------------------------------------------------------------------------------------------------------------
INFO[08-07-2021 09:17:26 PM] SCENARIOS:
----------------------------------------------------------------------------------------------------------------------
 NAME                                     📦 STATUS   VERSION  LOCAL PATH
----------------------------------------------------------------------------------------------------------------------
 crowdsecurity/iptables-scan-multi_ports  ✔️  enabled  0.1      /etc/crowdsec/scenarios/iptables-scan-multi_ports.yaml
 crowdsecurity/postfix-spam               ✔️  enabled  0.2      /etc/crowdsec/scenarios/postfix-spam.yaml
 crowdsecurity/ssh-bf                     ✔️  enabled  0.1      /etc/crowdsec/scenarios/ssh-bf.yaml
----------------------------------------------------------------------------------------------------------------------
INFO[08-07-2021 09:17:26 PM] COLLECTIONS:
----------------------------------------------------------------------------------------------------------------
 NAME                                 📦 STATUS   VERSION  LOCAL PATH
----------------------------------------------------------------------------------------------------------------
 crowdsecurity/iptables               ✔️  enabled  0.1      /etc/crowdsec/collections/iptables.yaml
 crowdsecurity/linux                  ✔️  enabled  0.2      /etc/crowdsec/collections/linux.yaml
 crowdsecurity/postfix                ✔️  enabled  0.2      /etc/crowdsec/collections/postfix.yaml
 crowdsecurity/sshd                   ✔️  enabled  0.1      /etc/crowdsec/collections/sshd.yaml
 crowdsecurity/whitelist-good-actors  ✔️  enabled  0.1      /etc/crowdsec/collections/whitelist-good-actors.yaml
----------------------------------------------------------------------------------------------------------------
INFO[08-07-2021 09:17:26 PM] POSTOVERFLOWS:
--------------------------------------------------------------------------------------------------------------------------
 NAME                              📦 STATUS   VERSION  LOCAL PATH
--------------------------------------------------------------------------------------------------------------------------
 crowdsecurity/cdn-whitelist       ✔️  enabled  0.3      /etc/crowdsec/postoverflows/s01-whitelist/cdn-whitelist.yaml
 crowdsecurity/rdns                ✔️  enabled  0.2      /etc/crowdsec/postoverflows/s00-enrich/rdns.yaml
 crowdsecurity/seo-bots-whitelist  ✔️  enabled  0.4      /etc/crowdsec/postoverflows/s01-whitelist/seo-bots-whitelist.yaml
--------------------------------------------------------------------------------------------------------------------------

hello @Swallowtail !

I think it’s simply because your whitelists.yaml is “custom” and thus the upgrade didn’t find it on our hub :wink:

will it work on OpenWrt ? :wink:

Since installing crowdsec-bouncer-firewall-iptables from repo:

[root@emp87 ~]# ipset list
Name: crowdsec-blacklists
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536 timeout 300
Size in memory: 664
References: 1
Number of entries: 0
Members:

Name: crowdsec6-blacklists
Type: hash:net
Revision: 6
Header: family inet6 hashsize 1024 maxelem 65536 timeout 300
Size in memory: 1160
References: 1
Number of entries: 0
Members:

Why zero entries?

hello @Swallowtail !

On which environment are you doing this ?
It looks like something went wrong with the install :slight_smile:

It works… thanks !

1 Like

Packaging done…

Soon a PR

1 Like