I’m fairly new to CrowdSec, and have learnt how to create a .yaml whitelist in /etc/crowdsec/s02-enrich. I’ve put a list of IP addresses in the yaml file, and tested that it works with cscli explain. All good.
Now what I’d like to do is maintain a text file on a remote server, say whitelist.txt. This can be accessed from the server with CrowdSec installed using a URL: https://downloads.example.com/whitelist.txt, for example. Then I’d like to reference that URL from within my .yaml file, so that I can make changes to whitelist.txt to add or remove IP addresses.
The use case is remote monitoring services. I subscribe to a service that monitors server and process uptime using a network of about 50 servers around the world. I’d like to be able to whitelist those monitor IPs. By far the easiest way to maintain this is to have a single text file somewhere that I can edit, and any servers with CrowdSec automatically keep whitelisting the correct set of IP addresses. That’s easiest than having to edit a yaml file (with sudo), especially if I have more than one server. It’s also easier than logging into the console and making changes there to a global whitelist.
Is this something that can be done? I’m unclear how to use the data directive in whitelist files, as mentioned at Format | CrowdSec .
Or, if not, is it something curently planned?