Tainted collections. How to reinstall?

dimmthewitted · January 26, 2022, 5:08am

I tried manually parsing logs and I think I now have a problem with my collection.

NAME STATUS VERSION LOCAL PATH

crowdsecurity/sshd enabled 0.2 /etc/crowdsec/collections/sshd.yaml
crowdsecurity/apache2 enabled,tainted ? /etc/crowdsec/collections/apache2.yaml
crowdsecurity/linux enabled 0.2 /etc/crowdsec/collections/linux.yaml
crowdsecurity/base-http-scenarios enabled,tainted ? /etc/crowdsec/collections/base-http-scenarios.yaml
crowdsecurity/modsecurity enabled,tainted ? /etc/crowdsec/collections/modsecurity.yaml

I tried removing the tainted collection but get an error when I try to remove.

crowdsec collection remove modsecurity
time=“25-01-2022 20:52:17” level=fatal msg=“listen tcp 127.0.0.1:8080: bind: address already in use”

I stop crowdsec:
service crowdsec stop

and then the removal:
crowdsec collection remove modsecurity
but it freezes and never finishes requiring break.

yum remove crowdsec
yum install crowdsec

Collections still show tainted.
The metabase dashboard container still shows the same info.

How can I blow up my crowdsec install and start fresh?
I would prefer not to restage the box.

klausagnoletti · January 26, 2022, 2:13pm

I don’t know if it’s a typo or an error but you use ‘crowdsec’ to remove collections. You need to use cscli.

Does this change anything?

dimmthewitted · January 26, 2022, 4:35pm

Apologies, yes I was using the cscli previously, but my syntax wasn’t correct. When corrected I was prompted to use the force argument because the collection is tainted.

cscli collections remove crowdsecurity/modsecurity --force
cscli collections remove crowdsecurity/apache2 --force
cscli collections remove crowdsecurity/base-http-scenarios --force
systemctl reload crowdsec

cscli collections install crowdsecurity/modsecurity
cscli collections install crowdsecurity/apache2
cscli collections install crowdsecurity/base-http-scenarios
systemctl reload crowdsec

COLLECTIONS

NAME STATUS VERSION LOCAL PATH

crowdsecurity/sshd enabled 0.2 /etc/crowdsec/collections/sshd.yaml
crowdsecurity/base-http-scenarios enabled 0.5 /etc/crowdsec/collections/base-http-scenarios.yaml
crowdsecurity/linux enabled 0.2 /etc/crowdsec/collections/linux.yaml
crowdsecurity/modsecurity enabled 0.1 /etc/crowdsec/collections/modsecurity.yaml
crowdsecurity/apache2 enabled 0.1 /etc/crowdsec/collections/apache2.yaml

All good now!

klausagnoletti · January 26, 2022, 4:37pm

Great to hear that - if you run into more problems feel free to post here or on Discord

Topic		Replies	Views
Scenario broken, missing, tainted	1	999	April 21, 2022
Whitelist enabled,tainted crowdsec	2	1525	December 21, 2023
Tainted collection-scenario for custom setting crowdsec	3	1316	September 7, 2022
Unable to install proftpd collection crowdsec	4	725	November 15, 2022
Unable to set Crowdsec back up after removing and reinstalling crowdsec	5	1024	May 12, 2022

Tainted collections. How to reinstall?

NAME STATUS VERSION LOCAL PATH

COLLECTIONS

NAME STATUS VERSION LOCAL PATH

Related topics