crowdsec: initial package v1.2.0

/net/crowdsec/

Crowdsec - An open-source, lightweight agent to detect
 and respond to bad behaviours.
 It also automatically benefits from a global community-wide
 IP reputation database.

Signed-off-by: Kerma Gérald <gandalf@gk2.net>
(cherry picked from commit 8903d1b7ca)

net/crowdsec/Makefile

@@ -0,0 +1,153 @@
+# SPDX-License-Identifier: MIT
+#
+# Copyright (C) 2021 Gerald Kerma
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=crowdsec
+PKG_VERSION:=1.2.0
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/crowdsecurity/crowdsec
+PKG_SOURCE_VERSION:=v$(PKG_VERSION)
+PKG_SOURCE_DATE:=20210914
+PKG_MIRROR_HASH:=911af2c49c28596256c31ebb26b48c5ba9e6a0abdd46830e75e2cf4c0eff4256
+
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Gerald Kerma <gandalf@gk2.net>
+
+PKG_BUILD_DEPENDS:=golang/host
+PKG_BUILD_PARALLEL:=1
+PKG_USE_MIPS16:=0
+
+CWD_SYSTEM:=openwrt
+CWD_BUILD_VERSION?=$(PKG_SOURCE_VERSION)
+CWD_BUILD_GOVERSION:=$(shell go version | cut -d " " -f3 | sed -E 's/[go]+//g')
+CWD_BUILD_CODENAME:=alphaga
+CWD_BUILD_TIMESTAMP:=$(SOURCE_DATE_EPOCH)
+CWD_BUILD_TAG:=openwrt
+
+CWD_VERSION_PKG:=github.com/crowdsecurity/crowdsec/pkg/cwversion
+
+GO_PKG:=github.com/crowdsecurity/crowdsec
+
+GO_PKG_LDFLAGS_X:=$(CWD_VERSION_PKG).Version=$(CWD_BUILD_VERSION) \
+	$(CWD_VERSION_PKG).System=$(CWD_SYSTEM) \
+	$(CWD_VERSION_PKG).BuildDate=$(CWD_BUILD_TIMESTAMP) \
+	$(CWD_VERSION_PKG).Codename=$(CWD_BUILD_CODENAME)  \
+	$(CWD_VERSION_PKG).Tag=$(CWD_BUILD_TAG) \
+	$(CWD_VERSION_PKG).GoVersion=$(CWD_BUILD_GOVERSION)
+
+GO_PKG_INSTALL_ALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+include ../../lang/golang/golang-package.mk
+
+define Package/crowdsec/Default
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=Crowdsec detection engine
+  URL:=https://crowdsec.net/
+endef
+
+define Package/crowdsec
+$(call Package/crowdsec/Default)
+  DEPENDS:=$(GO_ARCH_DEPENDS)
+endef
+
+define Package/golang-crowdsec-dev
+$(call Package/crowdsec/Default)
+$(call GoPackage/GoSubMenu)
+  TITLE+= (source files)
+  DEPENDS:=$(GO_ARCH_DEPENDS)
+  PKGARCH:=all
+endef
+
+define Package/crowdsec/Default/description
+  Crowdsec - An open-source, lightweight agent to detect
+  and respond to bad behaviours.
+  It also automatically benefits from a global
+  community-wide IP reputation database.
+endef
+
+define Package/crowdsec/description
+$(call Package/crowdsec/Default/description)
+
+  This package contains the main program.
+endef
+
+define Package/golang-crowdsec-dev/description
+$(call Package/crowdsec/Default/description)
+
+  This package provides the source files for the program.
+endef
+
+define Package/crowdsec/install
+	$(call GoPackage/Package/Install/Bin,$(1))
+
+	$(INSTALL_DIR) $(1)/etc/crowdsec
+	$(INSTALL_DIR) $(1)/etc/crowdsec/scenarios
+	$(INSTALL_DIR) $(1)/etc/crowdsec/postoverflows
+	$(INSTALL_DIR) $(1)/etc/crowdsec/collections
+	$(INSTALL_DIR) $(1)/etc/crowdsec/patterns
+	$(INSTALL_DIR) $(1)/etc/crowdsec/hub
+
+	$(INSTALL_DATA) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/config.yaml \
+		$(1)/etc/crowdsec
+	$(INSTALL_DATA) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/dev.yaml \
+		$(1)/etc/crowdsec
+	$(INSTALL_DATA) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/user.yaml \
+		$(1)/etc/crowdsec
+	$(INSTALL_DATA) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/acquis.yaml \
+		$(1)/etc/crowdsec
+	$(INSTALL_DATA) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/profiles.yaml \
+		$(1)/etc/crowdsec
+	$(INSTALL_DATA) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/simulation.yaml \
+		$(1)/etc/crowdsec
+	$(INSTALL_DATA) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/local_api_credentials.yaml \
+		$(1)/etc/crowdsec
+	$(INSTALL_DATA) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/online_api_credentials.yaml \
+		$(1)/etc/crowdsec
+
+	$(CP) \
+		$(GO_PKG_BUILD_DIR)/src/$(GO_PKG)/config/patterns/* \
+		$(1)/etc/crowdsec/patterns
+
+	$(INSTALL_DIR) $(1)/srv/crowdsec/data/
+
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) \
+		./files/crowdsec.initd \
+		$(1)/etc/init.d/crowdsec
+
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_CONF) \
+		./files/crowdsec.config \
+		$(1)/etc/config/crowdsec
+
+	$(LN) /usr/bin/crowdsec-cli $(1)/usr/bin/cscli
+
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_BIN) \
+		./files/crowdsec.defaults \
+		$(1)/etc/uci-defaults/99_crowdsec
+endef
+
+define Package/crowdsec/conffiles
+/etc/crowdsec/
+/etc/config/crowdsec
+endef
+
+$(eval $(call GoBinPackage,crowdsec))
+$(eval $(call BuildPackage,crowdsec))

net/crowdsec/files/crowdsec.config

@@ -0,0 +1,4 @@
+config crowdsec 'crowdsec'
+	option data_dir '/srv/crowdsec/data'
+	option db_path '/srv/crowdsec/data/crowdsec.db'
+

net/crowdsec/files/crowdsec.defaults

@@ -0,0 +1,26 @@
+#!/bin/sh
+
+CONFIG=/etc/crowdsec/config.yaml
+data_dir=`uci get "crowdsec.crowdsec.data_dir"`
+sed -i "s,^\(\s*data_dir\s*:\s*\).*\$,\1$data_dir," $CONFIG
+db_path=`uci get "crowdsec.crowdsec.db_path"`
+sed -i "s,^\(\s*db_path\s*:\s*\).*\$,\1$db_path," $CONFIG
+
+# Create data dir & permissions if needed
+if [ ! -d "${data_dir}" ]; then
+	mkdir -m 0755 -p "${data_dir}"
+fi;
+
+if grep -q "login:" /etc/crowdsec/local_api_credentials.yaml; then
+	echo local API already registered...
+else
+	cscli -c /etc/crowdsec/config.yaml machines add -a -f /etc/crowdsec/local_api_credentials.yaml
+fi
+if [ -s /etc/crowdsec/online_api_credentials.yaml ]; then
+	echo online API already registered...
+else
+	cscli -c /etc/crowdsec/config.yaml capi register -f /etc/crowdsec/online_api_credentials.yaml
+fi
+cscli hub update && cscli collections install crowdsecurity/linux && cscli parsers install crowdsecurity/whitelists && cscli hub upgrade
+
+exit 0

net/crowdsec/files/crowdsec.initd

@@ -0,0 +1,44 @@
+#!/bin/sh /etc/rc.common
+# (C) 2021 Gerald Kerma
+
+START=99
+USE_PROCD=1
+NAME=crowdsec
+PROG=/usr/bin/crowdsec
+CONFIG=/etc/crowdsec/config.yaml
+RUNCONFDIR=/srv/crowdsec/data
+VARCONFIGDIR=/var/etc/crowdsec
+VARCONFIG=/var/etc/crowdsec/config.yaml
+
+service_triggers() {
+	procd_add_reload_trigger crowdsec
+}
+
+init_config() {
+	config_load crowdsec
+	config_get data_dir crowdsec data_dir "${RUNCONFDIR}"
+	config_get db_path crowdsec db_path "${RUNCONFDIR}/crowdsec.db"
+
+	# Create tmp dir & permissions if needed
+	if [ ! -d "${VARCONFIGDIR}" ]; then
+		mkdir -m 0755 -p "${VARCONFIGDIR}"
+	fi;
+
+	cp $CONFIG $VARCONFIG
+
+	sed -i "s,^\(\s*data_dir\s*:\s*\).*\$,\1$data_dir," $VARCONFIG
+	sed -i "s,^\(\s*db_path\s*:\s*\).*\$,\1$db_path," $VARCONFIG
+
+	# Create data dir & permissions if needed
+	if [ ! -d "${RUNCONFDIR}" ]; then
+		mkdir -m 0755 -p "${RUNCONFDIR}"
+	fi;
+}
+
+start_service() {
+	init_config
+
+	procd_open_instance
+	procd_set_param command "$PROG" -c "$VARCONFIG"
+	procd_close_instance
+}

net/crowdsec/patches/001-fix_config_data_dir.patch

@@ -0,0 +1,20 @@
+--- a/config/config.yaml
++++ b/config/config.yaml
+@@ -7,7 +7,7 @@ common:
+   working_dir: .
+ config_paths:
+   config_dir: /etc/crowdsec/
+-  data_dir: /var/lib/crowdsec/data/
++  data_dir: /srv/crowdsec/data/
+   simulation_path: /etc/crowdsec/simulation.yaml
+   hub_dir: /etc/crowdsec/hub/
+   index_path: /etc/crowdsec/hub/.index.json
+@@ -21,7 +21,7 @@ cscli:
+ db_config:
+   log_level: info
+   type: sqlite
+-  db_path: /var/lib/crowdsec/data/crowdsec.db
++  db_path: /srv/crowdsec/data/crowdsec.db
+   #user: 
+   #password:
+   #db_name:

net/crowdsec/patches/010-fix-32bits-compile.patch

@@ -0,0 +1,29 @@
+Author: Kerma Gérald <gandalf@gk2.net>
+Date:   Mon Sep 20 10:34:20 2021 +0200
+
+    Use math.MaxInt32 instead of math.MaxUint32
+    
+    To fix 32 bits compilation in v1.2.0
+    https://github.com/crowdsecurity/crowdsec/issues/979
+    
+    Signed-off-by: Kerma Gérald <gandalf@gk2.net>
+
+--- a/pkg/csplugin/broker.go
++++ b/pkg/csplugin/broker.go
+@@ -400,14 +400,14 @@ func getProccessAtr(username string, gro
+ 	if err != nil {
+ 		return nil, err
+ 	}
+-	if uid < 0 && uid > math.MaxUint32 {
++	if uid < 0 && uid > math.MaxInt32 {
+ 		return nil, fmt.Errorf("out of bound uid")
+ 	}
+ 	gid, err := strconv.Atoi(g.Gid)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+-	if gid < 0 && gid > math.MaxUint32 {
++	if gid < 0 && gid > math.MaxInt32 {
+ 		return nil, fmt.Errorf("out of bound gid")
+ 	}
+ 	return &syscall.SysProcAttr{