From 334d080bc20c2d38abf6b01dc7c66c496591dd80 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 12 Jun 2025 08:08:09 -0400 Subject: [PATCH] CrowdSec config changes and enhancements. --- ansible/app-configs/crowdsec/acquis.yaml.j2 | 46 +++++++++++++++++++-- ansible/app-configs/crowdsec/config.yaml.j2 | 2 + docker-compose.yml | 28 ++++++++++++- 3 files changed, 71 insertions(+), 5 deletions(-) diff --git a/ansible/app-configs/crowdsec/acquis.yaml.j2 b/ansible/app-configs/crowdsec/acquis.yaml.j2 index 2830970b..4abd8141 100644 --- a/ansible/app-configs/crowdsec/acquis.yaml.j2 +++ b/ansible/app-configs/crowdsec/acquis.yaml.j2 @@ -1,9 +1,7 @@ {% set vault_addr = 'https://vault.trez.wtf' %} {% set secrets_path = 'rinoa-docker/env' %} - - source: journalctl -journalctl_filter: +journalctl_filter: - "--directory=/var/log/host/" labels: type: syslog @@ -13,3 +11,45 @@ filenames: labels: type: nginx --- +filenames: + - /var/log/auth/auth.log +labels: + type: syslog +--- +filenames: + - /var/lib/mysql/log/mysql/* + - /var/lib/mysql/databases/*.err + - /var/lib/mysql/databases/*.log +labels: + type: mariadb +--- +source: docker +container_name: + - adguard +labels: + type: adguardhome +--- +source: docker +container_name: + - mongodb +labels: + type: mongodb +--- +source: docker +container_name: + - immich-server +labels: + type: immich +--- +--- +source: docker +container_name: + - uptimekuma +labels: + type: uptime-kuma +--- +source: docker +container_name: + - jellyfin +labels: + type: jellyfin \ No newline at end of file diff --git a/ansible/app-configs/crowdsec/config.yaml.j2 b/ansible/app-configs/crowdsec/config.yaml.j2 index 9f58cb6b..46a4e811 100644 --- a/ansible/app-configs/crowdsec/config.yaml.j2 +++ b/ansible/app-configs/crowdsec/config.yaml.j2 @@ -1,3 +1,5 @@ +{% set vault_addr = 'https://vault.trez.wtf' %} +{% set secrets_path = 'rinoa-docker/env' %} common: daemonize: false log_media: stdout diff --git a/docker-compose.yml b/docker-compose.yml index a89e153c..b490aea5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -712,7 +712,29 @@ services: DOCKER_HOST: tcp://dockerproxy:2375 GID: 1000 BOUNCER_KEY_SWAG: ${CROWDSEC_API_KEY} - COLLECTIONS: corvese/apache-guacamole crowdsecurity/home-assistant crowdsecurity/http-cve crowdsecurity/iptables crowdsecurity/linux crowdsecurity/mariadb crowdsecurity/nextcloud crowdsecurity/nginx crowdsecurity/whitelist-good-actors Dominic-Wagner/vaultwarden gauth-fr/immich LePresidente/adguardhome LePresidente/authelia LePresidente/gitea LePresidente/jellyfin LePresidente/ombi plague-doctor/audiobookshelf schiz0phr3ne/sonarr sdwilsh/navidrome timokoessler/mongodb timokoessler/uptime-kuma xs539/joplin-server + COLLECTIONS: >- + corvese/apache-guacamole + crowdsecurity/home-assistant + crowdsecurity/http-cve + crowdsecurity/iptables + crowdsecurity/linux + crowdsecurity/mariadb + crowdsecurity/nextcloud + crowdsecurity/nginx + crowdsecurity/whitelist-good-actors + Dominic-Wagner/vaultwarden + gauth-fr/immich + LePresidente/adguardhome + LePresidente/authelia + LePresidente/gitea + LePresidente/jellyfin + LePresidente/ombi + plague-doctor/audiobookshelf + schiz0phr3ne/sonarr + sdwilsh/navidrome + timokoessler/mongodb + timokoessler/uptime-kuma + xs539/joplin-server image: crowdsecurity/crowdsec:latest networks: default: null @@ -725,10 +747,12 @@ services: - ${DOCKER_VOLUME_CONFIG}/crowdsec/config.yaml.local:/etc/crowdsec/config.yaml - ${DOCKER_VOLUME_CONFIG}/crowdsec/local-api-credentials.yaml:/etc/crowdsec/local_api_credentials.yaml - ${DOCKER_VOLUME_CONFIG}/crowdsec/online-api-credentials.yaml:/etc/crowdsec/online_api_credentials.yaml - - ${DOCKER_VOLUME_CONFIG}/swag/log/nginx:/var/log/swag:ro + - ${DOCKER_VOLUME_CONFIG}/swag/log/nginx:/var/log/swag:ro # SWAG + - ${DOCKER_VOLUME_CONFIG}/mariadb/:/var/lib/mysql:ro # MariaDB - crowdsec-config:/etc/crowdsec - crowdsec-db:/var/lib/crowdsec/data - /var/log/journal:/var/log/host:ro + - /var/log/auth.log:/var/log/host/auth.log:ro crowdsec-dashboard: container_name: crowdsec-dashboard depends_on: