CrowdSec bouncer for Nginx
License: MIT License
📚 Documentation 💠 Hub 💬 Discourse
A lua bouncer for nginx.
This bouncer leverages nginx lua's API, namely access_by_lua_file.
New/unknown IP are checked against crowdsec API, and if request should be blocked, a 403 is returned to the user, and put in cache.
At the back, this bouncer uses crowdsec lua lib.
Please follow the official documentation.
Currently, the only way to install it is with
yes | ./install.shapt install crowdsec-nginx-bouncer
The following packages have unmet dependencies:
libnginx-mod-http-lua : Depends: libnginx-mod-http-ndk but it is not going to be installed
Depends: nginx-abi-1.22.1-7
E: Unable to correct problems, you have held broken packages.
apt install crowdsec-nginx-bouncer
No response
$ cscli version
# paste output here2024/02/14 23:07:43 version: v1.6.0-debian-pragmatic-amd64-4b8e6cd7
2024/02/14 23:07:43 Codename: alphaga
2024/02/14 23:07:43 BuildDate: 2024-01-24_11:01:12
2024/02/14 23:07:43 GoVersion: 1.21.3
2024/02/14 23:07:43 Platform: linux
2024/02/14 23:07:43 libre2: C++
2024/02/14 23:07:43 Constraint_parser: >= 1.0, <= 3.0
2024/02/14 23:07:43 Constraint_scenario: >= 1.0, <= 3.0
2024/02/14 23:07:43 Constraint_api: v1
2024/02/14 23:07:43 Constraint_acquis: >= 1.0, < 2.0
# On Linux:
$ cat /etc/os-release
# paste output here
$ uname -a
# paste output here
# On Windows:
C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
# paste output here$ cscli hub list -o raw
# paste output hereC:> Get-Content C:\ProgramData\CrowdSec\config\acquis.yaml
$ cscli config show
# paste output here$ cscli metrics
# paste output hereWhen using nginx's APT repo's the standard apt installation for the bouncer breaks due to a dependency issue.
Mainly because package names differ between the repos and the standard nginx-lua module is not included as separate package in the nginx repo.
When apt attempts to install this, this results in a dependency conflict as shown below:
sudo apt-get install crowdsec-nginx-bouncer
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
nginx : Conflicts: nginx-common but 1.18.0-6.1 is to be installed
E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages
Suggested resolution
Update the debian/control file to reflect a situation where only nginx being installed instead of both nginx and libnginx-mod-http-lua would be sufficient.
Nginx is most often deployed as a Docker image, so it would make sense that this bouncer would be compatible with that. Maybe an image built on top of the official nginx image?
As title states, the script generates the key and informs user to replace it manually but it actually does work
lua-cjson 2.1.0.10-1 is now installed in /usr/local (license: MIT)
cscli is /usr/bin/cscli
cscli/crowdsec is present, generating API key
API Key : <redact>
Can't generate an API key for the bouncer. Please do it manually
Restart nginx to enable the crowdsec bouncer : sudo systemctl restart nginx
If you want to setup captcha remediation, follow official documentation :
https://docs.crowdsec.net/docs/bouncers/nginx#when-using-captcha-remediation
https://github.com/crowdsecurity/cs-nginx-bouncer/blob/main/debian/postinst#L42
We need to modify the else statement to set API_KEY_REQUIRED to false
when I follow the step , I can't restart nginx :
# nginx -t
nginx: [emerg] unknown directive "lua_package_path" in /etc/nginx/conf.d/crowdsec_nginx.conf:1
There is some messages:
apt-get install lua5.3 libnginx-mod-http-lua lua-sec
Reading package lists... Done
Building dependency tree
Reading state information... Done
lua-sec is already the newest version (0.9-3).
lua5.3 is already the newest version (5.3.3-1.1ubuntu2).
libnginx-mod-http-lua is already the newest version (1.18.0-0ubuntu1).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
---
# cat /etc/issue
Ubuntu 20.04.1 LTS \n \l
----
# nginx -V
nginx version: nginx/1.18.0 (Ubuntu)
built with OpenSSL 1.1.1f 31 Mar 2020
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-5J5hor/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-mail=dynamic --with-mail_ssl_module--add-dynamic-module=/build/nginx-5J5hor/nginx-1.18.0/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-5J5hor/nginx-1.18.0/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-5J5hor/nginx-1.18.0/debian/modules/http-echo --add-dynamic-module=/build/nginx-5J5hor/nginx-1.18.0/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-5J5hor/nginx-1.18.0/debian/modules/http-subs-filter --add-dynamic-module=/build/nginx-5J5hor/nginx-1.18.0/debian/modules/http-geoip2
Should I need install nginx-lua-module by mannul or install openresty?
Thanks !
The repository doesn't contain a license, which - in a strict sense - makes it not available as open source, keeping all copyright and usage to the authors.
There is no available package for ubuntu 22 LTS from the official repositories.
Also if you want to install it manually, there is no candidate for the required libnginx-mod-http-lua package.
Hello, recently I have installed nginx bouncer and have experienced certbot not working anymore, while showing me this error:
/etc/nginx/conf.d/crowdsec_nginx.conf:149 contained the 'init_by_lua_block' directive, which is not supported by Certbot. The file has been ignored, which may prevent Certbot from functioning properly. Consider using the --webroot plugin and manually installing the certificate.This issue is already tracked at this next certbot isssues: certbot/certbot#9347 and certbot/certbot#9066
Is there any way to make it so the bouncer can work with certbot's nginx plugin?
The installation script gives me an error about the missing lua mod directory. Why does it assume that this directory is present?
Hello, after installing the CrowdSec engine I moved to this guide for the Nginx bouncer, and since I use Arch Linux I used this AUR package to install it.
After some trial and error to solve issues related to finding the libs (mainly specifying to luarocks to install the deps for Lua 5.1) I reached a dead end, as I get this error whenever I enable the config:
2023/06/20 23:00:53 [error] 8759#8759: *1 lua entry thread aborted: runtime error: /usr/share/lua/5.1/resty/core/var.lua:71: no request found
stack traceback:
coroutine 0:
[C]: in function 'error'
/usr/share/lua/5.1/resty/core/var.lua:71: in function '__index'
access_by_lua(crowdsec.conf:14):3: in function <access_by_lua(crowdsec.conf:14):1>, client: X.X.X.X, server: exentio.sexy, request: "GET / HTTP/2.0", host: "exentio.sexy"
Currently this is my config, the standard one doesn't work because the AUR package installs the bouncer in /etc/nginx/lua rather than in /usr/local/lua:
lua_package_path '$prefix/lua/plugins/crowdsec/?.lua;;';
lua_shared_dict crowdsec_cache 50m;
resolver 1.1.1.1 ipv6=off;
lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
init_by_lua_block {
cs = require "crowdsec"
local ok, err = cs.init("/etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf", "crowdsec-nginx-bouncer/v1.0.5")
if ok == nil then
ngx.log(ngx.ERR, "[Crowdsec] " .. err)
error()
end
ngx.log(ngx.ALERT, "[Crowdsec] Initialisation done")
}
access_by_lua_block {
local cs = require "crowdsec"
cs.Allow(ngx.var.remote_addr)
}
What should I do?
The installation script assumes the sources have been updated with apt-get update which might not be the case. If you haven't updated the sources, the script fails saying it can't find the necessary packages.
After trying the debian package :
see : #16
I am now stucked in nginx not starting because of crowdsec-nginx-bouncer !
admin@myREVERSE:~$sudo systemctl restart nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
sudo journalctl -xe
...
-- Subject: A start job for unit nginx.service has begun execution
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit nginx.service has begun execution.
--
-- The job identifier is 895.
Sep 22 11:21:06 myREVERSE nginx[3542]: nginx: [error] init_by_lua error: /usr/lib/crowdsec/lua/lrucache.lua:4: module 'ffi' not found:
Sep 22 11:21:06 myREVERSE nginx[3542]: no field package.preload['ffi']
Sep 22 11:21:06 myREVERSE nginx[3542]: no file '/usr/lib/crowdsec/lua/ffi.lua'
Sep 22 11:21:06 myREVERSE nginx[3542]: no file './ffi.lua'
Sep 22 11:21:06 myREVERSE nginx[3542]: no file '/usr/local/share/lua/5.1/ffi.lua'
Sep 22 11:21:06 myREVERSE nginx[3542]: no file '/usr/local/share/lua/5.1/ffi/init.lua'
Sep 22 11:21:06 myREVERSE nginx[3542]: no file '/usr/local/lib/lua/5.1/ffi.lua'
Sep 22 11:21:06 myREVERSE nginx[3542]: no file '/usr/local/lib/lua/5.1/ffi/init.lua'
Sep 22 11:21:06 myREVERSE nginx[3542]: no file '/usr/share/lua/5.1/ffi.lua'
Sep 22 11:21:06 myREVERSE nginx[3542]: no file '/usr/share/lua/5.1/ffi/init.lua'
Sep 22 11:21:06 myREVERSE nginx[3542]: no file './lib/ffi.lua'
Sep 22 11:21:06 myREVERSE nginx[3542]: no file './ffi.so'
Sep 22 11:21:06 myREVERSE nginx[3542]: no file '/usr/local/lib/lua/5.1/ffi.so'
Sep 22 11:21:06 myREVERSE nginx[3542]: no file '/usr/lib/aarch64-linux-gnu/lua/5.1/ffi.so'
Sep 22 11:21:06 myREVERSE nginx[3542]: no file '/usr/lib/lua/5.1/ffi.so'
Sep 22 11:21:06 myREVERSE nginx[3542]: no file '/usr/local/lib/lua/5.1/loadall.so'
Sep 22 11:21:06 myREVERSE nginx[3542]: stack traceback:
Sep 22 11:21:06 myREVERSE nginx[3542]: [C]: in function 'require'
Sep 22 11:21:06 myREVERSE nginx[3542]: /usr/lib/crowdsec/lua/lrucache.lua:4: in main chunk
Sep 22 11:21:06 myREVERSE nginx[3542]: [C]: in function 'require'
Sep 22 11:21:06 myREVERSE nginx[3542]: /usr/lib/crowdsec/lua/CrowdSec.lua:4: in main chunk
Sep 22 11:21:06 myREVERSE nginx[3542]: [C]: in function 'require'
Sep 22 11:21:06 myREVERSE nginx[3542]: init_by_lua:2: in main chunk
Sep 22 11:21:06 myREVERSE nginx[3542]: nginx: configuration file /etc/nginx/nginx.conf test failed
Sep 22 11:21:06 myREVERSE systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- An ExecStartPre= process belonging to unit nginx.service has exited.
--
-- The process' exit code is 'exited' and its exit status is 1.
Sep 22 11:21:06 myREVERSE systemd[1]: nginx.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit nginx.service has entered the 'failed' state with result 'exit-code'.
Sep 22 11:21:06 myREVERSE systemd[1]: Failed to start A high performance web server and a reverse proxy server.
-- Subject: A start job for unit nginx.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit nginx.service has finished with a failure.
--
-- The job identifier is 895 and the job result is failed.
sudo apt install crowdsec-nginx-bouncer
...
Setting up crowdsec-nginx-bouncer (0.0.7) ...
cscli is /usr/bin/cscli
cscli/crowdsec is present, generating API key
API Key : f8f59946a13b3a6f0f69f41e9a5289ef
/var/lib/dpkg/info/crowdsec-nginx-bouncer.postinst: 26: envsubst: not found
Restart nginx to enable the crowdsec bouncer : systemctl restart nginx
...
Some verifications:
admin@myREVERSE:~$ cat /etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf
envsubst is missing from Debian !
Some possible workarounds and/or resolutions:
admin@myREVERSE:~$ sudo apt install gettext-base
admin@myREVERSE:~$ envsubst --version
envsubst (GNU gettext-runtime) 0.21
Copyright (C) 2003-2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by Bruno Haible.
envsubst in go
https://github.com/a8m/envsubst
It is the planned solution for OpenWrt...
PR porposed openwrt/packages#16664
replace envsubst with sed patterns
It is the actual workaround used in Crowdsec PR for OpenWrt
## Gen&ConfigApiKey
SUFFIX=`tr -dc A-Za-z0-9 </dev/urandom | head -c 8`
API_KEY=`/usr/bin/cscli bouncers add cs-firewall-bouncer-${SUFFIX} -o raw`
sed -i "s,^\(\s*api_key\s*:\s*\).*\$,\1$API_KEY," $CONFIG
and
sed -i "s,^\(\s*mode\s*:\s*\).*\$,\1$BACKEND," $VARCONFIG
Hi,
It would be great the installation script would work with AL8.
At least there is a list of dependencies to install?
Thanks,
Ignacio
Describe the bug
crowdsec.lua is looking for 5.1 files instead of 5.3
To Reproduce
Expected behavior
install and reinstall without problem.
Technical Information (please complete the following information):
Additional context
Add any other context about the problem here, for example /var/log/crowdsec.log or error messages.
root@panel:/usr/local/share/lua# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [error] init_by_lua error: /usr/local/lua/crowdsec/crowdsec.lua:5: module 'resty.http' not found:
no field package.preload['resty.http']
no file '/usr/local/lua/crowdsec/resty/http.lua'
no file './resty/http.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/http.lua'
no file '/usr/local/share/lua/5.1/resty/http.lua'
no file '/usr/local/share/lua/5.1/resty/http/init.lua'
no file '/usr/share/lua/5.1/resty/http.lua'
no file '/usr/share/lua/5.1/resty/http/init.lua'
no file './resty/http.lua'
no file './resty/http.so'
no file '/usr/local/lib/lua/5.1/resty/http.so'
no file '/usr/lib/x86_64-linux-gnu/lua/5.1/resty/http.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/x86_64-linux-gnu/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
stack traceback:
[C]: in function 'require'
/usr/local/lua/crowdsec/crowdsec.lua:5: in main chunk
[C]: in function 'require'
init_by_lua:2: in main chunk
nginx: configuration file /etc/nginx/nginx.conf test failedroot@panel:/usr/local/share/lua# ls /usr/local/share/lua/
5.3
root@panel:/usr/local/share/lua# ls -l /usr/local/lib/luarocks/rocks/
total 24
-rw-r--r-- 1 root root 1304 Mar 9 18:51 index.html
drwxr-xr-x 3 root root 4096 Mar 9 18:56 lua-resty-http
-rw-r--r-- 1 root root 994 Mar 9 18:57 manifest
-rw-r--r-- 1 root root 43 Mar 9 18:51 manifest-5.1
-rw-r--r-- 1 root root 43 Mar 9 18:51 manifest-5.2
-rw-r--r-- 1 root root 43 Mar 9 18:51 manifest-5.3
root@panel:/usr/local/share/lua# ls -l /usr/local/lib/luarocks/rocks/lua-resty-http/
total 4
drwxr-xr-x 3 root root 4096 Mar 9 18:57 0.17.0.beta.1-0
root@panel:/usr/local/share/lua# ls -l /usr/local/lib/luarocks/rocks/lua-resty-http/0.17.0.beta.1-0/
total 12
drwxr-xr-x 2 root root 4096 Mar 9 18:57 doc
-rw-r--r-- 1 root root 653 Mar 9 18:57 lua-resty-http-0.17.0.beta.1-0.rockspec
-rw-r--r-- 1 root root 466 Mar 9 18:57 rock_manifest
root@panel:/usr/local/share/lua#
root@panel:/usr/local/share/lua# ls -l /usr/local/lua/crowdsec/
total 24
-rw-r--r-- 1 root root 17826 Mar 9 18:55 crowdsec.lua
drwxr-xr-x 3 root root 4096 Mar 9 18:51 plugins
root@panel:/usr/local/share/lua# ls -l /usr/local/lua/crowdsec/plugins/
total 4
drwxr-xr-x 2 root root 4096 Mar 9 18:55 crowdsec
root@panel:/usr/local/share/lua# ls -l /usr/local/lua/crowdsec/plugins/crowdsec/
total 44
-rw-r--r-- 1 root root 1306 Mar 9 18:55 ban.lua
-rw-r--r-- 1 root root 6869 Mar 9 18:55 bitop.lua
-rw-r--r-- 1 root root 4694 Mar 9 18:55 config.lua
-rw-r--r-- 1 root root 9233 Mar 9 18:55 iputils.lua
-rw-r--r-- 1 root root 2768 Mar 9 18:55 recaptcha.lua
-rw-r--r-- 1 root root 239 Mar 9 18:55 template.lua
-rw-r--r-- 1 root root 1257 Mar 9 18:55 utils.lua
root@panel:/usr/local/share/lua#
In the docs, it says that only Google's recaptcha is supported, however the latest configuration file shows that in addition to recaptcha, hcaptcha and turnstile are also supported.
Hello,
I am using the following os:
PRETTY_NAME="Ubuntu 22.04.4 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.4 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
When trying to install ( REF: https://doc.crowdsec.net/u/bouncers/nginx/ ) :
I am facing the following error:
sudo apt install nginx lua5.1 libnginx-mod-http-lua luarocks gettext-base lua-cjson
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
gettext-base is already the newest version (0.21-4ubuntu4).
gettext-base set to manually installed.
lua-cjson is already the newest version (2.1.0+dfsg-2.1).
lua-cjson set to manually installed.
nginx is already the newest version (1.24.0-1~jammy).
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
libnginx-mod-http-lua : Depends: libnginx-mod-http-ndk but it is not going to be installed
Depends: nginx-abi-1.24.0-1
E: Unable to correct problems, you have held broken packages.
Also, there is another error:
$ sudo apt install crowdsec-nginx-bouncer
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
libnginx-mod-http-lua : Depends: libnginx-mod-http-ndk but it is not going to be installed
Depends: nginx-abi-1.24.0-1
E: Unable to correct problems, you have held broken packages.
As nginx has builtin support for geo-ip enrichment, we should also support decisions at the country level.
I've tried to install crowdsec-nginx-bouncer with apt on Debian Bullseye but get this error,
sudo apt install nginx lua5.1 libnginx-mod-http-lua luarocks gettext-base lua-cjson
..
Installing https://luarocks.org/lua-cjson-2.1.0.10-1.src.rock
gcc -O2 -fPIC -I/usr/include/lua5.1 -c lua_cjson.c -o lua_cjson.o
lua_cjson.c:44:10: fatal error: lua.h: Aucun fichier ou dossier de ce type
44 | #include <lua.h>
| ^~~~~~~
compilation terminated.
Error: Build error: Failed compiling object lua_cjson.o
cscli/crowdsec is present, generating API key
API Key : 85756596ce00a639f705c9c2edbf3a25
Restart nginx to enable the crowdsec bouncer : sudo systemctl restart nginx
....
uname -a
Linux monplaisir.ddns.net 5.19.17-meson64 #22.11.1 SMP PREEMPT Wed Nov 30 11:05:42 UTC 2022 aarch64 GNU/Linux
Installation of crowdsec was successful following official installation instruction.
After install using apt install crowdsec-nginx-bouncer nginx will not start due to error:
2024/03/02 19:19:32 [error] 31516#31516: init_by_lua error: /usr/local/share/lua/5.1/resty/http_connect.lua:8: module 'resty.string' not found:
no field package.preload['resty.string']
no file '/usr/lib/crowdsec/lua/resty/string.lua'
no file '/usr/share/lua/5.1/resty/string.lua'
no file './resty/string.lua'
no file '/usr/share/luajit-2.1.0-beta3/resty/string.lua'
no file '/usr/local/share/lua/5.1/resty/string.lua'
no file '/usr/local/share/lua/5.1/resty/string/init.lua'
no file '/usr/share/lua/5.1/resty/string.lua'
no file '/usr/share/lua/5.1/resty/string/init.lua'
no file './resty/string.lua'
no file './resty/string.so'
no file '/usr/local/lib/lua/5.1/resty/string.so'
no file '/usr/lib/x86_64-linux-gnu/lua/5.1/resty/string.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
no file './resty.so'
no file '/usr/local/lib/lua/5.1/resty.so'
no file '/usr/lib/x86_64-linux-gnu/lua/5.1/resty.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
stack traceback:
[C]: in function 'require'
/usr/local/share/lua/5.1/resty/http_connect.lua:8: in main chunk
[C]: in function 'require'
/usr/local/share/lua/5.1/resty/http.lua:166: in main chunk
[C]: in function 'require'
/usr/lib/crowdsec/lua/crowdsec.lua:5: in main chunk
[C]: in function 'require'
init_by_lua(conf.d/crowdsec_nginx.conf:4):2: in main chunk
Nginx to start successfully and the bouncer to function.
apt install crowdsec-nginx-bouncer on Debian 12
nginx/stable,now 1.22.1-9 amd64 [installed,automatic]
2024/03/02 19:37:30 version: v1.6.0-debian-pragmatic-amd64-4b8e6cd7
2024/03/02 19:37:30 Codename: alphaga
2024/03/02 19:37:30 BuildDate: 2024-01-24_11:01:12
2024/03/02 19:37:30 GoVersion: 1.21.3
2024/03/02 19:37:30 Platform: linux
2024/03/02 19:37:30 libre2: C++
2024/03/02 19:37:30 Constraint_parser: >= 1.0, <= 3.0
2024/03/02 19:37:30 Constraint_scenario: >= 1.0, <= 3.0
2024/03/02 19:37:30 Constraint_api: v1
2024/03/02 19:37:30 Constraint_acquis: >= 1.0, < 2.0
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
Linux meet 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64 GNU/Linux
name,status,version,description,type
crowdsecurity/dateparse-enrich,enabled,0.2,,parsers
crowdsecurity/geoip-enrich,enabled,0.2,"Populate event with geoloc info : as, country, coords, source range.",parsers
crowdsecurity/http-logs,enabled,1.2,"Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource",parsers
crowdsecurity/nginx-logs,enabled,1.5,Parse nginx access and error logs,parsers
crowdsecurity/sshd-logs,enabled,2.3,Parse openSSH logs,parsers
crowdsecurity/syslog-logs,enabled,0.8,,parsers
crowdsecurity/whitelists,enabled,0.2,Whitelist events from private ipv4 addresses,parsers
crowdsecurity/apache_log4j2_cve-2021-44228,enabled,0.5,Detect cve-2021-44228 exploitation attemps,scenarios
crowdsecurity/CVE-2017-9841,enabled,0.2,Detect CVE-2017-9841 exploits,scenarios
crowdsecurity/CVE-2019-18935,enabled,0.2,Detect Telerik CVE-2019-18935 exploitation attempts,scenarios
crowdsecurity/CVE-2022-26134,enabled,0.2,Detect CVE-2022-26134 exploits,scenarios
crowdsecurity/CVE-2022-35914,enabled,0.2,Detect CVE-2022-35914 exploits,scenarios
crowdsecurity/CVE-2022-37042,enabled,0.2,Detect CVE-2022-37042 exploits,scenarios
crowdsecurity/CVE-2022-40684,enabled,0.3,Detect cve-2022-40684 exploitation attempts,scenarios
crowdsecurity/CVE-2022-41082,enabled,0.4,Detect CVE-2022-41082 exploits,scenarios
crowdsecurity/CVE-2022-41697,enabled,0.2,Detect CVE-2022-41697 enumeration,scenarios
crowdsecurity/CVE-2022-42889,enabled,0.3,Detect CVE-2022-42889 exploits (Text4Shell),scenarios
crowdsecurity/CVE-2022-44877,enabled,0.3,Detect CVE-2022-44877 exploits,scenarios
crowdsecurity/CVE-2022-46169,enabled,0.2,Detect CVE-2022-46169 brute forcing,scenarios
crowdsecurity/CVE-2023-22515,enabled,0.1,Detect CVE-2023-22515 exploitation,scenarios
crowdsecurity/CVE-2023-22518,enabled,0.2,Detect CVE-2023-22518 exploits,scenarios
crowdsecurity/CVE-2023-49103,enabled,0.3,Detect owncloud CVE-2023-49103 exploitation attempts,scenarios
crowdsecurity/f5-big-ip-cve-2020-5902,enabled,0.2,Detect cve-2020-5902 exploitation attemps,scenarios
crowdsecurity/fortinet-cve-2018-13379,enabled,0.3,Detect cve-2018-13379 exploitation attemps,scenarios
crowdsecurity/grafana-cve-2021-43798,enabled,0.2,Detect cve-2021-43798 exploitation attemps,scenarios
crowdsecurity/http-admin-interface-probing,enabled,0.3,Detect generic HTTP admin interface probing,scenarios
crowdsecurity/http-backdoors-attempts,enabled,0.5,Detect attempt to common backdoors,scenarios
crowdsecurity/http-bad-user-agent,enabled,1.1,Detect usage of bad User Agent,scenarios
crowdsecurity/http-crawl-non_statics,enabled,0.7,Detect aggressive crawl on non static resources,scenarios
crowdsecurity/http-cve-2021-41773,enabled,0.2,cve-2021-41773,scenarios
crowdsecurity/http-cve-2021-42013,enabled,0.2,cve-2021-42013,scenarios
crowdsecurity/http-generic-bf,enabled,0.6,Detect generic http brute force,scenarios
crowdsecurity/http-open-proxy,enabled,0.5,Detect scan for open proxy,scenarios
crowdsecurity/http-path-traversal-probing,enabled,0.3,Detect path traversal attempt,scenarios
crowdsecurity/http-probing,enabled,0.3,Detect site scanning/probing from a single ip,scenarios
crowdsecurity/http-sensitive-files,enabled,0.3,"Detect attempt to access to sensitive files (.log, .db ..) or folders (.git)",scenarios
crowdsecurity/http-sqli-probing,enabled,0.3,A scenario that detects SQL injection probing with minimal false positives,scenarios
crowdsecurity/http-xss-probing,enabled,0.3,A scenario that detects XSS probing with minimal false positives,scenarios
crowdsecurity/jira_cve-2021-26086,enabled,0.2,Detect Atlassian Jira CVE-2021-26086 exploitation attemps,scenarios
crowdsecurity/netgear_rce,enabled,0.3,Detect Netgear RCE DGN1000/DGN220 exploitation attempts,scenarios
crowdsecurity/nginx-req-limit-exceeded,enabled,0.3,Detects IPs which violate nginx's user set request limit.,scenarios
crowdsecurity/pulse-secure-sslvpn-cve-2019-11510,enabled,0.3,Detect cve-2019-11510 exploitation attemps,scenarios
crowdsecurity/spring4shell_cve-2022-22965,enabled,0.3,Detect cve-2022-22965 probing,scenarios
crowdsecurity/ssh-bf,enabled,0.3,Detect ssh bruteforce,scenarios
crowdsecurity/ssh-slow-bf,enabled,0.4,Detect slow ssh bruteforce,scenarios
crowdsecurity/thinkphp-cve-2018-20062,enabled,0.4,Detect ThinkPHP CVE-2018-20062 exploitation attemps,scenarios
crowdsecurity/vmware-cve-2022-22954,enabled,0.3,Detect Vmware CVE-2022-22954 exploitation attempts,scenarios
crowdsecurity/vmware-vcenter-vmsa-2021-0027,enabled,0.2,Detect VMSA-2021-0027 exploitation attemps,scenarios
ltsich/http-w00tw00t,enabled,0.2,detect w00tw00t,scenarios
crowdsecurity/bf_base,enabled,0.1,,contexts
crowdsecurity/http_base,enabled,0.2,,contexts
crowdsecurity/base-http-scenarios,enabled,0.8,http common : scanners detection,collections
crowdsecurity/http-cve,enabled,2.6,Detect CVE exploitation in http logs,collections
crowdsecurity/linux,enabled,0.2,core linux support : syslog+geoip+ssh,collections
crowdsecurity/nginx,enabled,0.2,nginx support : parser and generic http scenarios,collections
crowdsecurity/sshd,enabled,0.3,sshd support : parser and brute-force detection,collections
#Generated acquisition file - wizard.sh (service: nginx) / files : /var/log/nginx/error.log /var/log/nginx/access.log
filenames:
- /var/log/nginx/error.log
- /var/log/nginx/access.log
labels:
type: nginx
---
#Generated acquisition file - wizard.sh (service: ssh) / files : /var/log/auth.log
filenames:
- /var/log/auth.log
labels:
type: syslog
---
#Generated acquisition file - wizard.sh (service: linux) / files : /var/log/syslog /var/log/kern.log
filenames:
- /var/log/syslog
- /var/log/kern.log
labels:
type: syslog
---
Global:
- Configuration Folder : /etc/crowdsec
- Data Folder : /var/lib/crowdsec/data
- Hub Folder : /etc/crowdsec/hub
- Simulation File : /etc/crowdsec/simulation.yaml
- Log Folder : /var/log
- Log level : info
- Log Media : file
Crowdsec:
- Acquisition File : /etc/crowdsec/acquis.yaml
- Parsers routines : 1
- Acquisition Folder : /etc/crowdsec/acquis.d
cscli:
- Output : human
- Hub Branch :
API Client:
- URL : http://10.33.0.2:8080/
- Login : <redacted>
- Credentials File : /etc/crowdsec/local_api_credentials.yaml
Local API Server:
- Listen URL : 127.0.0.1:8080
- Profile File : /etc/crowdsec/profiles.yaml
- Trusted IPs:
- 127.0.0.1
- ::1
- Database:
- Type : sqlite
- Path : /var/lib/crowdsec/data/crowdsec.db
- Flush age : 7d
- Flush size : 5000
Acquisition Metrics:
╭───────────────────────────────┬────────────┬──────────────┬────────────────┬────────────────────────╮
│ Source │ Lines read │ Lines parsed │ Lines unparsed │ Lines poured to bucket │
├───────────────────────────────┼────────────┼──────────────┼────────────────┼────────────────────────┤
│ file:/var/log/auth.log │ 236 │ 133 │ 103 │ 395 │
│ file:/var/log/kern.log │ 307 │ - │ 307 │ - │
│ file:/var/log/nginx/error.log │ 56 │ - │ 56 │ - │
│ file:/var/log/syslog │ 2.64k │ - │ 2.64k │ - │
╰───────────────────────────────┴────────────┴──────────────┴────────────────┴────────────────────────╯
Bucket Metrics:
╭─────────────────────────────────────┬───────────────┬───────────┬──────────────┬────────┬─────────╮
│ Bucket │ Current Count │ Overflows │ Instantiated │ Poured │ Expired │
├─────────────────────────────────────┼───────────────┼───────────┼──────────────┼────────┼─────────┤
│ crowdsecurity/ssh-bf │ - │ - │ 74 │ 132 │ 74 │
│ crowdsecurity/ssh-bf_user-enum │ - │ - │ 74 │ 74 │ 74 │
│ crowdsecurity/ssh-slow-bf │ 3 │ 1 │ 6 │ 132 │ 2 │
│ crowdsecurity/ssh-slow-bf_user-enum │ 3 │ - │ 11 │ 57 │ 8 │
╰─────────────────────────────────────┴───────────────┴───────────┴──────────────┴────────┴─────────╯
Parser Metrics:
╭─────────────────────────────────┬───────┬────────┬──────────╮
│ Parsers │ Hits │ Parsed │ Unparsed │
├─────────────────────────────────┼───────┼────────┼──────────┤
│ child-crowdsecurity/nginx-logs │ 336 │ - │ 336 │
│ child-crowdsecurity/sshd-logs │ 1.39k │ 133 │ 1.26k │
│ child-crowdsecurity/syslog-logs │ 3.18k │ 3.18k │ - │
│ crowdsecurity/dateparse-enrich │ 133 │ 133 │ - │
│ crowdsecurity/geoip-enrich │ 133 │ 133 │ - │
│ crowdsecurity/nginx-logs │ 112 │ - │ 112 │
│ crowdsecurity/non-syslog │ 56 │ 56 │ - │
│ crowdsecurity/sshd-logs │ 212 │ 133 │ 79 │
│ crowdsecurity/syslog-logs │ 3.18k │ 3.18k │ - │
│ crowdsecurity/whitelists │ 133 │ 133 │ - │
╰─────────────────────────────────┴───────┴────────┴──────────╯
Local API Decisions:
╭───────────────────────────┬──────────┬────────┬───────╮
│ Reason │ Origin │ Action │ Count │
├───────────────────────────┼──────────┼────────┼───────┤
│ crowdsecurity/ssh-slow-bf │ crowdsec │ ban │ 1 │
╰───────────────────────────┴──────────┴────────┴───────╯
Local API Alerts:
╭───────────────────────────┬───────╮
│ Reason │ Count │
├───────────────────────────┼───────┤
│ crowdsecurity/ssh-slow-bf │ 1 │
╰───────────────────────────┴───────╯
The local parsers and bouncers are communicating with a remote security engine (LAPI).
1、cscli decision add -i my accessip
2、when curl -I mysite ip,just pending,nothing retrun
There is an installation from the source and he asks to move to a non-existing folder "CROWDEC"
cp ./cs-nginx-bouncer/nginx/access.lua /usr/local/lua/crowdec/access.lua
Hi.
In this line need to change log level status on INFO (ngx.INFO).
After installation web server turned out to be broken and restoring it back to operational status requires cleaning up and reinstallation of sw-nginx package which is provided by Plesk and works well with other Panel integration.
root@e2e-93-181:~/ralph/docker# curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash; sudo apt-get install crowdsec -y; sudo apt install crowdsec-firewall-bouncer-iptables -y; sudo apt install crowdsec-nginx-bouncer -y;
Detected operating system as Ubuntu/focal.
Checking for curl...
Detected curl...
Checking for gpg...
Detected gpg...
Running apt-get update... done.
Installing apt-transport-https... done.
Installing /etc/apt/sources.list.d/crowdsec_crowdsec.list...done.
Importing packagecloud gpg key... done.
Running apt-get update... done.
The repository is setup! You can now install packages.
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
crowdsec
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 25.5 MB of archives.
After this operation, 95.8 MB of additional disk space will be used.
Get:1 https://packagecloud.io/crowdsec/crowdsec/ubuntu focal/main amd64 crowdsec amd64 1.3.2 [25.5 MB]
Fetched 25.5 MB in 5s (4,755 kB/s)
Preconfiguring packages ...
Selecting previously unselected package crowdsec.
(Reading database ... 118580 files and directories currently installed.)
Preparing to unpack .../crowdsec_1.3.2_amd64.deb ...
You can always run the configuration again interactively by using '/usr/share/crowdsec/wizard.sh -c
Unpacking crowdsec (1.3.2) ...
Setting up crowdsec (1.3.2) ...
Creating /etc/crowdsec/acquis.yaml
find: ‘/var/log/httpd’: No such file or directory
INFO[03/19/2022:07:32:49 AM] crowdsec_wizard: service 'apache2': /var/log/apache2/error.log /var/log/apache2/other_vhosts_access.log
find: ‘/usr/local/openresty/nginx/logs’: No such file or directory
INFO[03/19/2022:07:32:49 AM] crowdsec_wizard: service 'nginx': /var/log/nginx/access.log /var/log/nginx/error.log
INFO[03/19/2022:07:32:49 AM] crowdsec_wizard: service 'sshd': /var/log/auth.log
INFO[03/19/2022:07:32:49 AM] crowdsec_wizard: service 'mysql': /var/log/mysql/error.log
INFO[03/19/2022:07:32:49 AM] crowdsec_wizard: service 'linux': /var/log/syslog /var/log/kern.log
WARN[19-03-2022 07:32:49 AM] can't load CAPI credentials from '/etc/crowdsec/online_api_credentials.yaml' (missing field)
INFO[19-03-2022 07:32:49 AM] push and pull to Central API disabled
INFO[19-03-2022 07:32:49 AM] Machine 'f822a4da0740xxx5af2160fe800a1facEDLtPFtb0vjbkl7H' successfully added to the local API
INFO[19-03-2022 07:32:49 AM] API credentials dumped to '/etc/crowdsec/local_api_credentials.yaml'
WARN[19-03-2022 07:32:50 AM] can't load CAPI credentials from '/etc/crowdsec/online_api_credentials.yaml' (missing field)
INFO[19-03-2022 07:32:50 AM] push and pull to Central API disabled
INFO[19-03-2022 07:32:55 AM] Successfully registered to Central API (CAPI)
INFO[19-03-2022 07:32:55 AM] Central API credentials dumped to '/etc/crowdsec/online_api_credentials.yaml'
WARN[19-03-2022 07:32:55 AM] Run 'sudo systemctl reload crowdsec' for the new configuration to be effective.
Updating hub
INFO[19-03-2022 07:32:55 AM] Wrote new 323836 bytes index to /etc/crowdsec/hub/.index.json
INFO[03/19/2022:07:32:56 AM] crowdsec_wizard: Installing collection 'crowdsecurity/apache2'
INFO[03/19/2022:07:33:00 AM] crowdsec_wizard: Installing collection 'crowdsecurity/linux'
INFO[03/19/2022:07:33:07 AM] crowdsec_wizard: Installing collection 'crowdsecurity/mysql'
INFO[03/19/2022:07:33:08 AM] crowdsec_wizard: Installing collection 'crowdsecurity/sshd'
INFO[03/19/2022:07:33:09 AM] crowdsec_wizard: Installing collection 'crowdsecurity/nginx'
Created symlink /etc/systemd/system/multi-user.target.wants/crowdsec.service → /lib/systemd/system/crowdsec.service.
You can always run the configuration again interactively by using '/usr/share/crowdsec/wizard.sh -c
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
ipset libipset13
The following NEW packages will be installed:
crowdsec-firewall-bouncer-iptables ipset libipset13
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,584 kB of archives.
After this operation, 8,795 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libipset13 amd64 7.5-1ubuntu0.20.04.1 [53.6 kB]
Get:2 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 ipset amd64 7.5-1ubuntu0.20.04.1 [29.8 kB]
Get:3 https://packagecloud.io/crowdsec/crowdsec/ubuntu focal/main amd64 crowdsec-firewall-bouncer-iptables amd64 0.0.23 [2,500 kB]
Fetched 2,584 kB in 1s (1,971 kB/s)
Selecting previously unselected package libipset13:amd64.
(Reading database ... 118630 files and directories currently installed.)
Preparing to unpack .../libipset13_7.5-1ubuntu0.20.04.1_amd64.deb ...
Unpacking libipset13:amd64 (7.5-1ubuntu0.20.04.1) ...
Selecting previously unselected package ipset.
Preparing to unpack .../ipset_7.5-1ubuntu0.20.04.1_amd64.deb ...
Unpacking ipset (7.5-1ubuntu0.20.04.1) ...
Selecting previously unselected package crowdsec-firewall-bouncer-iptables.
Preparing to unpack .../crowdsec-firewall-bouncer-iptables_0.0.23_amd64.deb ...
Unpacking crowdsec-firewall-bouncer-iptables (0.0.23) ...
Setting up libipset13:amd64 (7.5-1ubuntu0.20.04.1) ...
Setting up ipset (7.5-1ubuntu0.20.04.1) ...
Setting up crowdsec-firewall-bouncer-iptables (0.0.23) ...
cscli/crowdsec is present, generating API key
API Key : xx
Created symlink /etc/systemd/system/multi-user.target.wants/crowdsec-firewall-bouncer.service → /etc/systemd/system/crowdsec-firewall-bouncer.service.
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for libc-bin (2.31-0ubuntu9.7) ...
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
autoconf automake autotools-dev cpp cpp-9 gcc gcc-9 gcc-9-base libasan5 libatomic1 libcc1-0 libdpkg-perl libfile-fcntllock-perl libgcc-9-dev libisl22 libitm1 liblsan0
libltdl-dev liblua5.1-0-dev libmpc3 libncurses-dev libnginx-mod-http-image-filter libnginx-mod-http-lua libnginx-mod-http-ndk libnginx-mod-http-xslt-filter libnginx-mod-mail
libnginx-mod-stream libquadmath0 libreadline-dev libtool libtool-bin libtsan0 libubsan1 lua-any lua-sec lua-socket lua5.1 luarocks m4 nginx nginx-common nginx-core pkg-config
Suggested packages:
autoconf-archive gnu-standards autoconf-doc gettext cpp-doc gcc-9-locales gcc-multilib make flex bison gdb gcc-doc gcc-9-multilib gcc-9-doc debian-keyring bzr libtool-doc
ncurses-doc readline-doc gfortran | fortran95-compiler gcj-jdk m4-doc fcgiwrap nginx-doc dpkg-dev
The following packages will be REMOVED:
sw-nginx
The following NEW packages will be installed:
autoconf automake autotools-dev cpp cpp-9 crowdsec-nginx-bouncer gcc gcc-9 gcc-9-base libasan5 libatomic1 libcc1-0 libdpkg-perl libfile-fcntllock-perl libgcc-9-dev libisl22
libitm1 liblsan0 libltdl-dev liblua5.1-0-dev libmpc3 libncurses-dev libnginx-mod-http-image-filter libnginx-mod-http-lua libnginx-mod-http-ndk libnginx-mod-http-xslt-filter
libnginx-mod-mail libnginx-mod-stream libquadmath0 libreadline-dev libtool libtool-bin libtsan0 libubsan1 lua-any lua-sec lua-socket lua5.1 luarocks m4 nginx nginx-common
nginx-core pkg-config
0 upgraded, 44 newly installed, 1 to remove and 0 not upgraded.
Need to get 28.9 MB of archives.
After this operation, 108 MB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal/main amd64 m4 amd64 1.4.18-4 [199 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal/main amd64 autoconf all 2.69-11.1 [321 kB]
Get:2 https://packagecloud.io/crowdsec/crowdsec/ubuntu focal/main amd64 crowdsec-nginx-bouncer amd64 1.0.0 [15.5 kB]
Get:4 http://archive.ubuntu.com/ubuntu focal/main amd64 autotools-dev all 20180224.1 [39.6 kB]
Get:5 http://archive.ubuntu.com/ubuntu focal/main amd64 automake all 1:1.16.1-4ubuntu6 [522 kB]
Get:6 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 gcc-9-base amd64 9.4.0-1ubuntu1~20.04 [19.4 kB]
Get:7 http://archive.ubuntu.com/ubuntu focal/main amd64 libisl22 amd64 0.22.1-1 [592 kB]
Get:8 http://archive.ubuntu.com/ubuntu focal/main amd64 libmpc3 amd64 1.1.0-1 [40.8 kB]
Get:9 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 cpp-9 amd64 9.4.0-1ubuntu1~20.04 [7,501 kB]
Get:10 http://archive.ubuntu.com/ubuntu focal/main amd64 cpp amd64 4:9.3.0-1ubuntu2 [27.6 kB]
Get:11 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libcc1-0 amd64 10.3.0-1ubuntu1~20.04 [48.8 kB]
Get:12 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libitm1 amd64 10.3.0-1ubuntu1~20.04 [26.2 kB]
Get:13 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libatomic1 amd64 10.3.0-1ubuntu1~20.04 [9,284 B]
Get:14 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libasan5 amd64 9.4.0-1ubuntu1~20.04 [2,752 kB]
Get:15 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 liblsan0 amd64 10.3.0-1ubuntu1~20.04 [835 kB]
Get:16 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libtsan0 amd64 10.3.0-1ubuntu1~20.04 [2,009 kB]
Get:17 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libubsan1 amd64 10.3.0-1ubuntu1~20.04 [784 kB]
Get:18 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libquadmath0 amd64 10.3.0-1ubuntu1~20.04 [146 kB]
Get:19 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libgcc-9-dev amd64 9.4.0-1ubuntu1~20.04 [2,360 kB]
Get:20 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 gcc-9 amd64 9.4.0-1ubuntu1~20.04 [8,275 kB]
Get:21 http://archive.ubuntu.com/ubuntu focal/main amd64 gcc amd64 4:9.3.0-1ubuntu2 [5,208 B]
Get:22 http://archive.ubuntu.com/ubuntu focal/main amd64 libdpkg-perl all 1.19.7ubuntu3 [230 kB]
Get:23 http://archive.ubuntu.com/ubuntu focal/main amd64 libfile-fcntllock-perl amd64 0.22-3build4 [33.1 kB]
Get:24 http://archive.ubuntu.com/ubuntu focal/main amd64 libltdl-dev amd64 2.4.6-14 [162 kB]
Get:25 http://archive.ubuntu.com/ubuntu focal/main amd64 libncurses-dev amd64 6.2-0ubuntu2 [339 kB]
Get:26 http://archive.ubuntu.com/ubuntu focal/main amd64 libreadline-dev amd64 8.0-4 [141 kB]
Get:27 http://archive.ubuntu.com/ubuntu focal/universe amd64 liblua5.1-0-dev amd64 5.1.5-8.1build4 [122 kB]
Get:28 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 nginx-common all 1.18.0-0ubuntu1.2 [37.5 kB]
Get:29 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libnginx-mod-http-image-filter amd64 1.18.0-0ubuntu1.2 [14.4 kB]
Get:30 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 libnginx-mod-http-ndk amd64 1.18.0-0ubuntu1.2 [10.1 kB]
Get:31 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 libnginx-mod-http-lua amd64 1.18.0-0ubuntu1.2 [153 kB]
Get:32 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libnginx-mod-http-xslt-filter amd64 1.18.0-0ubuntu1.2 [12.7 kB]
Get:33 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libnginx-mod-mail amd64 1.18.0-0ubuntu1.2 [42.5 kB]
Get:34 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 libnginx-mod-stream amd64 1.18.0-0ubuntu1.2 [67.3 kB]
Get:35 http://archive.ubuntu.com/ubuntu focal/main amd64 libtool all 2.4.6-14 [161 kB]
Get:36 http://archive.ubuntu.com/ubuntu focal/main amd64 libtool-bin amd64 2.4.6-14 [80.1 kB]
Get:37 http://archive.ubuntu.com/ubuntu focal/universe amd64 lua5.1 amd64 5.1.5-8.1build4 [94.6 kB]
Get:38 http://archive.ubuntu.com/ubuntu focal/universe amd64 lua-any all 25 [4,960 B]
Get:39 http://archive.ubuntu.com/ubuntu focal/universe amd64 lua-socket amd64 3.0~rc1+git+ac3201d-4 [70.5 kB]
Get:40 http://archive.ubuntu.com/ubuntu focal/universe amd64 lua-sec amd64 0.9-3 [32.3 kB]
Get:41 http://archive.ubuntu.com/ubuntu focal/universe amd64 luarocks all 2.4.2+dfsg-1 [97.6 kB]
Get:42 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 nginx-core amd64 1.18.0-0ubuntu1.2 [425 kB]
Get:43 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 nginx all 1.18.0-0ubuntu1.2 [3,620 B]
Get:44 http://archive.ubuntu.com/ubuntu focal/main amd64 pkg-config amd64 0.29.1-0ubuntu4 [45.5 kB]
Fetched 28.9 MB in 7s (4,414 kB/s)
Extracting templates from packages: 100%
Preconfiguring packages ...
(Reading database ... 118650 files and directories currently installed.)
Removing sw-nginx (1.20.2-v.ubuntu.20.04+p18.0.42.0+t220117.1118) ...
Try to disable nginx proxy in Plesk Panel ... done.
Selecting previously unselected package m4.
(Reading database ... 118631 files and directories currently installed.)
Preparing to unpack .../00-m4_1.4.18-4_amd64.deb ...
Unpacking m4 (1.4.18-4) ...
Selecting previously unselected package autoconf.
Preparing to unpack .../01-autoconf_2.69-11.1_all.deb ...
Unpacking autoconf (2.69-11.1) ...
Selecting previously unselected package autotools-dev.
Preparing to unpack .../02-autotools-dev_20180224.1_all.deb ...
Unpacking autotools-dev (20180224.1) ...
Selecting previously unselected package automake.
Preparing to unpack .../03-automake_1%3a1.16.1-4ubuntu6_all.deb ...
Unpacking automake (1:1.16.1-4ubuntu6) ...
Selecting previously unselected package gcc-9-base:amd64.
Preparing to unpack .../04-gcc-9-base_9.4.0-1ubuntu1~20.04_amd64.deb ...
Unpacking gcc-9-base:amd64 (9.4.0-1ubuntu1~20.04) ...
Selecting previously unselected package libisl22:amd64.
Preparing to unpack .../05-libisl22_0.22.1-1_amd64.deb ...
Unpacking libisl22:amd64 (0.22.1-1) ...
Selecting previously unselected package libmpc3:amd64.
Preparing to unpack .../06-libmpc3_1.1.0-1_amd64.deb ...
Unpacking libmpc3:amd64 (1.1.0-1) ...
Selecting previously unselected package cpp-9.
Preparing to unpack .../07-cpp-9_9.4.0-1ubuntu1~20.04_amd64.deb ...
Unpacking cpp-9 (9.4.0-1ubuntu1~20.04) ...
Selecting previously unselected package cpp.
Preparing to unpack .../08-cpp_4%3a9.3.0-1ubuntu2_amd64.deb ...
Unpacking cpp (4:9.3.0-1ubuntu2) ...
Selecting previously unselected package libcc1-0:amd64.
Preparing to unpack .../09-libcc1-0_10.3.0-1ubuntu1~20.04_amd64.deb ...
Unpacking libcc1-0:amd64 (10.3.0-1ubuntu1~20.04) ...
Selecting previously unselected package libitm1:amd64.
Preparing to unpack .../10-libitm1_10.3.0-1ubuntu1~20.04_amd64.deb ...
Unpacking libitm1:amd64 (10.3.0-1ubuntu1~20.04) ...
Selecting previously unselected package libatomic1:amd64.
Preparing to unpack .../11-libatomic1_10.3.0-1ubuntu1~20.04_amd64.deb ...
Unpacking libatomic1:amd64 (10.3.0-1ubuntu1~20.04) ...
Selecting previously unselected package libasan5:amd64.
Preparing to unpack .../12-libasan5_9.4.0-1ubuntu1~20.04_amd64.deb ...
Unpacking libasan5:amd64 (9.4.0-1ubuntu1~20.04) ...
Selecting previously unselected package liblsan0:amd64.
Preparing to unpack .../13-liblsan0_10.3.0-1ubuntu1~20.04_amd64.deb ...
Unpacking liblsan0:amd64 (10.3.0-1ubuntu1~20.04) ...
Selecting previously unselected package libtsan0:amd64.
Preparing to unpack .../14-libtsan0_10.3.0-1ubuntu1~20.04_amd64.deb ...
Unpacking libtsan0:amd64 (10.3.0-1ubuntu1~20.04) ...
Selecting previously unselected package libubsan1:amd64.
Preparing to unpack .../15-libubsan1_10.3.0-1ubuntu1~20.04_amd64.deb ...
Unpacking libubsan1:amd64 (10.3.0-1ubuntu1~20.04) ...
Selecting previously unselected package libquadmath0:amd64.
Preparing to unpack .../16-libquadmath0_10.3.0-1ubuntu1~20.04_amd64.deb ...
Unpacking libquadmath0:amd64 (10.3.0-1ubuntu1~20.04) ...
Selecting previously unselected package libgcc-9-dev:amd64.
Preparing to unpack .../17-libgcc-9-dev_9.4.0-1ubuntu1~20.04_amd64.deb ...
Unpacking libgcc-9-dev:amd64 (9.4.0-1ubuntu1~20.04) ...
Selecting previously unselected package gcc-9.
Preparing to unpack .../18-gcc-9_9.4.0-1ubuntu1~20.04_amd64.deb ...
Unpacking gcc-9 (9.4.0-1ubuntu1~20.04) ...
Selecting previously unselected package gcc.
Preparing to unpack .../19-gcc_4%3a9.3.0-1ubuntu2_amd64.deb ...
Unpacking gcc (4:9.3.0-1ubuntu2) ...
Selecting previously unselected package libdpkg-perl.
Preparing to unpack .../20-libdpkg-perl_1.19.7ubuntu3_all.deb ...
Unpacking libdpkg-perl (1.19.7ubuntu3) ...
Selecting previously unselected package libfile-fcntllock-perl.
Preparing to unpack .../21-libfile-fcntllock-perl_0.22-3build4_amd64.deb ...
Unpacking libfile-fcntllock-perl (0.22-3build4) ...
Selecting previously unselected package libltdl-dev:amd64.
Preparing to unpack .../22-libltdl-dev_2.4.6-14_amd64.deb ...
Unpacking libltdl-dev:amd64 (2.4.6-14) ...
Selecting previously unselected package libncurses-dev:amd64.
Preparing to unpack .../23-libncurses-dev_6.2-0ubuntu2_amd64.deb ...
Unpacking libncurses-dev:amd64 (6.2-0ubuntu2) ...
Selecting previously unselected package libreadline-dev:amd64.
Preparing to unpack .../24-libreadline-dev_8.0-4_amd64.deb ...
Unpacking libreadline-dev:amd64 (8.0-4) ...
Selecting previously unselected package liblua5.1-0-dev:amd64.
Preparing to unpack .../25-liblua5.1-0-dev_5.1.5-8.1build4_amd64.deb ...
Unpacking liblua5.1-0-dev:amd64 (5.1.5-8.1build4) ...
Selecting previously unselected package nginx-common.
Preparing to unpack .../26-nginx-common_1.18.0-0ubuntu1.2_all.deb ...
Unpacking nginx-common (1.18.0-0ubuntu1.2) ...
Selecting previously unselected package libnginx-mod-http-image-filter.
Preparing to unpack .../27-libnginx-mod-http-image-filter_1.18.0-0ubuntu1.2_amd64.deb ...
Unpacking libnginx-mod-http-image-filter (1.18.0-0ubuntu1.2) ...
Selecting previously unselected package libnginx-mod-http-ndk.
Preparing to unpack .../28-libnginx-mod-http-ndk_1.18.0-0ubuntu1.2_amd64.deb ...
Unpacking libnginx-mod-http-ndk (1.18.0-0ubuntu1.2) ...
Selecting previously unselected package libnginx-mod-http-lua.
Preparing to unpack .../29-libnginx-mod-http-lua_1.18.0-0ubuntu1.2_amd64.deb ...
Unpacking libnginx-mod-http-lua (1.18.0-0ubuntu1.2) ...
Selecting previously unselected package libnginx-mod-http-xslt-filter.
Preparing to unpack .../30-libnginx-mod-http-xslt-filter_1.18.0-0ubuntu1.2_amd64.deb ...
Unpacking libnginx-mod-http-xslt-filter (1.18.0-0ubuntu1.2) ...
Selecting previously unselected package libnginx-mod-mail.
Preparing to unpack .../31-libnginx-mod-mail_1.18.0-0ubuntu1.2_amd64.deb ...
Unpacking libnginx-mod-mail (1.18.0-0ubuntu1.2) ...
Selecting previously unselected package libnginx-mod-stream.
Preparing to unpack .../32-libnginx-mod-stream_1.18.0-0ubuntu1.2_amd64.deb ...
Unpacking libnginx-mod-stream (1.18.0-0ubuntu1.2) ...
Selecting previously unselected package libtool.
Preparing to unpack .../33-libtool_2.4.6-14_all.deb ...
Unpacking libtool (2.4.6-14) ...
Selecting previously unselected package libtool-bin.
Preparing to unpack .../34-libtool-bin_2.4.6-14_amd64.deb ...
Unpacking libtool-bin (2.4.6-14) ...
Selecting previously unselected package lua5.1.
Preparing to unpack .../35-lua5.1_5.1.5-8.1build4_amd64.deb ...
Unpacking lua5.1 (5.1.5-8.1build4) ...
Selecting previously unselected package lua-any.
Preparing to unpack .../36-lua-any_25_all.deb ...
Unpacking lua-any (25) ...
Selecting previously unselected package lua-socket:amd64.
Preparing to unpack .../37-lua-socket_3.0~rc1+git+ac3201d-4_amd64.deb ...
Unpacking lua-socket:amd64 (3.0~rc1+git+ac3201d-4) ...
Selecting previously unselected package lua-sec:amd64.
Preparing to unpack .../38-lua-sec_0.9-3_amd64.deb ...
Unpacking lua-sec:amd64 (0.9-3) ...
Selecting previously unselected package luarocks.
Preparing to unpack .../39-luarocks_2.4.2+dfsg-1_all.deb ...
Unpacking luarocks (2.4.2+dfsg-1) ...
Selecting previously unselected package nginx-core.
Preparing to unpack .../40-nginx-core_1.18.0-0ubuntu1.2_amd64.deb ...
Unpacking nginx-core (1.18.0-0ubuntu1.2) ...
Selecting previously unselected package nginx.
Preparing to unpack .../41-nginx_1.18.0-0ubuntu1.2_all.deb ...
Unpacking nginx (1.18.0-0ubuntu1.2) ...
Selecting previously unselected package pkg-config.
Preparing to unpack .../42-pkg-config_0.29.1-0ubuntu4_amd64.deb ...
Unpacking pkg-config (0.29.1-0ubuntu4) ...
Selecting previously unselected package crowdsec-nginx-bouncer.
Preparing to unpack .../43-crowdsec-nginx-bouncer_1.0.0_amd64.deb ...
Unpacking crowdsec-nginx-bouncer (1.0.0) ...
Setting up libncurses-dev:amd64 (6.2-0ubuntu2) ...
Setting up libfile-fcntllock-perl (0.22-3build4) ...
Setting up nginx-common (1.18.0-0ubuntu1.2) ...
Configuration file '/etc/default/nginx'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** nginx (Y/I/N/O/D/Z) [default=N] ?
Installing new version of config file /etc/init.d/nginx ...
Installing new version of config file /etc/logrotate.d/nginx ...
Installing new version of config file /etc/nginx/fastcgi.conf ...
Installing new version of config file /etc/nginx/fastcgi_params ...
Installing new version of config file /etc/nginx/mime.types ...
Installing new version of config file /etc/nginx/nginx.conf ...
Installing new version of config file /etc/nginx/win-utf ...
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /lib/systemd/system/nginx.service.
Setting up m4 (1.4.18-4) ...
Setting up lua-socket:amd64 (3.0~rc1+git+ac3201d-4) ...
Setting up libreadline-dev:amd64 (8.0-4) ...
Setting up lua5.1 (5.1.5-8.1build4) ...
update-alternatives: using /usr/bin/lua5.1 to provide /usr/bin/lua (lua-interpreter) in auto mode
update-alternatives: using /usr/bin/luac5.1 to provide /usr/bin/luac (lua-compiler) in auto mode
Setting up libnginx-mod-http-xslt-filter (1.18.0-0ubuntu1.2) ...
Setting up autotools-dev (20180224.1) ...
Setting up libquadmath0:amd64 (10.3.0-1ubuntu1~20.04) ...
Setting up libnginx-mod-http-ndk (1.18.0-0ubuntu1.2) ...
Setting up libmpc3:amd64 (1.1.0-1) ...
Setting up libatomic1:amd64 (10.3.0-1ubuntu1~20.04) ...
Setting up libdpkg-perl (1.19.7ubuntu3) ...
Setting up autoconf (2.69-11.1) ...
Setting up libubsan1:amd64 (10.3.0-1ubuntu1~20.04) ...
Setting up libisl22:amd64 (0.22.1-1) ...
Setting up libnginx-mod-http-lua (1.18.0-0ubuntu1.2) ...
Setting up libcc1-0:amd64 (10.3.0-1ubuntu1~20.04) ...
Setting up liblsan0:amd64 (10.3.0-1ubuntu1~20.04) ...
Setting up libitm1:amd64 (10.3.0-1ubuntu1~20.04) ...
Setting up gcc-9-base:amd64 (9.4.0-1ubuntu1~20.04) ...
Setting up libtsan0:amd64 (10.3.0-1ubuntu1~20.04) ...
Setting up automake (1:1.16.1-4ubuntu6) ...
update-alternatives: using /usr/bin/automake-1.16 to provide /usr/bin/automake (automake) in auto mode
Setting up libnginx-mod-mail (1.18.0-0ubuntu1.2) ...
Setting up lua-sec:amd64 (0.9-3) ...
Setting up liblua5.1-0-dev:amd64 (5.1.5-8.1build4) ...
Setting up libnginx-mod-http-image-filter (1.18.0-0ubuntu1.2) ...
Setting up lua-any (25) ...
Setting up libnginx-mod-stream (1.18.0-0ubuntu1.2) ...
Setting up libltdl-dev:amd64 (2.4.6-14) ...
Setting up libasan5:amd64 (9.4.0-1ubuntu1~20.04) ...
Setting up pkg-config (0.29.1-0ubuntu4) ...
Setting up cpp-9 (9.4.0-1ubuntu1~20.04) ...
Setting up nginx-core (1.18.0-0ubuntu1.2) ...
Not attempting to start NGINX, port 80 is already in use.
Setting up nginx (1.18.0-0ubuntu1.2) ...
Setting up luarocks (2.4.2+dfsg-1) ...
Making manifest for /usr/local/lib/luarocks/rocks
Warning: This looks like a local rocks tree, but you did not pass --local-tree.
Generating index.html for /usr/local/lib/luarocks/rocks
Setting up libgcc-9-dev:amd64 (9.4.0-1ubuntu1~20.04) ...
Setting up cpp (4:9.3.0-1ubuntu2) ...
Setting up gcc-9 (9.4.0-1ubuntu1~20.04) ...
Setting up libtool (2.4.6-14) ...
Setting up crowdsec-nginx-bouncer (1.0.0) ...
Installing https://luarocks.org/lua-resty-http-0.17.0.beta.1-0.src.rock
lua-resty-http 0.17.0.beta.1-0 is now installed in /usr/local (license: 2-clause BSD)
Installing https://luarocks.org/lua-cjson-2.1.0.6-1.src.rock
gcc -O2 -fPIC -I/usr/include/lua5.1 -c lua_cjson.c -o lua_cjson.o
gcc -O2 -fPIC -I/usr/include/lua5.1 -c strbuf.c -o strbuf.o
gcc -O2 -fPIC -I/usr/include/lua5.1 -c fpconv.c -o fpconv.o
gcc -shared -o cjson.so -L/usr/local/lib lua_cjson.o strbuf.o fpconv.o
lua-cjson 2.1.0.6-1 is now installed in /usr/local (license: MIT)
cscli/crowdsec is present, generating API key
API Key : xxxx
Restart nginx to enable the crowdsec bouncer : sudo systemctl restart nginx
If you want to setup captcha remediation, follow official documentation :
https://docs.crowdsec.net/docs/bouncers/nginx#when-using-captcha-remediation
Setting up gcc (4:9.3.0-1ubuntu2) ...
Setting up libtool-bin (2.4.6-14) ...
Processing triggers for ufw (0.36-6ubuntu1) ...
Processing triggers for systemd (245.4-4ubuntu3.15) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for install-info (6.7.0.dfsg.2-5) ...
Processing triggers for libc-bin (2.31-0ubuntu9.7) ...
root@e2e-93-181:~/ralph/docker# sudo systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:nginx(8)
Mar 19 07:24:00 e2e-93-181 systemd[1]: Stopping Startup script for nginx service...
Mar 19 07:24:00 e2e-93-181 systemd[1]: nginx.service: Succeeded.
Mar 19 07:24:00 e2e-93-181 systemd[1]: Stopped Startup script for nginx service.
Mar 19 07:24:00 e2e-93-181 systemd[1]: Starting Startup script for nginx service...
Mar 19 07:24:00 e2e-93-181 nginx[545344]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Mar 19 07:24:00 e2e-93-181 nginx[545344]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Mar 19 07:24:00 e2e-93-181 systemd[1]: Started Startup script for nginx service.
Mar 19 07:33:43 e2e-93-181 systemd[1]: Stopping Startup script for nginx service...
Mar 19 07:33:43 e2e-93-181 systemd[1]: nginx.service: Succeeded.
Mar 19 07:33:43 e2e-93-181 systemd[1]: Stopped Startup script for nginx service.
Currently, I see a lot of dpkg related errors when running ./install.sh, since Alpine Linux doesn't use dpkg!
Hi.
I have tried to install crowdsec-nginx-bouncer on debian 11 with nginx installed.
APT make a conflict with nginx-common.
# apt install crowdsec-nginx-bouncer
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances... Fait
Lecture des informations d'état... Fait
Certains paquets ne peuvent être installés. Ceci peut signifier
que vous avez demandé l'impossible, ou bien, si vous utilisez
la distribution unstable, que certains paquets n'ont pas encore
été créés ou ne sont pas sortis d'Incoming.
L'information suivante devrait vous aider à résoudre la situation :
Les paquets suivants contiennent des dépendances non satisfaites :
nginx : Est en conflit avec: nginx-common mais 1.18.0-6.1+deb11u2 devra être installé
E: Erreur, pkgProblem::Resolve a généré des ruptures, ce qui a pu être causé par les paquets devant être gardés en l'état
Nginx bouncer install with apt
apt install crowdsec-nginx-bouncer
on debian 11
nginx/stable,now 1.23.2-1~bullseye amd64 [installé]
high performance web server
$ cscli version
# paste output here
2022/10/24 18:21:17 version: v1.4.1-debian-pragmatic-e1954adc325baa9e3420c324caabd50b7074dd77
2022/10/24 18:21:17 Codename: alphaga
2022/10/24 18:21:17 BuildDate: 2022-07-25_09:20:06
2022/10/24 18:21:17 GoVersion: 1.17.5
2022/10/24 18:21:17 Platform: linux
2022/10/24 18:21:17 Constraint_parser: >= 1.0, <= 2.0
2022/10/24 18:21:17 Constraint_scenario: >= 1.0, < 3.0
2022/10/24 18:21:17 Constraint_api: v1
2022/10/24 18:21:17 Constraint_acquis: >= 1.0, < 2.0# On Linux:
$ cat /etc/os-release
# paste output here
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
$ uname -a
# paste output here
Linux priva 5.10.0-13-amd64 crowdsecurity/crowdsec#1 SMP Debian 5.10.106-1 (2022-03-17) x86_64 GNU/Linux$ cscli hub list -o raw
# paste output here
crowdsecurity/base-http-scenarios,enabled,0.6,http common : scanners detection,collections
crowdsecurity/http-cve,enabled,1.6,,collections
crowdsecurity/iptables,enabled,0.1,iptables support : logs and port-scans detection scenarios,collections
crowdsecurity/linux,enabled,0.2,core linux support : syslog+geoip+ssh,collections
crowdsecurity/nginx,enabled,0.2,nginx support : parser and generic http scenarios,collections
crowdsecurity/sshd,enabled,0.2,sshd support : parser and brute-force detection,collections
crowdsecurity/dateparse-enrich,enabled,0.2,,parsers
crowdsecurity/geoip-enrich,enabled,0.2,"Populate event with geoloc info : as, country, coords, source range.",parsers
crowdsecurity/http-logs,enabled,0.8,"Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource",parsers
crowdsecurity/iptables-logs,enabled,0.3,Parse iptables drop logs,parsers
crowdsecurity/nginx-logs,enabled,1.3,Parse nginx access and error logs,parsers
crowdsecurity/sshd-logs,enabled,2.0,Parse openSSH logs,parsers
crowdsecurity/syslog-logs,enabled,0.8,,parsers
crowdsecurity/whitelists,enabled,0.2,Whitelist events from private ipv4 addresses,parsers
crowdsecurity/CVE-2022-26134,enabled,0.1,Detect CVE-2022-26134 exploits,scenarios
crowdsecurity/CVE-2022-35914,enabled,0.1,Detect CVE-2022-35914 exploits,scenarios
crowdsecurity/CVE-2022-37042,enabled,0.1,Detect CVE-2022-37042 exploits,scenarios
crowdsecurity/CVE-2022-40684,enabled,0.2,Detect cve-2022-40684 exploitation attempts,scenarios
crowdsecurity/CVE-2022-41082,enabled,0.3,Detect CVE-2022-41082 exploits,scenarios
crowdsecurity/CVE-2022-42889,enabled,0.2,Detect CVE-2022-42889 exploits (Text4Shell),scenarios
crowdsecurity/apache_log4j2_cve-2021-44228,enabled,0.4,Detect cve-2021-44228 exploitation attemps,scenarios
crowdsecurity/f5-big-ip-cve-2020-5902,enabled,0.1,Detect cve-2020-5902 exploitation attemps,scenarios
crowdsecurity/fortinet-cve-2018-13379,enabled,0.2,Detect cve-2018-13379 exploitation attemps,scenarios
crowdsecurity/grafana-cve-2021-43798,enabled,0.1,Detect cve-2021-43798 exploitation attemps,scenarios
crowdsecurity/http-backdoors-attempts,enabled,0.2,Detect attempt to common backdoors,scenarios
crowdsecurity/http-bad-user-agent,enabled,0.7,Detect bad user-agents,scenarios
crowdsecurity/http-crawl-non_statics,enabled,0.3,Detect aggressive crawl from single ip,scenarios
crowdsecurity/http-cve-2021-41773,enabled,0.1,cve-2021-41773,scenarios
crowdsecurity/http-cve-2021-42013,enabled,0.1,cve-2021-42013,scenarios
crowdsecurity/http-generic-bf,enabled,0.2,Detect generic http brute force,scenarios
crowdsecurity/http-open-proxy,enabled,0.3,Detect scan for open proxy,scenarios
crowdsecurity/http-path-traversal-probing,enabled,0.2,Detect path traversal attempt,scenarios
crowdsecurity/http-probing,enabled,0.2,Detect site scanning/probing from a single ip,scenarios
crowdsecurity/http-sensitive-files,enabled,0.2,"Detect attempt to access to sensitive files (.log, .db ..) or folders (.git)",scenarios
crowdsecurity/http-sqli-probing,enabled,0.2,A scenario that detects SQL injection probing with minimal false positives,scenarios
crowdsecurity/http-xss-probing,enabled,0.2,A scenario that detects XSS probing with minimal false positives,scenarios
crowdsecurity/iptables-scan-multi_ports,enabled,0.1,ban IPs that are scanning us,scenarios
crowdsecurity/jira_cve-2021-26086,enabled,0.1,Detect Atlassian Jira CVE-2021-26086 exploitation attemps,scenarios
crowdsecurity/nginx-req-limit-exceeded,enabled,0.1,Detects IPs which violate nginx's user set request limit.,scenarios
crowdsecurity/pulse-secure-sslvpn-cve-2019-11510,enabled,0.2,Detect cve-2019-11510 exploitation attemps,scenarios
crowdsecurity/spring4shell_cve-2022-22965,enabled,0.2,Detect cve-2022-22965 probing,scenarios
crowdsecurity/ssh-bf,enabled,0.1,Detect ssh bruteforce,scenarios
crowdsecurity/ssh-slow-bf,enabled,0.2,Detect slow ssh bruteforce,scenarios
crowdsecurity/thinkphp-cve-2018-20062,enabled,0.3,Detect ThinkPHP CVE-2018-20062 exploitation attemps,scenarios
crowdsecurity/vmware-cve-2022-22954,enabled,0.2,Detect Vmware CVE-2022-22954 exploitation attempts,scenarios
crowdsecurity/vmware-vcenter-vmsa-2021-0027,enabled,0.1,Detect VMSA-2021-0027 exploitation attemps,scenarios
ltsich/http-w00tw00t,enabled,0.1,detect w00tw00t,scenarios$ cscli config show
Global:
- Configuration Folder : /etc/crowdsec
- Data Folder : /var/lib/crowdsec/data
- Hub Folder : /etc/crowdsec/hub
- Simulation File : /etc/crowdsec/simulation.yaml
- Log Folder : /var/log/
- Log level : info
- Log Media : file
Crowdsec:
- Acquisition File : /etc/crowdsec/acquis.yaml
- Parsers routines : 1
cscli:
- Output : human
- Hub Branch :
- Hub Folder : /etc/crowdsec/hub
Local API Server:
- Listen URL : 127.0.0.1:8080
- Profile File : /etc/crowdsec/profiles.yaml
- Trusted IPs:
- 127.0.0.1
- ::1
- Database:
- Type : sqlite
- Path : /var/lib/crowdsec/data/crowdsec.db
- Flush age : 7d
- Flush size : 5000$ cscli metrics
INFO[24-10-2022 06:25:34 PM] Acquisition Metrics:
+--------------------------------+------------+--------------+----------------+------------------------+
| SOURCE | LINES READ | LINES PARSED | LINES UNPARSED | LINES POURED TO BUCKET |
+--------------------------------+------------+--------------+----------------+------------------------+
| file:/var/log/auth.log | 47 | - | 47 | - |
| file:/var/log/nginx/access.log | 100 | - | 100 | - |
| file:/var/log/nginx/error.log | 8 | 1 | 7 | - |
| file:/var/log/syslog | 220 | - | 220 | - |
+--------------------------------+------------+--------------+----------------+------------------------+
INFO[24-10-2022 06:25:34 PM] Parser Metrics:
+---------------------------------+------+--------+----------+
| PARSERS | HITS | PARSED | UNPARSED |
+---------------------------------+------+--------+----------+
| child-crowdsecurity/http-logs | 3 | 2 | 1 |
| child-crowdsecurity/nginx-logs | 216 | 1 | 215 |
| child-crowdsecurity/syslog-logs | 267 | 267 | - |
| crowdsecurity/dateparse-enrich | 1 | 1 | - |
| crowdsecurity/geoip-enrich | 1 | 1 | - |
| crowdsecurity/http-logs | 1 | 1 | - |
| crowdsecurity/nginx-logs | 108 | 1 | 107 |
| crowdsecurity/non-syslog | 108 | 108 | - |
| crowdsecurity/syslog-logs | 267 | 267 | - |
| crowdsecurity/whitelists | 1 | 1 | - |
+---------------------------------+------+--------+----------+
INFO[24-10-2022 06:25:34 PM] Local Api Metrics:
+----------------------+--------+------+
| ROUTE | METHOD | HITS |
+----------------------+--------+------+
| /v1/decisions/stream | GET | 147 |
| /v1/heartbeat | GET | 24 |
| /v1/watchers/login | POST | 2 |
+----------------------+--------+------+
INFO[24-10-2022 06:25:34 PM] Local Api Machines Metrics:
+--------------------------------------------------+---------------+--------+------+
| MACHINE | ROUTE | METHOD | HITS |
+--------------------------------------------------+---------------+--------+------+
| 12682ae530ad484b8b75a4e8530006f3OMI9GtafOS2NgYFi | /v1/heartbeat | GET | 24 |
+--------------------------------------------------+---------------+--------+------+
INFO[24-10-2022 06:25:34 PM] Local Api Bouncers Metrics:
+----------------------------+----------------------+--------+------+
| BOUNCER | ROUTE | METHOD | HITS |
+----------------------------+----------------------+--------+------+
| FirewallBouncer-1666627267 | /v1/decisions/stream | GET | 147 |
+----------------------------+----------------------+--------+------+I run the install command but unable to install it
Ubuntu 22.04 ARM64
Installed crowdsec_1.4.3_arm64.deb
nginx version: nginx/1.21.4
root@panel:~# sudo apt install crowdsec-nginx-bouncer
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package crowdsec-nginx-bouncer
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.