├── vars └── main.yml ├── handlers └── main.yml ├── templates ├── cs_local_api_credentials.j2 ├── whitelists.j2 ├── crowdsec_crowdsec.j2 ├── cs_config _org.j2 └── cs_config.j2 ├── tasks ├── redhat.yml ├── redhat7.yml ├── debian.yml ├── lapi_agent.yml ├── lapi_server.yml └── main.yml ├── meta └── main.yml ├── LICENSE ├── README.md └── defaults └── main.yml /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for crowdsec2 3 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: Restart crowdsec 2 | service: 3 | name: crowdsec 4 | state: restarted -------------------------------------------------------------------------------- /templates/cs_local_api_credentials.j2: -------------------------------------------------------------------------------- 1 | url: http://{{ crowdsec_lapi_ip }}:8080 2 | login: {{ inventory_hostname }} 3 | password: {{ crowdsec_agent_hosts_password }} 4 | -------------------------------------------------------------------------------- /templates/whitelists.j2: -------------------------------------------------------------------------------- 1 | name: mywhitelists 2 | description: "Whitelist events from my ip addresses" 3 | whitelist: 4 | reason: "my ip ranges" 5 | ip: 6 | - "127.0.0.1" 7 | - "::1" 8 | {{ cs_parsers_mywhitelists_ip }} 9 | cidr: 10 | {{ cs_parsers_mywhitelists_cidr }} 11 | -------------------------------------------------------------------------------- /tasks/redhat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Start nftables services 3 | service: 4 | name: nftables 5 | state: started 6 | enabled: yes 7 | 8 | - name: Copy crowdsec repo file into place. 9 | template: 10 | src: templates/crowdsec_crowdsec.j2 11 | dest: /etc/yum.repos.d/crowdsec_crowdsec.repo 12 | owner: root 13 | group: root 14 | mode: 0644 15 | -------------------------------------------------------------------------------- /tasks/redhat7.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: iptables 3 | package: 4 | name: 5 | - pygpgme 6 | - yum-utils 7 | - iptables-services 8 | state: present 9 | update_cache: yes 10 | 11 | - name: Start iptables services 12 | service: 13 | name: iptables 14 | state: started 15 | enabled: yes 16 | 17 | - name: Copy crowdsec repo file into place. 18 | template: 19 | src: templates/crowdsec_crowdsec.j2 20 | dest: /etc/yum.repos.d/crowdsec_crowdsec.repo 21 | owner: root 22 | group: root 23 | mode: 0644 24 | 25 | -------------------------------------------------------------------------------- /templates/crowdsec_crowdsec.j2: -------------------------------------------------------------------------------- 1 | [crowdsec_crowdsec] 2 | name=crowdsec_crowdsec 3 | baseurl=https://packagecloud.io/crowdsec/crowdsec/el/{{ ansible_distribution_major_version }}/$basearch 4 | repo_gpgcheck=1 5 | gpgcheck=1 6 | enabled=1 7 | gpgkey=https://packagecloud.io/crowdsec/crowdsec/gpgkey 8 | https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-EDE2C695EC9A5A5C.pub.gpg 9 | https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-C822EDD6B39954A1.pub.gpg 10 | https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg 11 | sslverify=1 12 | sslcacert=/etc/pki/tls/certs/ca-bundle.crt 13 | metadata_expire=300 14 | -------------------------------------------------------------------------------- /tasks/debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update apt and install curl gnupg apt-transport-https 3 | package: 4 | update_cache: yes 5 | name: 6 | - curl 7 | - gnupg 8 | - apt-transport-https 9 | - debian-archive-keyring 10 | - nftables 11 | state: present 12 | 13 | - name: Start nftables services 14 | service: 15 | name: nftables 16 | state: started 17 | enabled: yes 18 | when: default_os_firewall == 'nftables' 19 | 20 | - name: Crowdsec Add GPG apt Key 21 | apt_key: 22 | url: https://packagecloud.io/crowdsec/crowdsec/gpgkey 23 | state: present 24 | 25 | - name: Crowdsec Add Repository 26 | apt_repository: 27 | repo: "deb https://packagecloud.io/crowdsec/crowdsec/{{ ansible_distribution | lower }} {{ansible_distribution_release | lower}} main" 28 | state: present 29 | 30 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | role_name: crowdsec 4 | author: Alf149 5 | description: This Ansibel roles installs Crowdsec incl. hub, collections, scenarios, postoverflows, parsers, bouncers and prometheus endpoint. 6 | license: license (MIT) 7 | min_ansible_version: '2.12' 8 | platforms: 9 | - name: Ubuntu 10 | versions: 11 | - bionic #18.04 LTS 12 | - focal #20.04 LTS 13 | - impish #21.10 14 | - jammy #22.04 LTS Not tested 15 | - name: Debian 16 | versions: 17 | - bookworm # 12 18 | - bullseye # 11 19 | - name: EL 20 | versions: 21 | - '9' #Rocky & alma Linux og Oracle Linux 22 | - '8' #Rocky & alma Linux og Oracle Linux 23 | - '7' #Oracle Linux 24 | galaxy_tags: 25 | - server 26 | - crowdsec 27 | - security 28 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 alf149 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /tasks/lapi_agent.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Crowdsec - ajust /etc/crowdsec/config.yaml listen_uri lapi 3 | replace: 4 | path: "/etc/crowdsec/config.yaml" 5 | regexp: 'listen_uri: 127.0.0.1:8080' 6 | replace: "listen_uri: {{ crowdsec_lapi_ip }}:8080" 7 | backup: yes 8 | 9 | - name: Crowdsec - local_api_credentials.yaml template for lapi server 10 | template: 11 | src: templates/cs_local_api_credentials.j2 12 | dest: /etc/crowdsec/local_api_credentials.yaml 13 | owner: root 14 | group: root 15 | mode: 0644 16 | 17 | - name: Crowdsec - copy /lib/systemd/system/crowdsec.service 18 | copy: 19 | src: /lib/systemd/system/crowdsec.service 20 | dest: /etc/systemd/system/crowdsec.service 21 | remote_src: yes 22 | 23 | - name: Crowdsec - edit /etc/systemd/system/crowdsec.service -no-api on agent 24 | replace: 25 | path: "/etc/systemd/system/crowdsec.service" 26 | regexp: 'ExecStart=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml' 27 | replace: 'ExecStart=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml -no-api' 28 | backup: yes 29 | 30 | - name: crowdsec - daemon reload and restart 31 | ansible.builtin.systemd: 32 | state: restarted 33 | daemon_reload: yes 34 | name: crowdsec 35 | 36 | - name: Crowdsec - enable and start services 37 | service: 38 | name: crowdsec 39 | state: started 40 | enabled: true 41 | -------------------------------------------------------------------------------- /templates/cs_config _org.j2: -------------------------------------------------------------------------------- 1 | common: 2 | daemonize: true 3 | log_media: file 4 | log_level: info 5 | log_dir: /var/log/ 6 | working_dir: . 7 | config_paths: 8 | config_dir: /etc/crowdsec/ 9 | data_dir: /var/lib/crowdsec/data/ 10 | simulation_path: /etc/crowdsec/simulation.yaml 11 | hub_dir: /etc/crowdsec/hub/ 12 | index_path: /etc/crowdsec/hub/.index.json 13 | notification_dir: /etc/crowdsec/notifications/ 14 | plugin_dir: /usr/lib/crowdsec/plugins/ 15 | crowdsec_service: 16 | acquisition_path: /etc/crowdsec/acquis.yaml 17 | parser_routines: 1 18 | cscli: 19 | output: human 20 | db_config: 21 | log_level: info 22 | type: sqlite 23 | db_path: /var/lib/crowdsec/data/crowdsec.db 24 | #max_open_conns: 100 25 | #user: 26 | #password: 27 | #db_name: 28 | #host: 29 | #port: 30 | flush: 31 | max_items: 5000 32 | max_age: 7d 33 | plugin_config: 34 | user: nobody # plugin process would be ran on behalf of this user 35 | group: nogroup # plugin process would be ran on behalf of this group 36 | api: 37 | client: 38 | insecure_skip_verify: false 39 | credentials_path: /etc/crowdsec/local_api_credentials.yaml 40 | server: 41 | log_level: info 42 | listen_uri: 192.168.56.11:8080 43 | profiles_path: /etc/crowdsec/profiles.yaml 44 | console_path: /etc/crowdsec/console.yaml 45 | online_client: # Central API credentials (to push signals and receive bad IPs) 46 | credentials_path: /etc/crowdsec/online_api_credentials.yaml 47 | trusted_ips: # IP ranges, or IPs which can have admin API access 48 | - 127.0.0.1 49 | - ::1 50 | # tls: 51 | # cert_file: /etc/crowdsec/ssl/cert.pem 52 | # key_file: /etc/crowdsec/ssl/key.pem 53 | prometheus: 54 | enabled: true 55 | level: full 56 | listen_addr: 127.0.0.1 57 | listen_port: 6060 58 | -------------------------------------------------------------------------------- /templates/cs_config.j2: -------------------------------------------------------------------------------- 1 | common: 2 | daemonize: true 3 | log_media: file 4 | log_level: info 5 | log_dir: /var/log/ 6 | working_dir: . 7 | config_paths: 8 | config_dir: /etc/crowdsec/ 9 | data_dir: /var/lib/crowdsec/data/ 10 | simulation_path: /etc/crowdsec/simulation.yaml 11 | hub_dir: /etc/crowdsec/hub/ 12 | index_path: /etc/crowdsec/hub/.index.json 13 | notification_dir: /etc/crowdsec/notifications/ 14 | plugin_dir: /usr/lib/crowdsec/plugins/ 15 | crowdsec_service: 16 | acquisition_path: /etc/crowdsec/acquis.yaml 17 | parser_routines: 1 18 | cscli: 19 | output: human 20 | db_config: 21 | log_level: info 22 | type: postgres 23 | user: {{ crowdsec_psql_db_user }} 24 | password: "{{ crowdsec_psql_db_password }}" 25 | db_name: {{ crowdsec_psql_db_name }} 26 | host: 127.0.0.1 27 | port: 5432 28 | flush: 29 | max_items: 5000 30 | max_age: 7d 31 | plugin_config: 32 | user: nobody # plugin process would be ran on behalf of this user 33 | group: nogroup # plugin process would be ran on behalf of this group 34 | api: 35 | client: 36 | insecure_skip_verify: false 37 | credentials_path: /etc/crowdsec/local_api_credentials.yaml 38 | server: 39 | log_level: info 40 | listen_uri: {{ crowdsec_lapi_ip }}:8080 41 | profiles_path: /etc/crowdsec/profiles.yaml 42 | console_path: /etc/crowdsec/console.yaml 43 | online_client: # Central API credentials (to push signals and receive bad IPs) 44 | credentials_path: /etc/crowdsec/online_api_credentials.yaml 45 | trusted_ips: # IP ranges, or IPs which can have admin API access 46 | - 127.0.0.1 47 | - ::1 48 | # tls: 49 | # cert_file: /etc/crowdsec/ssl/cert.pem 50 | # key_file: /etc/crowdsec/ssl/key.pem 51 | prometheus: 52 | enabled: true 53 | level: full 54 | listen_addr: 127.0.0.1 55 | listen_port: 6060 56 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # !!! NOT maintained anymore !!! 2 | 3 | # Crowdsec 4 | This ansible roles installs Crowdsec incl. hub, collections, scenarios, postoverflows, parsers, bouncers and prometheus endpoint. 5 | 6 | ## Requirements 7 | Ansible master running version 2.12 8 | 9 | Tested on: 10 | ```yaml 11 | platforms: 12 | - name: Ubuntu 13 | versions: 14 | - bionic #18.04 LTS 15 | - focal #20.04 LTS 16 | - impish #21.10 17 | - jammy #22.04 LTS Not tested 18 | - name: Debian 19 | versions: 20 | - bookworm # 12 21 | - bullseye # 11 22 | - name: EL 23 | versions: 24 | - '8' #Rocky & alma Linux og Oracle Linux 25 | - '7' #Oracle Linux 26 | ``` 27 | 28 | ## how to install. 29 | I use ansible-galaxy do make a requirements.yml 30 | ```yaml 31 | roles: 32 | - geerlingguy.security 33 | - alf149.crowdsec 34 | ``` 35 | And run 36 | `ansible-galaxy install -r requirements.yml` This wil import this role to your ansible projekt. 37 | 38 | 39 | ## Role Variables 40 | Available variables with default values (see `defaults/main.yml`) 41 | variables can be host specific in group_vars/host.yml 42 | 43 | ## Example Playbook 44 | ```yaml 45 | - hosts: all 46 | 47 | vars: 48 | cs_ban_duration: "duration: 4h" # PROD eg. 10m for testing 49 | 50 | roles: 51 | - alf149.crowdsec 52 | ``` 53 | 54 | ## Manual tasks could be handy 55 | ansible HOST -m shell -a "sudo cscli parsers install crowdsecurity/whitelists --force" 56 | ansible 'group' -m shell -a "sudo cscli parsers remove crowdsecurity/whitelists --force" 57 | ansible 'group' -m shell -a "sudo systemctl reload crowdsec" 58 | 59 | ## TODO 60 | - Test on Windows server 61 | - Maby autodetect nftables/iptables and load the correct bouncer. 62 | 63 | ## Error reporting. 64 | Use github issues or make a PR. 65 | 66 | ## Author Information 67 | ------------------ 68 | 69 | [Alf149](https://github.com/alf149) 70 | -------------------------------------------------------------------------------- /tasks/lapi_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Crowdsec - ajust /etc/crowdsec/config.yaml listen_uri lapi 3 | replace: 4 | path: "/etc/crowdsec/config.yaml" 5 | regexp: 'listen_uri: 127.0.0.1:8080' 6 | replace: "listen_uri: {{ crowdsec_lapi_ip }}:8080" 7 | backup: yes 8 | 9 | - name: Crowdsec - apt update and install postgresql 10 | package: 11 | update_cache: yes 12 | name: 13 | - postgresql 14 | - python3-psycopg2 15 | state: present 16 | 17 | - name: Crowdsec - postgresql enable and start services 18 | service: 19 | name: postgresql 20 | state: started 21 | enabled: true 22 | 23 | - name: Crowdsec - create crowdsec database 24 | postgresql_db: 25 | state: present 26 | name: "{{ crowdsec_psql_db_name }}" 27 | become: true 28 | become_user: postgres 29 | 30 | - name: Crowdsec - create crowdsec db userc 31 | postgresql_user: 32 | state: present 33 | name: "{{ crowdsec_psql_db_user }}" 34 | password: "{{ crowdsec_psql_db_password }}" 35 | become: true 36 | become_user: postgres 37 | 38 | - name: Crowdsec - grant db user access to app db 39 | postgresql_privs: 40 | type: database 41 | database: "{{ crowdsec_psql_db_name }}" 42 | roles: "{{ crowdsec_psql_db_user }}" 43 | grant_option: no 44 | privs: all 45 | become: true 46 | become_user: postgres 47 | 48 | - name: Crowdsec - /etc/crowdsec/config.yaml template for lapi server 49 | template: 50 | src: templates/cs_config.j2 51 | dest: /etc/crowdsec/config.yaml 52 | owner: root 53 | group: root 54 | mode: 0644 55 | 56 | - name: Crowdsec - cscli machines add cs_agents on server 57 | command: 58 | cmd: "sudo cscli machines add {{ inventory_hostname }} -p {{ crowdsec_agent_hosts_password }} -u http://{{ crowdsec_lapi_ip }}:8080 --force" 59 | 60 | - name: Crowdsec - cscli machines add cs_agents 61 | command: 62 | cmd: "sudo cscli machines add {{ item }} -p {{ crowdsec_agent_hosts_password }} -u http://{{ crowdsec_lapi_ip }}:8080 -f ~/{{ item}}_local_api_credentials.yaml --force" 63 | loop: "{{ crowdsec_agent_hosts }}" 64 | 65 | - name: crowdsec - daemon reload and restart 66 | ansible.builtin.systemd: 67 | state: restarted 68 | daemon_reload: yes 69 | name: crowdsec 70 | 71 | - name: Crowdsec - enable and start services 72 | service: 73 | name: crowdsec 74 | state: started 75 | enabled: true 76 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | default_os_firewall: "nftables" 3 | crowdsec_install_firewall_bouncer: true 4 | 5 | cs_collections_list: 6 | - crowdsecurity/nginx 7 | - crowdsecurity/apache2 8 | - crowdsecurity/sshd 9 | - crowdsecurity/linux 10 | - crowdsecurity/iptables 11 | - crowdsecurity/http-cve 12 | 13 | cs_collections_remove_list: [] 14 | # eg. 15 | # cs_collections_remove_list: 16 | # - crowdsecurity/http-cve 17 | 18 | cs_scenarios_list: 19 | - crowdsecurity/apache_log4j2_cve-2021-44228 20 | - crowdsecurity/http-cve-2021-42013 21 | 22 | cs_scenarios_remove_list: [] 23 | # eg. 24 | # cs_scenarios_remove_list: 25 | # - crowdsecurity/apache_log4j2_cve-2021-44228 26 | 27 | cs_parsers_list: 28 | - crowdsecurity/docker-logs 29 | - crowdsecurity/apache2-logs 30 | - crowdsecurity/whitelists 31 | 32 | cs_parsers_remove_list: [] 33 | # eg. 34 | # parsers_remove_list: 35 | # - crowdsecurity/whitelists 36 | 37 | cs_postoverflows_list: 38 | - crowdsecurity/cdn-whitelist 39 | - crowdsecurity/seo-bots-whitelist 40 | 41 | cs_postoverflows_remove_list: [] 42 | # eg. 43 | # cs_postoverflows_remove_list: 44 | # - crowdsecurity/seo-bots-whitelist 45 | 46 | cs_ban_duration: "duration: 4h" # PROD eg. 10m for testing 47 | 48 | cs_prometheus_endpoint: "enabled: true" 49 | 50 | cs_acquis_addon: | 51 | --- 52 | source: journalctl 53 | journalctl_filter: 54 | - "_SYSTEMD_UNIT=ssh.service" 55 | labels: 56 | type: journald" 57 | --- 58 | 59 | cs_parsers_mywhitelists_ip: | 60 | - "142.250.74.142" # Google IPV4 as a test 61 | - "2a00:1450:400f:800::200e" Google IPV6 as a test 62 | 63 | cs_parsers_mywhitelists_cidr: | 64 | - "192.168.0.0/16" 65 | - "10.0.0.0/8" 66 | 67 | # LAPI server in host vars... 68 | # enable_crowdsec: true 69 | # crowdsec_install_firewall_bouncer: true 70 | # crowdsec_lapi_server: true 71 | # crowdsec_lapi_agent: true 72 | # crowdsec_lapi_ip: 192.168.56.11 73 | # crowdsec_agent_hosts: 74 | # - srv02.test 75 | # - srv03.test 76 | # - srv04.test 77 | # crowdsec_agent_hosts_password: 'VeryLongPasswordShouldBeRandomChangeme2022!' 78 | # crowdsec_psql_db_user: crowdsec 79 | # crowdsec_psql_db_password: 'VeryLongPasswordPsqlChangeme2022!' 80 | # crowdsec_psql_db_name: crowdsec 81 | 82 | # LAPI agent in host vars... 83 | # enable_crowdsec: true 84 | # crowdsec_install_firewall_bouncer: true 85 | # crowdsec_lapi_agent: true 86 | # crowdsec_lapi_ip: 192.168.56.11 87 | # crowdsec_agent_hosts_password: 'VeryLongPasswordShouldBeRandomChangeme2022!' 88 | 89 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: debian 3 | include_tasks: debian.yml 4 | when: ansible_os_family | lower == "debian" 5 | 6 | - name: redhat>7 7 | include_tasks: redhat.yml 8 | when: 9 | - ansible_os_family | lower == "redhat" 10 | - ansible_distribution_major_version >= '8' 11 | 12 | - name: redhat7 13 | include_tasks: redhat7.yml 14 | when: 15 | - ansible_os_family | lower == "redhat" 16 | - ansible_distribution_major_version == '7' 17 | 18 | - name: Apt update and install Crowdsec 19 | package: 20 | update_cache: yes 21 | name: crowdsec 22 | state: present 23 | 24 | - name: Crowdsec-firewall-bouncer-nftables 25 | package: 26 | update_cache: yes 27 | name: crowdsec-firewall-bouncer-nftables 28 | state: present 29 | when: 30 | - crowdsec_install_firewall_bouncer == true 31 | - ansible_os_family | lower == "debian" 32 | 33 | - name: Crowdsec-firewall-bouncer-iptables 34 | package: 35 | update_cache: yes 36 | name: crowdsec-firewall-bouncer-iptables 37 | state: present 38 | when: 39 | - ansible_os_family | lower == "redhat" 40 | - ansible_distribution_major_version == '7' 41 | - crowdsec_install_firewall_bouncer == true 42 | 43 | # Update / upgrade 44 | - name: cscli hub update 45 | command: 46 | cmd: cscli hub update 47 | changed_when: false 48 | 49 | - name: cscli hub upgrade 50 | command: 51 | cmd: cscli hub upgrade 52 | register: hub_upgrade_result 53 | changed_when: false 54 | 55 | # collections 56 | - name: crowdsec - install collections 57 | command: 58 | cmd: "sudo cscli collections install {{ item }}" 59 | with_items: "{{ cs_collections_list }}" 60 | register: collections_install_result 61 | changed_when: "'overwrite' not in collections_install_result.stderr" 62 | when: cs_collections_list | length > 0 63 | 64 | - name: crowdsec - remove collections 65 | command: 66 | cmd: "sudo cscli collections remove {{ item }}" 67 | with_items: "{{ cs_collections_remove_list }}" 68 | register: collections_remove_result 69 | changed_when: "'sudo systemctl reload crowdsec' in collections_remove_result.stderr" 70 | when: cs_collections_remove_list | length > 0 71 | 72 | # scenarios 73 | - name: crowdsec - install scenarios 74 | command: 75 | cmd: "sudo cscli scenarios install {{ item }}" 76 | with_items: "{{ cs_scenarios_list }}" 77 | register: scenarios_install_result 78 | changed_when: "'overwrite' not in scenarios_install_result.stderr" 79 | when: cs_scenarios_list | length > 0 80 | 81 | - name: crowdsec - remove scenarios 82 | command: 83 | cmd: "sudo cscli scenarios remove {{ item }}" 84 | with_items: "{{ cs_scenarios_remove_list }}" 85 | register: scenarios_remove_result 86 | changed_when: "'sudo systemctl reload crowdsec' in scenarios_remove_result.stderr" 87 | when: cs_scenarios_remove_list | length > 0 88 | 89 | # parsers 90 | - name: crowdsec - install parsers 91 | command: 92 | cmd: "sudo cscli parsers install {{ item }}" 93 | with_items: "{{ cs_parsers_list }}" 94 | register: parsers_install_result 95 | changed_when: "'overwrite' not in parsers_install_result.stderr" 96 | when: cs_parsers_list | length > 0 97 | 98 | - name: crowdsec - remove parsers 99 | command: 100 | cmd: "sudo cscli parsers remove {{ item }}" 101 | with_items: "{{ cs_parsers_remove_list }}" 102 | register: parsers_remove_result 103 | changed_when: "'sudo systemctl reload crowdsec' in parsers_remove_result.stderr" 104 | when: cs_parsers_remove_list | length > 0 105 | 106 | # postoverflows 107 | - name: crowdsec - install postoverflows 108 | command: 109 | cmd: "sudo cscli postoverflows install {{ item }}" 110 | with_items: "{{ cs_postoverflows_list }}" 111 | register: postoverflows_install_result 112 | changed_when: "'overwrite' not in postoverflows_install_result.stderr" 113 | when: cs_postoverflows_list | length > 0 114 | 115 | - name: crowdsec - remove postoverflows 116 | command: 117 | cmd: "sudo cscli postoverflows remove {{ item }}" 118 | with_items: "{{ cs_postoverflows_remove_list }}" 119 | register: postoverflows_remove_result 120 | changed_when: "'sudo systemctl reload crowdsec' in postoverflows_remove_result.stderr" 121 | when: cs_postoverflows_remove_list | length > 0 122 | 123 | ### Config files 124 | - name: crowdsec - enable/disable the Prometheus endpoint 125 | replace: 126 | path: "/etc/crowdsec/config.yaml" 127 | after: "prometheus:" 128 | regexp: 'enabled:.*$' 129 | replace: "{{ cs_prometheus_endpoint }}" 130 | backup: yes 131 | 132 | - name: crowdsec - ajust ban time 133 | replace: 134 | path: "/etc/crowdsec/profiles.yaml" 135 | after: "- type: ban" 136 | regexp: 'duration: [0-9].*$' 137 | replace: "{{ cs_ban_duration }}" 138 | backup: yes 139 | 140 | - name: crowdsec - add jounalctl ssh to acquis.yaml 141 | blockinfile: 142 | path: /etc/crowdsec/acquis.yaml 143 | insertafter: EOF 144 | block: "{{ cs_acquis_addon }}" 145 | backup: yes 146 | 147 | - name: crowdsec - cscli bash completion 148 | ansible.builtin.shell: "cscli completion bash | sudo tee /etc/bash_completion.d/cscli" 149 | register: bash_completion_result 150 | changed_when: "'# bash completion for' not in bash_completion_result.stdout" 151 | failed_when: "'Error' in bash_completion_result.stderr" 152 | 153 | - name: Crowdsec enable and start services 154 | service: 155 | name: crowdsec 156 | state: started 157 | enabled: true 158 | when: 159 | - enable_crowdsec == true 160 | 161 | - name: crowdsec-firewall-bouncer enable and start services 162 | service: 163 | name: crowdsec-firewall-bouncer 164 | state: started 165 | enabled: true 166 | when: 167 | - crowdsec_install_firewall_bouncer == true 168 | 169 | ### ------------ #### 170 | # Muti server setup # 171 | 172 | - name: Crowdsec - LAPI server setup 173 | include_tasks: lapi_server.yml 174 | when: 175 | - inventory_hostname in groups["cs_lapi_server"] 176 | 177 | - name: Crowdsec - LAPI agent setup 178 | include_tasks: lapi_agent.yml 179 | when: 180 | - inventory_hostname in groups["cs_agents"] 181 | 182 | 183 | --------------------------------------------------------------------------------