Closed d03j closed 10 months ago
@d03j: Thanks for opening an issue, it is currently awaiting triage.
In the meantime, you can:
Hey 👋🏻
Thank you for opening an issue, so my main theory is because you are using an alias rather than the cscli binary the fd are inside the container rather than on disc.
Here is the commands via cscli installed on host:
root@bullseye:~# cat ~/.bashrc
# ~/.bashrc: executed by bash(1) for non-login shells.
# Note: PS1 and umask are already set in /etc/profile. You should not
# need this unless you want different defaults for root.
# PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ '
# umask 022
# You may uncomment the following lines if you want `ls' to be colorized:
# export LS_OPTIONS='--color=auto'
# eval "$(dircolors)"
# alias ls='ls $LS_OPTIONS'
# alias ll='ls $LS_OPTIONS -l'
# alias l='ls $LS_OPTIONS -lA'
#
# Some more alias to avoid making mistakes:
# alias rm='rm -i'
# alias cp='cp -i'
# alias mv='mv -i'
if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
. /etc/bash_completion
fi
root@bullseye:~# source <(cscli completion bash)
root@bullseye:~# cscli
alerts completion decisions hubtest notifications simulation
bouncers config explain lapi parsers support
capi console help machines postoverflows version
collections dashboard hub metrics scenarios
root@bullseye:~# cscli
Via just running podman:
root@bullseye:~# cat ~/.bashrc
# ~/.bashrc: executed by bash(1) for non-login shells.
# Note: PS1 and umask are already set in /etc/profile. You should not
# need this unless you want different defaults for root.
# PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ '
# umask 022
# You may uncomment the following lines if you want `ls' to be colorized:
# export LS_OPTIONS='--color=auto'
# eval "$(dircolors)"
# alias ls='ls $LS_OPTIONS'
# alias ll='ls $LS_OPTIONS -l'
# alias l='ls $LS_OPTIONS -lA'
#
# Some more alias to avoid making mistakes:
# alias rm='rm -i'
# alias cp='cp -i'
# alias mv='mv -i'
if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
. /etc/bash_completion
fi
root@bullseye:~# podman run -d docker://crowdsecurity/crowdsec:v1.5.4
root@bullseye:~# alias cscli='podman exec -lit cscli'
root@bullseye:~# cscli
cscli is the main command to interact with your crowdsec service, scenarios & db.
It is meant to allow you to manage bans, parsers/scenarios/etc, api and generally manage you crowdsec setup.
Usage:
cscli [command]
Available Commands:
alerts Manage alerts
bouncers Manage bouncers [requires local API]
capi Manage interaction with Central API (CAPI)
collections Manage collections from hub
completion Generate completion script
config Allows to view current config
console Manage interaction with Crowdsec console (https://app.crowdsec.net)
dashboard Manage your metabase dashboard container [requires local API]
decisions Manage decisions
explain Explain log pipeline
help Help about any command
hub Manage Hub
hubtest Run functional tests on hub configurations
lapi Manage interaction with Local API (LAPI)
machines Manage local API machines [requires local API]
metrics Display crowdsec prometheus metrics.
notifications Helper for notification plugin configuration
parsers Install/Remove/Upgrade/Inspect parser(s) from hub
postoverflows Install/Remove/Upgrade/Inspect postoverflow(s) from hub
scenarios Install/Remove/Upgrade/Inspect scenario(s) from hub
simulation Manage simulation status of scenarios
support Provide commands to help during support
version Display version
Flags:
-c, --config string path to crowdsec config file (default "/etc/crowdsec/config.yaml")
-o, --output string Output format: human, json, raw
--color string Output color: yes, no, auto (default "auto")
--debug Set logging to debug
--info Set logging to info
--warning Set logging to warning
--error Set logging to error
--trace Set logging to trace
-h, --help help for cscli
Use "cscli [command] --help" for more information about a command.
root@bullseye:~# source <(cscli completion bash)
bash: $'\r': command not found
bash: /dev/fd/63: line 3: syntax error near unexpected token `$'\r''
'ash: /dev/fd/63: line 3: `__cscli_debug()
So the issue is the container layer between the host. We never tested the completion like this.
Edit: looking deeper it most likely would never work since some completions rely on the binary having two way sync. Other workaround is installing just the cscli binary on the host. However, we dont have this documented anywhere so this should be improved on.
Updated the title to reflect the contents of the issue
A slight workaround, however, I cant confirm all functionality will work
cd /tmp
wget -qO- https://github.com/crowdsecurity/crowdsec/releases/download/v1.5.5/crowdsec-release.tgz | tar xz
cd crowdsec*
./cmd/crowdsec-cli/cscli completion bash | sudo tee /etc/bash_completion.d/cscli
thanks! I'll have a look and report back.
FYI - I'm running podman instead of docker so I can run rootless containers. I suspect that might be relatively common amongst docker users. otherwise why not stay with docker? I know it makes no difference in this case. Just mentioning it for future cases where you test a container on docker, as you may want to check if it works when ran by a non root user.
A slight workaround, however, I cant confirm all functionality will work
cd /tmp wget -qO- https://github.com/crowdsecurity/crowdsec/releases/download/v1.5.5/crowdsec-release.tgz | tar xz cd crowdsec* ./cmd/crowdsec-cli/cscli completion bash | sudo tee /etc/bash_completion.d/cscli
follow the above, add
source .bashrc
and it works like a charm!
Thank you!
What happened?
$ source <(cscli completion bash) : command not found -bash: /dev/fd/63: line 3: syntax error near unexpected token
$'\r'' 'bash: /dev/fd/63: line 3:
__cscli_debug()I got the same error after trying $ cscli completion bash | sudo tee /etc/bash_completion.d/cscli $ source ~/.bashrc
my bash completion for other commands is working and I got the same errors when repeating my steps after $ source /etc/profile
What did you expect to happen?
no errors to be raised and autocompletion to work.
How can we reproduce it (as minimally and precisely as possible)?
$ source <(cscli completion bash)
Anything else we need to know?
I'm running crowdsec o podman and "cscli" is an alias in my ~/.bash_aliases file:
alias cscli='podman exec -t crowdsec cscli'
Crowdsec version
OS version
Enabled collections and parsers
Acquisition config
Config show
Prometheus metrics
Acquisition Metrics: ╭───────────────────────────────────┬────────────┬──────────────┬────────────────┬────────────────────────╮ │ Source │ Lines read │ Lines parsed │ Lines unparsed │ Lines poured to bucket │ ├───────────────────────────────────┼────────────┼──────────────┼────────────────┼────────────────────────┤ │ file:/logs/web/traefik-access.log │ 48 │ 48 │ - │ - │ ╰───────────────────────────────────┴────────────┴──────────────┴────────────────┴────────────────────────╯
Parser Metrics: ╭──────────────────────────────────┬──────┬────────┬──────────╮ │ Parsers │ Hits │ Parsed │ Unparsed │ ├──────────────────────────────────┼──────┼────────┼──────────┤ │ child-crowdsecurity/http-logs │ 144 │ 96 │ 48 │ │ child-crowdsecurity/traefik-logs │ 96 │ 48 │ 48 │ │ crowdsecurity/dateparse-enrich │ 48 │ 48 │ - │ │ crowdsecurity/geoip-enrich │ 48 │ 48 │ - │ │ crowdsecurity/http-logs │ 48 │ 48 │ - │ │ crowdsecurity/non-syslog │ 48 │ 48 │ - │ │ crowdsecurity/traefik-logs │ 48 │ 48 │ - │ │ crowdsecurity/whitelists │ 48 │ 48 │ - │ ╰──────────────────────────────────┴──────┴────────┴──────────╯
Local API Metrics: ╭──────────────────────┬────────┬──────╮ │ Route │ Method │ Hits │ ├──────────────────────┼────────┼──────┤ │ /v1/decisions/stream │ GET │ 293 │ │ /v1/heartbeat │ GET │ 48 │ │ /v1/watchers/login │ POST │ 1 │ ╰──────────────────────┴────────┴──────╯
Local API Machines Metrics: ╭───────────┬───────────────┬────────┬──────╮ │ Machine │ Route │ Method │ Hits │ ├───────────┼───────────────┼────────┼──────┤ │ localhost │ /v1/heartbeat │ GET │ 48 │ ╰───────────┴───────────────┴────────┴──────╯
Local API Bouncers Metrics: ╭────────────────────────────┬──────────────────────┬────────┬──────╮ │ Bouncer │ Route │ Method │ Hits │ ├────────────────────────────┼──────────────────────┼────────┼──────┤ │ firewall-bouncer │ /v1/decisions/stream │ GET │ 293 │ ╰────────────────────────────┴──────────────────────┴────────┴──────╯
Local API Decisions: ╭────────────────────────────────────────────┬────────┬────────┬───────╮ │ Reason │ Origin │ Action │ Count │ ├────────────────────────────────────────────┼────────┼────────┼───────┤ │ crowdsecurity/CVE-2023-22515 │ CAPI │ ban │ 3 │ │ crowdsecurity/http-backdoors-attempts │ CAPI │ ban │ 749 │ │ crowdsecurity/http-bad-user-agent │ CAPI │ ban │ 5545 │ │ firehol_botscout_7d │ lists │ ban │ 3163 │ │ crowdsecurity/CVE-2022-26134 │ CAPI │ ban │ 178 │ │ crowdsecurity/http-sensitive-files │ CAPI │ ban │ 17 │ │ crowdsecurity/ssh-bf │ CAPI │ ban │ 17928 │ │ crowdsecurity/http-open-proxy │ CAPI │ ban │ 543 │ │ crowdsecurity/ssh-slow-bf │ CAPI │ ban │ 18 │ │ ltsich/http-w00tw00t │ CAPI │ ban │ 2 │ │ crowdsecurity/f5-big-ip-cve-2020-5902 │ CAPI │ ban │ 33 │ │ crowdsecurity/nginx-req-limit-exceeded │ CAPI │ ban │ 107 │ │ crowdsecurity/CVE-2019-18935 │ CAPI │ ban │ 50 │ │ crowdsecurity/apache_log4j2_cve-2021-44228 │ CAPI │ ban │ 430 │ │ crowdsecurity/http-crawl-non_statics │ CAPI │ ban │ 499 │ │ crowdsecurity/http-cve-2021-41773 │ CAPI │ ban │ 32 │ │ crowdsecurity/iptables-scan-multi_ports │ CAPI │ ban │ 312 │ │ firehol_cruzit_web_attacks │ lists │ ban │ 13252 │ │ crowdsecurity/CVE-2022-37042 │ CAPI │ ban │ 21 │ │ crowdsecurity/fortinet-cve-2018-13379 │ CAPI │ ban │ 112 │ │ crowdsecurity/grafana-cve-2021-43798 │ CAPI │ ban │ 64 │ │ crowdsecurity/http-path-traversal-probing │ CAPI │ ban │ 64 │ │ crowdsecurity/netgear_rce │ CAPI │ ban │ 41 │ │ crowdsecurity/CVE-2022-41082 │ CAPI │ ban │ 954 │ │ crowdsecurity/CVE-2022-42889 │ CAPI │ ban │ 15 │ │ crowdsecurity/http-probing │ CAPI │ ban │ 1792 │ │ crowdsecurity/jira_cve-2021-26086 │ CAPI │ ban │ 29 │ │ crowdsecurity/CVE-2022-35914 │ CAPI │ ban │ 54 │ │ crowdsecurity/http-generic-bf │ CAPI │ ban │ 22 │ │ crowdsecurity/thinkphp-cve-2018-20062 │ CAPI │ ban │ 57 │ │ http probe │ cscli │ ban │ 30 │ │ otx-webscanners │ lists │ ban │ 9302 │ ╰────────────────────────────────────────────┴────────┴────────┴───────╯
Local API Alerts: ╭────────────┬───────╮ │ Reason │ Count │ ├────────────┼───────┤ │ http probe │ 154 │ ╰────────────┴───────╯
Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.