search

crowdsecurity / crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
https://crowdsec.net
MIT License
8.1k stars 419 forks source link

Packaging crowdsec for openSUSE: Is it possible to move the patterns out of /etc/? #3048

Closed johanneskastl closed 3 weeks ago

johanneskastl commented 3 weeks ago

I started packaging crowdsec for openSUSE, as I wanted to start using it on my servers.

I found the spec file in the repo, however I have a question:

To me it looks like the content of the /etc/crowdsec/patterns/ directory is supplied by the package and will be overwritten on the next package update (i.e. not marked as %config(noreplace) ).

https://github.com/crowdsecurity/crowdsec/blob/master/rpm/SPECS/crowdsec.spec#L93

With the rise of immutable distributions and thinks like read-only filesystems, packages writing to /etc/ should be avoided.

I found that I could change some locations in the configuration file, but not the patterns.

Is it possible to move the patterns to e.g. /usr/share/crowdsec/?

Thanks in advance!

Johannes

github-actions[bot] commented 3 weeks ago

@johanneskastl: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
github-actions[bot] commented 3 weeks ago

@johanneskastl: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
johanneskastl commented 3 weeks ago

/kind packaging

LaurenceJJones commented 3 weeks ago

As of PR https://github.com/crowdsecurity/crowdsec/pull/2868 you can add a configuration option to change the location. Which is released in 1.6.2

We failed to add this to the documentation so we should do that.

johanneskastl commented 3 weeks ago

Thanks for the fast reply! If I understand the PR correctly, I can use something like this in the configuration file config.yaml?

config_paths:
  config_dir: /etc/crowdsec/
  data_dir: /var/lib/crowdsec/data/
  [...]
  pattern_dir: /usr/share/crowdsec/patterns/

I noticed the PR title has patternS_dir with an S, while the configuration option seems to use it without the s: pattern_dir. I take it that the code wins and the PR title is wrong?

LaurenceJJones commented 3 weeks ago

Thanks for the fast reply! If I understand the PR correctly, I can use something like this in the configuration file config.yaml?

config_paths:
  config_dir: /etc/crowdsec/
  data_dir: /var/lib/crowdsec/data/
  [...]
  pattern_dir: /usr/share/crowdsec/patterns/

I noticed the PR title has patternS_dir with an S, while the configuration option seems to use it without the s: pattern_dir. I take it that the code wins and the PR title is wrong?

Sorry been busy, yes code is key so if you see its that then the title is incorrect. Here the updated docs page: https://github.com/crowdsecurity/crowdsec-docs/pull/575