Docker container requires restart right after creation

What happened?

When creating Docker container for the first time, you can see some warnings/errors in logs like

time="2024-07-08T08:53:48Z" level=warning msg="scenario list is empty, will not pull yet"
time="2024-07-08T08:53:49Z" level=error msg="open /var/lib/crowdsec/data/cloudflare_ips.txt: no such file or directory"
time="2024-07-08T08:53:49Z" level=error msg="open /var/lib/crowdsec/data/cloudflare_ip6s.txt: no such file or directory"
time="2024-07-08T08:53:49Z" level=error msg="open /var/lib/crowdsec/data/rdns_seo_bots.txt: no such file or directory"
time="2024-07-08T08:53:49Z" level=error msg="open /var/lib/crowdsec/data/rdns_seo_bots.regex: no such file or directory"
time="2024-07-08T08:53:49Z" level=error msg="open /var/lib/crowdsec/data/ip_seo_bots.txt: no such file or directory"

Not sure about the first one, but the rest seem strange, because these files are created in staging before we get to this point (or at least it looks that way), and copying of the files from there should be happening after collections installation, if I am reading docker_start.sh correctly. As result to truly utilize the container I am forced to restart it (or at the least the CrowdSec service). Technically, the same is required in case I update Docker Compose and add/remove some collections/parsers/configs. Need for restart may not be obvious, though, if the output if I do up -d, and the output from CrowdSec goes to container, instead of file. And technically, this should not even be required, since the service is not even up yet.

What did you expect to happen?

The

rsync -av --ignore-existing /staging/etc/crowdsec/* /etc/crowdsec

should happen after components installation/removal, that is after

if [ "$DISABLE_APPSEC_RULES" != "" ]; then
    # shellcheck disable=SC2086
    cscli_if_clean appsec-rules remove "$DISABLE_APPSEC_RULES" --force
fi

How can we reproduce it (as minimally and precisely as possible)?

Have a docker compose service like this:

  crowdsec:
    #Based on https://github.com/crowdsecurity/example-docker-compose/tree/main/caddy
    container_name: crowdsec
    image: crowdsecurity/crowdsec:latest
    restart: unless-stopped
    environment:
      GID: 1000
      COLLECTIONS: crowdsecurity/caddy crowdsecurity/whitelist-good-actors crowdsecurity/http-cve crowdsecurity/http-dos crowdsecurity/base-http-scenarios crowdsecurity/appsec-crs crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-wordpress crowdsecurity/wordpress crowdsecurity/discord-crawler-whitelist
      BOUNCER_KEY_CADDY: ${CROWDSEC_API_KEY}
    networks:
      webserver:
        ipv4_address: 172.21.0.12
    ports:
      - "8080:8080"
    volumes:
      - ${CROWDSEC_DATA_DIR}:/var/lib/crowdsec/data/:rw
      - ./config/crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml:ro
      - ./config/crowdsec/acquis.d:/etc/crowdsec/acquis.d/:ro
      - ./config/crowdsec/config.yaml.local:/etc/crowdsec/config.yaml.local:ro
      - ./config/crowdsec/online_api_credentials.yaml:/etc/crowdsec/online_api_credentials.yaml:ro
      #Required to read syslog. This will be valid only on UNIX
      - /var/log/:/var/log/:ro
      #Caddy logs folder is RW, because we're also writing Crowdsec logs here
      - ./logs:/usr/local/logs/:rw
    security_opt:
      - no-new-privileges=true
    healthcheck:
      test: [ "CMD", "cscli", "lapi", "status" ]
      start_period: 120s
      interval: 10s
      timeout: 5s
      retries: 3

Create and start the container

Anything else we need to know?

No response

Crowdsec version

```console version: v1.6.2-16bfab86 Codename: alphaga BuildDate: 2024-06-05_14:25:55 GoVersion: 1.22.3 Platform: docker libre2: C++ User-Agent: crowdsec/v1.6.2-16bfab86-docker Constraint_parser: >= 1.0, <= 3.0 Constraint_scenario: >= 1.0, <= 3.0 Constraint_api: v1 Constraint_acquis: >= 1.0, < 2.0 ```

OS version

```console BuildNumber Caption OSArchitecture Version 22631 Microsoft Windows 11 Pro 64-bit 10.0.22631 ```

Enabled collections and parsers

```console name,status,version,description,type crowdsecurity/appsec-logs,enabled,0.5,Parse Appsec events,parsers crowdsecurity/caddy-logs,enabled,0.8,Parse caddy logs,parsers crowdsecurity/cri-logs,enabled,0.1,CRI logging format parser,parsers crowdsecurity/dateparse-enrich,enabled,0.2,,parsers crowdsecurity/docker-logs,enabled,0.1,docker json logs parser,parsers crowdsecurity/geoip-enrich,"enabled,update-available",0.3,"Populate event with geoloc info : as, country, coords, source range.",parsers crowdsecurity/http-logs,enabled,1.2,"Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource",parsers crowdsecurity/sshd-logs,"enabled,update-available",2.3,Parse openSSH logs,parsers crowdsecurity/syslog-logs,enabled,0.8,,parsers crowdsecurity/whitelists,enabled,0.2,Whitelist events from private ipv4 addresses,parsers crowdsecurity/cdn-whitelist,enabled,0.4,Whitelist CDN providers,postoverflows crowdsecurity/discord-crawler-whitelist,enabled,0.1,Discord PTR whitelist,postoverflows crowdsecurity/rdns,enabled,0.3,Lookup the DNS associated to the source IP only for overflows,postoverflows crowdsecurity/seo-bots-whitelist,enabled,0.5,Whitelist good search engine crawlers,postoverflows crowdsecurity/apache_log4j2_cve-2021-44228,enabled,0.6,Detect cve-2021-44228 exploitation attemps,scenarios crowdsecurity/appsec-vpatch,enabled,0.5,Identify attacks flagged by CrowdSec AppSec,scenarios crowdsecurity/CVE-2017-9841,enabled,0.2,Detect CVE-2017-9841 exploits,scenarios crowdsecurity/CVE-2019-18935,enabled,0.2,Detect Telerik CVE-2019-18935 exploitation attempts,scenarios crowdsecurity/CVE-2022-26134,enabled,0.2,Detect CVE-2022-26134 exploits,scenarios crowdsecurity/CVE-2022-35914,enabled,0.2,Detect CVE-2022-35914 exploits,scenarios crowdsecurity/CVE-2022-37042,enabled,0.2,Detect CVE-2022-37042 exploits,scenarios crowdsecurity/CVE-2022-40684,enabled,0.3,Detect cve-2022-40684 exploitation attempts,scenarios crowdsecurity/CVE-2022-41082,enabled,0.4,Detect CVE-2022-41082 exploits,scenarios crowdsecurity/CVE-2022-41697,enabled,0.2,Detect CVE-2022-41697 enumeration,scenarios crowdsecurity/CVE-2022-42889,enabled,0.3,Detect CVE-2022-42889 exploits (Text4Shell),scenarios crowdsecurity/CVE-2022-44877,enabled,0.3,Detect CVE-2022-44877 exploits,scenarios crowdsecurity/CVE-2022-46169,enabled,0.2,Detect CVE-2022-46169 brute forcing,scenarios crowdsecurity/CVE-2023-22515,enabled,0.1,Detect CVE-2023-22515 exploitation,scenarios crowdsecurity/CVE-2023-22518,enabled,0.2,Detect CVE-2023-22518 exploits,scenarios crowdsecurity/CVE-2023-49103,enabled,0.3,Detect owncloud CVE-2023-49103 exploitation attempts,scenarios crowdsecurity/f5-big-ip-cve-2020-5902,enabled,0.2,Detect cve-2020-5902 exploitation attemps,scenarios crowdsecurity/fortinet-cve-2018-13379,enabled,0.3,Detect cve-2018-13379 exploitation attemps,scenarios crowdsecurity/grafana-cve-2021-43798,enabled,0.2,Detect cve-2021-43798 exploitation attemps,scenarios crowdsecurity/http-admin-interface-probing,enabled,0.4,Detect generic HTTP admin interface probing,scenarios crowdsecurity/http-backdoors-attempts,enabled,0.6,Detect attempt to common backdoors,scenarios crowdsecurity/http-bad-user-agent,enabled,1.2,Detect usage of bad User Agent,scenarios crowdsecurity/http-bf-wordpress_bf,enabled,0.7,Detect WordPress bruteforce on admin interface,scenarios crowdsecurity/http-crawl-non_statics,enabled,0.7,Detect aggressive crawl on non static resources,scenarios crowdsecurity/http-cve-2021-41773,enabled,0.2,cve-2021-41773,scenarios crowdsecurity/http-cve-2021-42013,enabled,0.2,cve-2021-42013,scenarios crowdsecurity/http-cve-probing,enabled,0.2,Detect generic HTTP cve probing,scenarios crowdsecurity/http-dos-bypass-cache,enabled,0.5,Detect DoS tools bypassing cache every request,scenarios crowdsecurity/http-dos-invalid-http-versions,enabled,0.7,Detect DoS tools using invalid HTTP versions,scenarios crowdsecurity/http-dos-random-uri,enabled,0.4,Detect DoS tools using random uri,scenarios crowdsecurity/http-dos-switching-ua,enabled,0.5,Detect DoS tools switching user-agent too fast,scenarios crowdsecurity/http-generic-bf,enabled,0.6,Detect generic http brute force,scenarios crowdsecurity/http-open-proxy,enabled,0.5,Detect scan for open proxy,scenarios crowdsecurity/http-path-traversal-probing,enabled,0.4,Detect path traversal attempt,scenarios crowdsecurity/http-probing,enabled,0.4,Detect site scanning/probing from a single ip,scenarios crowdsecurity/http-sensitive-files,enabled,0.4,"Detect attempt to access to sensitive files (.log, .db ..) or folders (.git)",scenarios crowdsecurity/http-sqli-probing,enabled,0.4,A scenario that detects SQL injection probing with minimal false positives,scenarios crowdsecurity/http-wordpress-scan,enabled,0.2,Detect WordPress scan: vuln hunting,scenarios crowdsecurity/http-wordpress_user-enum,enabled,0.3,Detect WordPress probing: authors enumeration,scenarios crowdsecurity/http-wordpress_wpconfig,enabled,0.3,Detect WordPress probing: variations around wp-config.php by wpscan,scenarios crowdsecurity/http-xss-probing,enabled,0.4,A scenario that detects XSS probing with minimal false positives,scenarios crowdsecurity/jira_cve-2021-26086,enabled,0.3,Detect Atlassian Jira CVE-2021-26086 exploitation attemps,scenarios crowdsecurity/netgear_rce,enabled,0.3,Detect Netgear RCE DGN1000/DGN220 exploitation attempts,scenarios crowdsecurity/pulse-secure-sslvpn-cve-2019-11510,enabled,0.3,Detect cve-2019-11510 exploitation attemps,scenarios crowdsecurity/spring4shell_cve-2022-22965,enabled,0.3,Detect cve-2022-22965 probing,scenarios crowdsecurity/ssh-bf,enabled,0.3,Detect ssh bruteforce,scenarios crowdsecurity/ssh-slow-bf,enabled,0.4,Detect slow ssh bruteforce,scenarios crowdsecurity/thinkphp-cve-2018-20062,enabled,0.6,Detect ThinkPHP CVE-2018-20062 exploitation attemps,scenarios crowdsecurity/vmware-cve-2022-22954,enabled,0.3,Detect Vmware CVE-2022-22954 exploitation attempts,scenarios crowdsecurity/vmware-vcenter-vmsa-2021-0027,enabled,0.2,Detect VMSA-2021-0027 exploitation attemps,scenarios ltsich/http-w00tw00t,enabled,0.2,detect w00tw00t,scenarios crowdsecurity/appsec_base,enabled,0.2,,contexts crowdsecurity/bf_base,enabled,0.1,,contexts crowdsecurity/http_base,enabled,0.2,,contexts crowdsecurity/appsec-default,enabled,0.1,,appsec-configs crowdsecurity/crs,enabled,0.2,,appsec-configs crowdsecurity/generic-rules,enabled,0.3,,appsec-configs crowdsecurity/virtual-patching,enabled,0.4,,appsec-configs crowdsecurity/base-config,enabled,0.1,,appsec-rules crowdsecurity/crs,enabled,0.4,,appsec-rules crowdsecurity/generic-freemarker-ssti,enabled,0.3,Generic FreeMarker SSTI,appsec-rules crowdsecurity/vpatch-connectwise-auth-bypass,enabled,0.3,Detect exploitation of auth bypass in ConnectWise ScreenConnect,appsec-rules crowdsecurity/vpatch-CVE-2017-9841,enabled,0.3,PHPUnit RCE (CVE-2017-9841),appsec-rules crowdsecurity/vpatch-CVE-2018-1000861,enabled,0.1,Jenkins - RCE (CVE-2018-1000861),appsec-rules crowdsecurity/vpatch-CVE-2018-10562,enabled,0.2,Dasan GPON RCE (CVE-2018-10562),appsec-rules crowdsecurity/vpatch-CVE-2019-1003030,enabled,0.1,Jenkins - RCE (CVE-2019-1003030),appsec-rules crowdsecurity/vpatch-CVE-2019-12989,enabled,0.3,Citrix SQLi (CVE-2019-12989),appsec-rules crowdsecurity/vpatch-CVE-2020-11738,enabled,0.6,Wordpress Snap Creek Duplicator - Path Traversal (CVE-2020-11738),appsec-rules crowdsecurity/vpatch-CVE-2020-17496,enabled,0.1,vBulletin RCE (CVE-2020-17496),appsec-rules crowdsecurity/vpatch-CVE-2021-22941,enabled,0.3,Citrix RCE (CVE-2021-22941),appsec-rules crowdsecurity/vpatch-CVE-2021-3129,enabled,0.4,Laravel with Ignition Debug Mode RCE (CVE-2021-3129),appsec-rules crowdsecurity/vpatch-CVE-2022-22954,enabled,0.2,VMWare Workspace ONE Access RCE (CVE-2022-22954),appsec-rules crowdsecurity/vpatch-CVE-2022-22965,enabled,0.2,Spring4Shell - RCE (CVE-2022-22965),appsec-rules crowdsecurity/vpatch-CVE-2022-27926,enabled,0.4,Zimbra Collaboration XSS (CVE-2022-27926),appsec-rules crowdsecurity/vpatch-CVE-2022-35914,enabled,0.5,GLPI RCE (CVE-2022-35914),appsec-rules crowdsecurity/vpatch-CVE-2022-44877,enabled,0.2,CentOS Web Panel 7 RCE (CVE-2022-44877),appsec-rules crowdsecurity/vpatch-CVE-2022-46169,enabled,0.5,Cacti RCE (CVE-2022-46169),appsec-rules crowdsecurity/vpatch-CVE-2023-0600,enabled,0.1,WP Visitor Statistics - SQL Injection (CVE-2023-0600),appsec-rules crowdsecurity/vpatch-CVE-2023-0900,enabled,0.1,AP Pricing Tables Lite - SQL Injection (CVE-2023-0900),appsec-rules crowdsecurity/vpatch-CVE-2023-1389,enabled,0.1,TP-Link Archer AX21 - RCE (CVE-2023-1389),appsec-rules crowdsecurity/vpatch-CVE-2023-2009,enabled,0.1,Pretty Url - XSS (CVE-2023-2009),appsec-rules crowdsecurity/vpatch-CVE-2023-20198,enabled,0.6,CISCO IOS XE Account Creation (CVE-2023-20198),appsec-rules crowdsecurity/vpatch-CVE-2023-22515,enabled,0.4,Atlassian Confluence Privesc (CVE-2023-22515),appsec-rules crowdsecurity/vpatch-CVE-2023-22527,enabled,0.2,RCE using SSTI in Confluence (CVE-2023-22527),appsec-rules crowdsecurity/vpatch-CVE-2023-23488,enabled,0.2,Wordpress Paid Memberships Pro Blind SQLi (CVE-2023-23488),appsec-rules crowdsecurity/vpatch-CVE-2023-23489,enabled,0.1,WordPress Easy Digital Downloads plugin SQL injection (CVE-2023-23489),appsec-rules crowdsecurity/vpatch-CVE-2023-23752,enabled,0.1,Joomla! Webservice - Password Disclosure (CVE-2023-23752),appsec-rules crowdsecurity/vpatch-CVE-2023-24489,enabled,0.2,Citrix ShareFile RCE (CVE-2023-24489),appsec-rules crowdsecurity/vpatch-CVE-2023-28121,enabled,0.1,WooCommerce auth bypass (CVE-2023-28121),appsec-rules crowdsecurity/vpatch-CVE-2023-33617,enabled,0.4,Atlassian Confluence Privesc (CVE-2023-33617),appsec-rules crowdsecurity/vpatch-CVE-2023-34362,enabled,0.6,MOVEit Transfer RCE (CVE-2023-34362),appsec-rules crowdsecurity/vpatch-CVE-2023-35078,enabled,0.1,MobileIron Core Remote Unauthenticated API Access (CVE-2023-35078),appsec-rules crowdsecurity/vpatch-CVE-2023-35082,enabled,0.2,MobileIron Core Remote Unauthenticated API Access (CVE-2023-35082),appsec-rules crowdsecurity/vpatch-CVE-2023-3519,enabled,0.3,Citrix RCE (CVE-2023-3519),appsec-rules crowdsecurity/vpatch-CVE-2023-38205,enabled,0.3,Adobe ColdFusion Access Control Bypass (CVE-2023-38205),appsec-rules crowdsecurity/vpatch-CVE-2023-40044,enabled,0.3,WS_FTP .NET deserialize RCE (CVE-2023-40044),appsec-rules crowdsecurity/vpatch-CVE-2023-42793,enabled,0.3,JetBrains Teamcity Auth Bypass (CVE-2023-42793),appsec-rules crowdsecurity/vpatch-CVE-2023-4634,enabled,0.2,Media Library Assistant - RCE 2023 4634,appsec-rules crowdsecurity/vpatch-CVE-2023-46805,enabled,0.4,Ivanti Connect Auth Bypass (CVE-2023-46805),appsec-rules crowdsecurity/vpatch-CVE-2023-49070,enabled,0.1,Apache OFBiz - RCE (CVE-2023-49070),appsec-rules crowdsecurity/vpatch-CVE-2023-50164,enabled,0.6,Apache Struts2 Path Traversal (CVE-2023-50164),appsec-rules crowdsecurity/vpatch-CVE-2023-6360,enabled,0.1,WordPress My Calendar - SQL Injection (CVE-2023-6360),appsec-rules crowdsecurity/vpatch-CVE-2023-6553,enabled,0.1,Backup Migration plugin for WordPress RCE (CVE-2023-6553),appsec-rules crowdsecurity/vpatch-CVE-2023-6567,enabled,0.1,LearnPress - SQL Injection (CVE-2023-6567),appsec-rules crowdsecurity/vpatch-CVE-2023-6623,enabled,0.1,Wordpress Essential Blocks plugin LFI (CVE-2023-6623),appsec-rules crowdsecurity/vpatch-CVE-2023-7028,enabled,0.2,Gitlab Password Reset Account Takeover (CVE-2023-7028),appsec-rules crowdsecurity/vpatch-CVE-2024-1061,enabled,0.1,WordPress HTML5 Video Player - SQL Injection (CVE-2024-1061),appsec-rules crowdsecurity/vpatch-CVE-2024-1071,enabled,0.2,WordPress Ultimate Member - SQL Injection (CVE-2024-1071),appsec-rules crowdsecurity/vpatch-CVE-2024-1212,enabled,0.3,Progress Kemp LoadMaster Unauthenticated Command Injection (CVE-2024-1212),appsec-rules crowdsecurity/vpatch-CVE-2024-22024,enabled,0.1,Ivanti Connect Secure - XXE (CVE-2024-22024),appsec-rules crowdsecurity/vpatch-CVE-2024-23897,enabled,0.4,Jenkins CLI RCE (CVE-2024-23897),appsec-rules crowdsecurity/vpatch-CVE-2024-27198,enabled,0.4,Teamcity - Authentication Bypass (CVE-2024-27198),appsec-rules crowdsecurity/vpatch-CVE-2024-29849,enabled,0.5,Veeam Backup Enterprise Manager - Authentication Bypass (CVE-2024-29849),appsec-rules crowdsecurity/vpatch-CVE-2024-3273,enabled,0.1,D-LINK NAS Command Injection (CVE-2024-3273),appsec-rules crowdsecurity/vpatch-CVE-2024-4577,enabled,0.1,PHP CGI Command Injection - CVE-2024-4577,appsec-rules crowdsecurity/vpatch-env-access,enabled,0.1,Detect access to .env files,appsec-rules crowdsecurity/vpatch-laravel-debug-mode,enabled,0.3,Detect bots exploiting laravel debug mode,appsec-rules crowdsecurity/vpatch-symfony-profiler,enabled,0.1,Detect abuse of symfony profiler,appsec-rules crowdsecurity/appsec-crs,enabled,0.4,Appsec: Modsecurity core rule set rules,collections crowdsecurity/appsec-generic-rules,enabled,0.5,A collection of generic attack vectors for additional protection.,collections crowdsecurity/appsec-virtual-patching,enabled,2.8,"a generic virtual patching collection, suitable for most web servers.",collections crowdsecurity/appsec-wordpress,enabled,0.2,"A virtual patching collection, suitable for WordPress websites",collections crowdsecurity/base-http-scenarios,enabled,1.0,http common : scanners detection,collections crowdsecurity/caddy,enabled,0.1,caddy support : parser and generic http scenarios,collections crowdsecurity/discord-crawler-whitelist,enabled,0.1,Whitelist Discord PTR domains,collections crowdsecurity/http-cve,enabled,2.6,Detect CVE exploitation in http logs,collections crowdsecurity/http-dos,enabled,0.2,,collections crowdsecurity/linux,"enabled,update-available",0.2,core linux support : syslog+geoip+ssh,collections crowdsecurity/sshd,"enabled,update-available",0.3,sshd support : parser and brute-force detection,collections crowdsecurity/whitelist-good-actors,enabled,0.1,Good actors whitelists,collections crowdsecurity/wordpress,enabled,0.5,wordpress: Bruteforce protection and config probing,collections ```

Acquisition config

```console filenames: - /usr/local/logs/access.log labels: type: caddyfilenames: - /usr/local/logs/mariadb.log labels: type: mariadbfilenames: - /var/log/auth.log - /var/log/syslog labels: type: syslog

Config show

```console Global: - Configuration Folder : /etc/crowdsec - Data Folder : /var/lib/crowdsec/data - Hub Folder : /etc/crowdsec/hub - Simulation File : /etc/crowdsec/simulation.yaml - Log Folder : /usr/local/logs - Log level : warning - Log Media : file Crowdsec: - Acquisition File : /etc/crowdsec/acquis.yaml - Parsers routines : 1 - Acquisition Folder : /etc/crowdsec/acquis.d cscli: - Output : human - Hub Branch : API Client: - URL : http://0.0.0.0:8080/ - Login : localhost - Credentials File : /etc/crowdsec/local_api_credentials.yaml Local API Server: - Listen URL : 0.0.0.0:8080 - Listen Socket : - Profile File : /etc/crowdsec/profiles.yaml - Trusted IPs: - 127.0.0.1 - ::1 - 172.21.0.0/16 - Database: - Type : sqlite - Path : /var/lib/crowdsec/data/crowdsec.db - Flush age : 7d - Flush size : 5000 ```

Prometheus metrics

N/A

Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.

N/A

@Simbiat: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

Check Crowdsec Documentation to see if your issue can be self resolved.
You can also join our Discord.
Check Releases to make sure your agent is on the latest version.

Details

I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.

Struggling to replicate the issue, could be an external factor (onedrive sync) or WSL specific.

The files are not created before the collection is installed, within the staging directory is everything for /etc/crowdsec the datafiles are within /var/lib/crowdsec/data/ so it could be this directory has some issue?

Logs within details:

``` root@bookworm:/tmp# docker compose up [+] Running 1/0 ✔ Container crowdsec Recreated 0.1s Attaching to crowdsec crowdsec | Populating configuration directory... crowdsec | sending incremental file list crowdsec | acquis.yaml crowdsec | config.yaml crowdsec | console.yaml crowdsec | dev.yaml crowdsec | local_api_credentials.yaml crowdsec | online_api_credentials.yaml crowdsec | profiles.yaml crowdsec | simulation.yaml crowdsec | user.yaml crowdsec | acquis.d/ crowdsec | appsec-configs/ crowdsec | appsec-rules/ crowdsec | collections/ crowdsec | collections/linux.yaml -> /etc/crowdsec/hub/collections/crowdsecurity/linux.yaml crowdsec | collections/sshd.yaml -> /etc/crowdsec/hub/collections/crowdsecurity/sshd.yaml crowdsec | console/ crowdsec | console/context.yaml crowdsec | contexts/ crowdsec | contexts/bf_base.yaml -> /etc/crowdsec/hub/contexts/crowdsecurity/bf_base.yaml crowdsec | hub/ crowdsec | hub/.index.json crowdsec | hub/collections/ crowdsec | hub/collections/crowdsecurity/ crowdsec | hub/collections/crowdsecurity/linux.yaml crowdsec | hub/collections/crowdsecurity/sshd.yaml crowdsec | hub/contexts/ crowdsec | hub/contexts/crowdsecurity/ crowdsec | hub/contexts/crowdsecurity/bf_base.yaml crowdsec | hub/parsers/ crowdsec | hub/parsers/s00-raw/ crowdsec | hub/parsers/s00-raw/crowdsecurity/ crowdsec | hub/parsers/s00-raw/crowdsecurity/syslog-logs.yaml crowdsec | hub/parsers/s01-parse/ crowdsec | hub/parsers/s01-parse/crowdsecurity/ crowdsec | hub/parsers/s01-parse/crowdsecurity/sshd-logs.yaml crowdsec | hub/parsers/s02-enrich/ crowdsec | hub/parsers/s02-enrich/crowdsecurity/ crowdsec | hub/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml crowdsec | hub/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml crowdsec | hub/parsers/s02-enrich/crowdsecurity/whitelists.yaml crowdsec | hub/scenarios/ crowdsec | hub/scenarios/crowdsecurity/ crowdsec | hub/scenarios/crowdsecurity/ssh-bf.yaml crowdsec | hub/scenarios/crowdsecurity/ssh-slow-bf.yaml crowdsec | notifications/ crowdsec | notifications/email.yaml crowdsec | notifications/http.yaml crowdsec | notifications/sentinel.yaml crowdsec | notifications/slack.yaml crowdsec | notifications/splunk.yaml crowdsec | parsers/ crowdsec | parsers/s00-raw/ crowdsec | parsers/s00-raw/syslog-logs.yaml -> /etc/crowdsec/hub/parsers/s00-raw/crowdsecurity/syslog-logs.yaml crowdsec | parsers/s01-parse/ crowdsec | parsers/s01-parse/sshd-logs.yaml -> /etc/crowdsec/hub/parsers/s01-parse/crowdsecurity/sshd-logs.yaml crowdsec | parsers/s02-enrich/ crowdsec | parsers/s02-enrich/dateparse-enrich.yaml -> /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml crowdsec | parsers/s02-enrich/geoip-enrich.yaml -> /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml crowdsec | parsers/s02-enrich/whitelists.yaml -> /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/whitelists.yaml crowdsec | patterns/ crowdsec | patterns/aws crowdsec | patterns/bacula crowdsec | patterns/bro crowdsec | patterns/cowrie_honeypot crowdsec | patterns/exim crowdsec | patterns/firewalls crowdsec | patterns/haproxy crowdsec | patterns/java crowdsec | patterns/junos crowdsec | patterns/linux-syslog crowdsec | patterns/mcollective crowdsec | patterns/modsecurity crowdsec | patterns/mongodb crowdsec | patterns/mysql crowdsec | patterns/nagios crowdsec | patterns/nginx crowdsec | patterns/paths crowdsec | patterns/postgresql crowdsec | patterns/rails crowdsec | patterns/redis crowdsec | patterns/ruby crowdsec | patterns/smb crowdsec | patterns/ssh crowdsec | patterns/tcpdump crowdsec | postoverflows/ crowdsec | scenarios/ crowdsec | scenarios/ssh-bf.yaml -> /etc/crowdsec/hub/scenarios/crowdsecurity/ssh-bf.yaml crowdsec | scenarios/ssh-slow-bf.yaml -> /etc/crowdsec/hub/scenarios/crowdsecurity/ssh-slow-bf.yaml crowdsec | crowdsec | sent 1,248,943 bytes received 1,128 bytes 2,500,142.00 bytes/sec crowdsec | total size is 1,244,280 speedup is 1.00 crowdsec | Error: no matches found crowdsec | Generate local agent credentials crowdsec | Machine 'localhost' successfully added to the local API. crowdsec | API credentials written to '/etc/crowdsec/local_api_credentials.yaml'. crowdsec | Check if lapi needs to register an additional agent crowdsec | time="2024-07-08T10:39:39Z" level=warning msg="can't load CAPI credentials from '/etc/crowdsec//online_api_credentials.yaml' (missing login field)" crowdsec | time="2024-07-08T10:39:41Z" level=info msg="Successfully registered to Central API (CAPI)" crowdsec | time="2024-07-08T10:39:41Z" level=info msg="Central API credentials written to '/etc/crowdsec//online_api_credentials.yaml'" crowdsec | time="2024-07-08T10:39:41Z" level=warning msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." crowdsec | Registration to online API done crowdsec | sqlite database permissions updated crowdsec | time="2024-07-08T10:39:41Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections." crowdsec | time="2024-07-08T10:39:41Z" level=info msg="Wrote index to /etc/crowdsec/hub/.index.json, 1207438 bytes" crowdsec | time="2024-07-08T10:39:41Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections." crowdsec | time="2024-07-08T10:39:41Z" level=info msg="Upgrading parsers" crowdsec | time="2024-07-08T10:39:41Z" level=info msg="crowdsecurity/dateparse-enrich: up-to-date" crowdsec | time="2024-07-08T10:39:41Z" level=info msg="crowdsecurity/whitelists: up-to-date" crowdsec | time="2024-07-08T10:39:41Z" level=info msg="crowdsecurity/geoip-enrich: up-to-date" crowdsec | time="2024-07-08T10:39:41Z" level=info msg="new version available, updating /var/lib/crowdsec/data/GeoLite2-City.mmdb" crowdsec | updated GeoLite2-City.mmdb crowdsec | time="2024-07-08T10:39:44Z" level=info msg="new version available, updating /var/lib/crowdsec/data/GeoLite2-ASN.mmdb" crowdsec | updated GeoLite2-ASN.mmdb crowdsec | time="2024-07-08T10:39:44Z" level=info msg="crowdsecurity/syslog-logs: up-to-date" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="crowdsecurity/sshd-logs: up-to-date" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="Upgraded 0 parsers" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="Upgrading postoverflows" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="Upgraded 0 postoverflows" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="Upgrading scenarios" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="crowdsecurity/ssh-slow-bf: up-to-date" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="crowdsecurity/ssh-bf: up-to-date" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="Upgraded 0 scenarios" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="Upgrading contexts" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="crowdsecurity/bf_base: up-to-date" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="Upgraded 0 contexts" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="Upgrading appsec-configs" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="Upgraded 0 appsec-configs" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="Upgrading appsec-rules" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="Upgraded 0 appsec-rules" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="Upgrading collections" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="crowdsecurity/linux: up-to-date" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="crowdsecurity/sshd: up-to-date" crowdsec | time="2024-07-08T10:39:44Z" level=info msg="Upgraded 0 collections" crowdsec | Running: cscli parsers install "crowdsecurity/docker-logs" crowdsec | time="2024-07-08T10:39:44Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections." crowdsec | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/docker-logs: OK" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Enabled parsers: crowdsecurity/docker-logs" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Enabled crowdsecurity/docker-logs" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." crowdsec | Running: cscli parsers install "crowdsecurity/cri-logs" crowdsec | time="2024-07-08T10:39:45Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections." crowdsec | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/cri-logs: OK" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Enabled parsers: crowdsecurity/cri-logs" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Enabled crowdsecurity/cri-logs" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." crowdsec | Running: cscli collections install "crowdsecurity/caddy" crowdsec | time="2024-07-08T10:39:45Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections." crowdsec | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/caddy-logs: OK" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Enabled parsers: crowdsecurity/caddy-logs" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-logs: OK" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Enabled parsers: crowdsecurity/http-logs" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-crawl-non_statics: OK" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-crawl-non_statics" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-probing: OK" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-probing" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-bad-user-agent: OK" crowdsec | updated bad_user_agents.regex.txt crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-bad-user-agent" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-path-traversal-probing: OK" crowdsec | updated http_path_traversal.txt crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-path-traversal-probing" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-sensitive-files: OK" crowdsec | updated sensitive_data.txt crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-sensitive-files" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-sqli-probing: OK" crowdsec | updated sqli_probe_patterns.txt crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-sqli-probing" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-xss-probing: OK" crowdsec | updated xss_probe_patterns.txt crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-xss-probing" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-backdoors-attempts: OK" crowdsec | updated backdoors.txt crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-backdoors-attempts" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="ltsich/http-w00tw00t: OK" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: ltsich/http-w00tw00t" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="crowdsecurity/http-generic-bf: OK" crowdsec | time="2024-07-08T10:39:45Z" level=info msg="Enabled scenarios: crowdsecurity/http-generic-bf" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/http-open-proxy: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/http-open-proxy" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/http-admin-interface-probing: OK" crowdsec | updated admin_interfaces.txt crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/http-admin-interface-probing" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/http-wordpress-scan: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/http-wordpress-scan" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/http-cve-probing: OK" crowdsec | updated trendy_cves.txt crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/http-cve-probing" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/http_base: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled contexts: crowdsecurity/http_base" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/http-cve-2021-41773: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/http-cve-2021-41773" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/http-cve-2021-42013: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/http-cve-2021-42013" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/grafana-cve-2021-43798: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/grafana-cve-2021-43798" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/vmware-vcenter-vmsa-2021-0027: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/vmware-vcenter-vmsa-2021-0027" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/fortinet-cve-2018-13379: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/fortinet-cve-2018-13379" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/pulse-secure-sslvpn-cve-2019-11510: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/pulse-secure-sslvpn-cve-2019-11510" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/f5-big-ip-cve-2020-5902: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/f5-big-ip-cve-2020-5902" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/thinkphp-cve-2018-20062: OK" crowdsec | updated thinkphp_cve_2018-20062.txt crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/thinkphp-cve-2018-20062" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/apache_log4j2_cve-2021-44228: OK" crowdsec | updated log4j2_cve_2021_44228.txt crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/apache_log4j2_cve-2021-44228" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/jira_cve-2021-26086: OK" crowdsec | updated jira_cve_2021-26086.txt crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/jira_cve-2021-26086" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/spring4shell_cve-2022-22965: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/spring4shell_cve-2022-22965" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/vmware-cve-2022-22954: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/vmware-cve-2022-22954" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-37042: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-37042" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-41082: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-41082" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-35914: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-35914" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-40684: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-40684" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-26134: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-26134" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-42889: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-42889" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-41697: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-41697" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-46169: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-46169" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2022-44877: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-44877" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2019-18935: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2019-18935" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/netgear_rce: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/netgear_rce" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2023-22515: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2023-22515" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2023-22518: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2023-22518" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2023-49103: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2023-49103" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/CVE-2017-9841: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled scenarios: crowdsecurity/CVE-2017-9841" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/http-cve: OK" crowdsec | time="2024-07-08T10:39:46Z" level=warning msg="crowdsecurity/http-cve: overwrite" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/base-http-scenarios: OK" crowdsec | time="2024-07-08T10:39:46Z" level=warning msg="crowdsecurity/base-http-scenarios: overwrite" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="crowdsecurity/caddy: OK" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled collections: crowdsecurity/http-cve" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled collections: crowdsecurity/base-http-scenarios" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled collections: crowdsecurity/caddy" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Enabled crowdsecurity/caddy" crowdsec | time="2024-07-08T10:39:46Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." crowdsec | Running: cscli collections install "crowdsecurity/whitelist-good-actors" crowdsec | time="2024-07-08T10:39:47Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections." crowdsec | time="2024-07-08T10:39:47Z" level=info msg="crowdsecurity/seo-bots-whitelist: OK" crowdsec | updated rdns_seo_bots.txt crowdsec | updated rdns_seo_bots.regex crowdsec | updated ip_seo_bots.txt crowdsec | time="2024-07-08T10:39:47Z" level=info msg="Enabled postoverflows: crowdsecurity/seo-bots-whitelist" crowdsec | time="2024-07-08T10:39:47Z" level=info msg="crowdsecurity/cdn-whitelist: OK" crowdsec | updated cloudflare_ips.txt crowdsec | updated cloudflare_ip6s.txt crowdsec | time="2024-07-08T10:39:47Z" level=info msg="Enabled postoverflows: crowdsecurity/cdn-whitelist" crowdsec | time="2024-07-08T10:39:47Z" level=info msg="crowdsecurity/rdns: OK" crowdsec | time="2024-07-08T10:39:47Z" level=info msg="Enabled postoverflows: crowdsecurity/rdns" crowdsec | time="2024-07-08T10:39:47Z" level=info msg="crowdsecurity/whitelist-good-actors: OK" crowdsec | time="2024-07-08T10:39:47Z" level=info msg="Enabled collections: crowdsecurity/whitelist-good-actors" crowdsec | time="2024-07-08T10:39:47Z" level=info msg="Enabled crowdsecurity/whitelist-good-actors" crowdsec | time="2024-07-08T10:39:47Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." crowdsec | Running: cscli collections install "crowdsecurity/http-cve" crowdsec | time="2024-07-08T10:39:47Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections." crowdsec | time="2024-07-08T10:39:47Z" level=warning msg="crowdsecurity/http-cve-2021-41773: overwrite" crowdsec | time="2024-07-08T10:39:47Z" level=warning msg="crowdsecurity/http-cve-2021-42013: overwrite" crowdsec | time="2024-07-08T10:39:47Z" level=warning msg="crowdsecurity/grafana-cve-2021-43798: overwrite" crowdsec | time="2024-07-08T10:39:47Z" level=warning msg="crowdsecurity/vmware-vcenter-vmsa-2021-0027: overwrite" crowdsec | time="2024-07-08T10:39:47Z" level=warning msg="crowdsecurity/fortinet-cve-2018-13379: overwrite" crowdsec | time="2024-07-08T10:39:47Z" level=warning msg="crowdsecurity/pulse-secure-sslvpn-cve-2019-11510: overwrite" crowdsec | time="2024-07-08T10:39:47Z" level=warning msg="crowdsecurity/f5-big-ip-cve-2020-5902: overwrite" crowdsec | time="2024-07-08T10:39:47Z" level=warning msg="crowdsecurity/thinkphp-cve-2018-20062: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/apache_log4j2_cve-2021-44228: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/jira_cve-2021-26086: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/spring4shell_cve-2022-22965: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/vmware-cve-2022-22954: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-37042: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-41082: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-35914: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-40684: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-26134: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-42889: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-41697: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-46169: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2022-44877: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2019-18935: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/netgear_rce: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2023-22515: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2023-22518: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2023-49103: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/CVE-2017-9841: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/http-cve: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=info msg="/etc/crowdsec/collections/http-cve.yaml already exists." crowdsec | time="2024-07-08T10:39:48Z" level=info msg="Enabled collections: crowdsecurity/http-cve" crowdsec | time="2024-07-08T10:39:48Z" level=info msg="Enabled crowdsecurity/http-cve" crowdsec | time="2024-07-08T10:39:48Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." crowdsec | Running: cscli collections install "crowdsecurity/http-dos" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections." crowdsec | time="2024-07-08T10:39:48Z" level=info msg="crowdsecurity/http-dos-bypass-cache: OK" crowdsec | time="2024-07-08T10:39:48Z" level=info msg="Enabled scenarios: crowdsecurity/http-dos-bypass-cache" crowdsec | time="2024-07-08T10:39:48Z" level=info msg="crowdsecurity/http-dos-random-uri: OK" crowdsec | time="2024-07-08T10:39:48Z" level=info msg="Enabled scenarios: crowdsecurity/http-dos-random-uri" crowdsec | time="2024-07-08T10:39:48Z" level=info msg="crowdsecurity/http-dos-switching-ua: OK" crowdsec | time="2024-07-08T10:39:48Z" level=info msg="Enabled scenarios: crowdsecurity/http-dos-switching-ua" crowdsec | time="2024-07-08T10:39:48Z" level=info msg="crowdsecurity/http-dos-invalid-http-versions: OK" crowdsec | time="2024-07-08T10:39:48Z" level=info msg="Enabled scenarios: crowdsecurity/http-dos-invalid-http-versions" crowdsec | time="2024-07-08T10:39:48Z" level=info msg="crowdsecurity/http-dos: OK" crowdsec | time="2024-07-08T10:39:48Z" level=info msg="Enabled collections: crowdsecurity/http-dos" crowdsec | time="2024-07-08T10:39:48Z" level=info msg="Enabled crowdsecurity/http-dos" crowdsec | time="2024-07-08T10:39:48Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." crowdsec | Running: cscli collections install "crowdsecurity/base-http-scenarios" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections." crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/http-logs: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/http-crawl-non_statics: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/http-probing: overwrite" crowdsec | time="2024-07-08T10:39:48Z" level=warning msg="crowdsecurity/http-bad-user-agent: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-path-traversal-probing: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-sensitive-files: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-sqli-probing: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-xss-probing: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-backdoors-attempts: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="ltsich/http-w00tw00t: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-generic-bf: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-open-proxy: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-admin-interface-probing: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-wordpress-scan: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-cve-probing: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http_base: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-cve-2021-41773: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-cve-2021-42013: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/grafana-cve-2021-43798: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/vmware-vcenter-vmsa-2021-0027: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/fortinet-cve-2018-13379: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/pulse-secure-sslvpn-cve-2019-11510: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/f5-big-ip-cve-2020-5902: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/thinkphp-cve-2018-20062: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/apache_log4j2_cve-2021-44228: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/jira_cve-2021-26086: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/spring4shell_cve-2022-22965: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/vmware-cve-2022-22954: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-37042: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-41082: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-35914: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-40684: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-26134: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-42889: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-41697: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-46169: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2022-44877: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2019-18935: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/netgear_rce: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2023-22515: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2023-22518: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2023-49103: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/CVE-2017-9841: overwrite" crowdsec | time="2024-07-08T10:39:49Z" level=warning msg="crowdsecurity/http-cve: overwrite" crowdsec | time="2024-07-08T10:39:50Z" level=warning msg="crowdsecurity/http-cve: overwrite" crowdsec | time="2024-07-08T10:39:50Z" level=warning msg="crowdsecurity/base-http-scenarios: overwrite" crowdsec | time="2024-07-08T10:39:50Z" level=info msg="/etc/crowdsec/collections/http-cve.yaml already exists." crowdsec | time="2024-07-08T10:39:50Z" level=info msg="Enabled collections: crowdsecurity/http-cve" crowdsec | time="2024-07-08T10:39:50Z" level=info msg="/etc/crowdsec/collections/base-http-scenarios.yaml already exists." crowdsec | time="2024-07-08T10:39:50Z" level=info msg="Enabled collections: crowdsecurity/base-http-scenarios" crowdsec | time="2024-07-08T10:39:50Z" level=info msg="Enabled crowdsecurity/base-http-scenarios" crowdsec | time="2024-07-08T10:39:50Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." crowdsec | Running: cscli collections install "crowdsecurity/appsec-crs" crowdsec | time="2024-07-08T10:39:50Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections." crowdsec | time="2024-07-08T10:39:50Z" level=info msg="crowdsecurity/appsec-logs: OK" crowdsec | time="2024-07-08T10:39:50Z" level=info msg="Enabled parsers: crowdsecurity/appsec-logs" crowdsec | time="2024-07-08T10:39:50Z" level=info msg="crowdsecurity/crs: OK" crowdsec | time="2024-07-08T10:39:50Z" level=info msg="Enabled appsec-configs: crowdsecurity/crs" crowdsec | time="2024-07-08T10:39:51Z" level=info msg="crowdsecurity/crs: OK" crowdsec | updated crs-setup.conf crowdsec | updated REQUEST-901-INITIALIZATION.conf crowdsec | updated REQUEST-905-COMMON-EXCEPTIONS.conf crowdsec | updated REQUEST-911-METHOD-ENFORCEMENT.conf crowdsec | updated REQUEST-913-SCANNER-DETECTION.conf crowdsec | updated REQUEST-920-PROTOCOL-ENFORCEMENT.conf crowdsec | updated REQUEST-921-PROTOCOL-ATTACK.conf crowdsec | updated REQUEST-922-MULTIPART-ATTACK.conf crowdsec | updated REQUEST-930-APPLICATION-ATTACK-LFI.conf crowdsec | updated REQUEST-931-APPLICATION-ATTACK-RFI.conf crowdsec | updated REQUEST-932-APPLICATION-ATTACK-RCE.conf crowdsec | updated REQUEST-933-APPLICATION-ATTACK-PHP.conf crowdsec | updated REQUEST-934-APPLICATION-ATTACK-GENERIC.conf crowdsec | updated REQUEST-941-APPLICATION-ATTACK-XSS.conf crowdsec | updated REQUEST-942-APPLICATION-ATTACK-SQLI.conf crowdsec | updated REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf crowdsec | updated REQUEST-944-APPLICATION-ATTACK-JAVA.conf crowdsec | updated REQUEST-949-BLOCKING-EVALUATION.conf crowdsec | updated RESPONSE-950-DATA-LEAKAGES.conf crowdsec | updated RESPONSE-951-DATA-LEAKAGES-SQL.conf crowdsec | updated RESPONSE-952-DATA-LEAKAGES-JAVA.conf crowdsec | updated RESPONSE-953-DATA-LEAKAGES-PHP.conf crowdsec | updated RESPONSE-954-DATA-LEAKAGES-IIS.conf crowdsec | updated RESPONSE-955-WEB-SHELLS.conf crowdsec | updated RESPONSE-959-BLOCKING-EVALUATION.conf crowdsec | updated RESPONSE-980-CORRELATION.conf crowdsec | updated crawlers-user-agents.data crowdsec | updated iis-errors.data crowdsec | updated java-classes.data crowdsec | updated java-code-leakages.data crowdsec | updated java-errors.data crowdsec | updated lfi-os-files.data crowdsec | updated php-config-directives.data crowdsec | updated php-errors.data crowdsec | updated php-errors-pl2.data crowdsec | updated php-function-names-933150.data crowdsec | updated php-function-names-933151.data crowdsec | updated php-variables.data crowdsec | updated restricted-files.data crowdsec | updated restricted-upload.data crowdsec | updated scanners-headers.data crowdsec | updated scanners-urls.data crowdsec | updated scanners-user-agents.data crowdsec | updated scripting-user-agents.data crowdsec | updated sql-errors.data crowdsec | updated ssrf.data crowdsec | updated unix-shell.data crowdsec | updated web-shells-php.data crowdsec | updated windows-powershell-commands.data crowdsec | time="2024-07-08T10:39:54Z" level=info msg="Enabled appsec-rules: crowdsecurity/crs" crowdsec | time="2024-07-08T10:39:54Z" level=info msg="crowdsecurity/appsec-crs: OK" crowdsec | time="2024-07-08T10:39:54Z" level=info msg="Enabled collections: crowdsecurity/appsec-crs" crowdsec | time="2024-07-08T10:39:54Z" level=info msg="Enabled crowdsecurity/appsec-crs" crowdsec | time="2024-07-08T10:39:54Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." crowdsec | Running: cscli collections install "crowdsecurity/appsec-generic-rules" crowdsec | time="2024-07-08T10:39:54Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections." crowdsec | time="2024-07-08T10:39:54Z" level=warning msg="crowdsecurity/appsec-logs: overwrite" crowdsec | time="2024-07-08T10:39:54Z" level=info msg="crowdsecurity/appsec-vpatch: OK" crowdsec | time="2024-07-08T10:39:54Z" level=info msg="Enabled scenarios: crowdsecurity/appsec-vpatch" crowdsec | time="2024-07-08T10:39:54Z" level=info msg="crowdsecurity/appsec_base: OK" crowdsec | time="2024-07-08T10:39:54Z" level=info msg="Enabled contexts: crowdsecurity/appsec_base" crowdsec | time="2024-07-08T10:39:55Z" level=info msg="crowdsecurity/generic-rules: OK" crowdsec | time="2024-07-08T10:39:55Z" level=info msg="Enabled appsec-configs: crowdsecurity/generic-rules" crowdsec | time="2024-07-08T10:39:55Z" level=info msg="crowdsecurity/appsec-default: OK" crowdsec | time="2024-07-08T10:39:55Z" level=info msg="Enabled appsec-configs: crowdsecurity/appsec-default" crowdsec | time="2024-07-08T10:39:55Z" level=info msg="crowdsecurity/base-config: OK" crowdsec | time="2024-07-08T10:39:55Z" level=info msg="Enabled appsec-rules: crowdsecurity/base-config" crowdsec | time="2024-07-08T10:39:55Z" level=info msg="crowdsecurity/generic-freemarker-ssti: OK" crowdsec | time="2024-07-08T10:39:55Z" level=info msg="Enabled appsec-rules: crowdsecurity/generic-freemarker-ssti" crowdsec | time="2024-07-08T10:39:55Z" level=info msg="crowdsecurity/appsec-generic-rules: OK" crowdsec | time="2024-07-08T10:39:55Z" level=info msg="Enabled collections: crowdsecurity/appsec-generic-rules" crowdsec | time="2024-07-08T10:39:55Z" level=info msg="Enabled crowdsecurity/appsec-generic-rules" crowdsec | time="2024-07-08T10:39:55Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." crowdsec | Running: cscli collections install "crowdsecurity/appsec-virtual-patching" crowdsec | time="2024-07-08T10:39:55Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections." crowdsec | time="2024-07-08T10:39:56Z" level=warning msg="crowdsecurity/appsec-logs: overwrite" crowdsec | time="2024-07-08T10:39:56Z" level=warning msg="crowdsecurity/appsec-vpatch: overwrite" crowdsec | time="2024-07-08T10:39:56Z" level=warning msg="crowdsecurity/appsec_base: overwrite" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/virtual-patching: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-configs: crowdsecurity/virtual-patching" crowdsec | time="2024-07-08T10:39:56Z" level=warning msg="crowdsecurity/appsec-default: overwrite" crowdsec | time="2024-07-08T10:39:56Z" level=warning msg="crowdsecurity/base-config: overwrite" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-env-access: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-env-access" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-40044: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-40044" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2017-9841: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2017-9841" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2020-11738: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2020-11738" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2022-27926: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-27926" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2022-35914: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-35914" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2022-46169: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-46169" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-20198: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-20198" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-22515: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-22515" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-33617: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-33617" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-34362: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-34362" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-3519: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-3519" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-42793: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-42793" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-50164: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-50164" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-38205: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-38205" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-24489: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-24489" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2021-3129: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2021-3129" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2021-22941: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2021-22941" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2019-12989: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2019-12989" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2022-44877: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-44877" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2018-10562: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2018-10562" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-6553: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6553" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2018-1000861: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2018-1000861" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2019-1003030: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2019-1003030" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2022-22965: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-22965" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-23752: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-23752" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-49070: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-49070" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-laravel-debug-mode: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-laravel-debug-mode" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-28121: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-28121" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2020-17496: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2020-17496" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-1389: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-1389" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-7028: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-7028" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-46805: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-46805" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2024-23897: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-23897" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-22527: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-22527" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-35078: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-35078" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2023-35082: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-35082" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2022-22954: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-22954" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2024-1212: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-1212" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-symfony-profiler: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-symfony-profiler" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-connectwise-auth-bypass: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-connectwise-auth-bypass" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2024-22024: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-22024" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2024-27198: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-27198" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/vpatch-CVE-2024-3273: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-3273" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="crowdsecurity/appsec-virtual-patching: OK" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled collections: crowdsecurity/appsec-virtual-patching" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Enabled crowdsecurity/appsec-virtual-patching" crowdsec | time="2024-07-08T10:39:56Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." crowdsec | Running: cscli collections install "crowdsecurity/appsec-wordpress" crowdsec | time="2024-07-08T10:39:56Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections." crowdsec | time="2024-07-08T10:39:57Z" level=warning msg="crowdsecurity/virtual-patching: overwrite" crowdsec | time="2024-07-08T10:39:57Z" level=warning msg="crowdsecurity/base-config: overwrite" crowdsec | time="2024-07-08T10:39:57Z" level=info msg="crowdsecurity/vpatch-CVE-2023-0600: OK" crowdsec | time="2024-07-08T10:39:57Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-0600" crowdsec | time="2024-07-08T10:39:57Z" level=info msg="crowdsecurity/vpatch-CVE-2023-0900: OK" crowdsec | time="2024-07-08T10:39:57Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-0900" crowdsec | time="2024-07-08T10:39:57Z" level=info msg="crowdsecurity/vpatch-CVE-2023-2009: OK" crowdsec | time="2024-07-08T10:39:57Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-2009" crowdsec | time="2024-07-08T10:39:58Z" level=info msg="crowdsecurity/vpatch-CVE-2023-23488: OK" crowdsec | time="2024-07-08T10:39:58Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-23488" crowdsec | time="2024-07-08T10:39:58Z" level=info msg="crowdsecurity/vpatch-CVE-2023-23489: OK" crowdsec | time="2024-07-08T10:39:58Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-23489" crowdsec | time="2024-07-08T10:39:58Z" level=info msg="crowdsecurity/vpatch-CVE-2023-4634: OK" crowdsec | time="2024-07-08T10:39:58Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-4634" crowdsec | time="2024-07-08T10:39:58Z" level=info msg="crowdsecurity/vpatch-CVE-2023-6360: OK" crowdsec | time="2024-07-08T10:39:58Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6360" crowdsec | time="2024-07-08T10:39:59Z" level=info msg="crowdsecurity/vpatch-CVE-2023-6567: OK" crowdsec | time="2024-07-08T10:39:59Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6567" crowdsec | time="2024-07-08T10:39:59Z" level=info msg="crowdsecurity/vpatch-CVE-2023-6623: OK" crowdsec | time="2024-07-08T10:39:59Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6623" crowdsec | time="2024-07-08T10:39:59Z" level=info msg="crowdsecurity/vpatch-CVE-2024-1061: OK" crowdsec | time="2024-07-08T10:39:59Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-1061" crowdsec | time="2024-07-08T10:39:59Z" level=info msg="crowdsecurity/vpatch-CVE-2024-1071: OK" crowdsec | time="2024-07-08T10:39:59Z" level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-1071" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="crowdsecurity/appsec-wordpress: OK" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="Enabled collections: crowdsecurity/appsec-wordpress" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="Enabled crowdsecurity/appsec-wordpress" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." crowdsec | Running: cscli collections install "crowdsecurity/wordpress" crowdsec | time="2024-07-08T10:40:00Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections." crowdsec | time="2024-07-08T10:40:00Z" level=info msg="crowdsecurity/http-bf-wordpress_bf: OK" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="Enabled scenarios: crowdsecurity/http-bf-wordpress_bf" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="crowdsecurity/http-wordpress_wpconfig: OK" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="Enabled scenarios: crowdsecurity/http-wordpress_wpconfig" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="crowdsecurity/http-wordpress_user-enum: OK" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="Enabled scenarios: crowdsecurity/http-wordpress_user-enum" crowdsec | time="2024-07-08T10:40:00Z" level=warning msg="crowdsecurity/http-wordpress-scan: overwrite" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="crowdsecurity/wordpress: OK" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="Enabled collections: crowdsecurity/wordpress" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="Enabled crowdsecurity/wordpress" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." crowdsec | Running: cscli collections install "crowdsecurity/discord-crawler-whitelist" crowdsec | time="2024-07-08T10:40:00Z" level=warning msg="A new CrowdSec release is available (v1.6.2). Your version is 'v1.6.1'. Please update it to use new parsers/scenarios/collections." crowdsec | time="2024-07-08T10:40:00Z" level=info msg="crowdsecurity/discord-crawler-whitelist: OK" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="Enabled postoverflows: crowdsecurity/discord-crawler-whitelist" crowdsec | time="2024-07-08T10:40:00Z" level=warning msg="crowdsecurity/rdns: overwrite" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="crowdsecurity/discord-crawler-whitelist: OK" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="Enabled collections: crowdsecurity/discord-crawler-whitelist" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="Enabled crowdsecurity/discord-crawler-whitelist" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." crowdsec | time="2024-07-08T10:40:00Z" level=info msg="Enabled feature flags: " crowdsec | time="2024-07-08T10:40:00Z" level=info msg="Crowdsec v1.6.1-c6e40191" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="Loading prometheus collectors" crowdsec | time="2024-07-08T10:40:00Z" level=info msg="Loading CAPI manager" crowdsec | time="2024-07-08T10:40:01Z" level=info msg="CAPI manager configured successfully" crowdsec | time="2024-07-08T10:40:01Z" level=info msg="Start push to CrowdSec Central API (interval: 14s once, then 10s)" crowdsec | time="2024-07-08T10:40:01Z" level=info msg="Start sending metrics to CrowdSec Central API (interval: 25m11s once, then 30m0s)" crowdsec | time="2024-07-08T10:40:01Z" level=warning msg="scenario list is empty, will not pull yet" crowdsec | time="2024-07-08T10:40:01Z" level=info msg="CrowdSec Local API listening on 0.0.0.0:8080" crowdsec | time="2024-07-08T10:40:01Z" level=info msg="capi metrics: sending" crowdsec | time="2024-07-08T10:40:01Z" level=info msg="Loading grok library /etc/crowdsec/patterns" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loading enrich plugins" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Successfully registered enricher 'GeoIpCity'" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Successfully registered enricher 'GeoIpASN'" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Successfully registered enricher 'IpToRange'" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Successfully registered enricher 'reverse_dns'" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Successfully registered enricher 'ParseDate'" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Successfully registered enricher 'UnmarshalJSON'" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loading parsers from 10 files" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/cri-logs.yaml stage=s00-raw crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s00-raw/docker-logs.yaml stage=s00-raw crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loaded 2 parser nodes" file=/etc/crowdsec/parsers/s00-raw/syslog-logs.yaml stage=s00-raw crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/appsec-logs.yaml stage=s01-parse crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/caddy-logs.yaml stage=s01-parse crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s01-parse/sshd-logs.yaml stage=s01-parse crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml stage=s02-enrich crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml stage=s02-enrich crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/http-logs.yaml stage=s02-enrich crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/parsers/s02-enrich/whitelists.yaml stage=s02-enrich crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loaded 11 nodes from 3 stages" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loading postoverflow parsers" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s00-enrich/rdns.yaml stage=s00-enrich crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s01-whitelist/cdn-whitelist.yaml stage=s01-whitelist crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s01-whitelist/discord-crawler-whitelist.yaml stage=s01-whitelist crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s01-whitelist/seo-bots-whitelist.yaml stage=s01-whitelist crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loaded 4 nodes from 2 stages" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loading 51 scenario files" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=wild-night name=crowdsecurity/CVE-2019-18935 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=wispy-voice name=crowdsecurity/http-wordpress-scan crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=proud-dew name=crowdsecurity/netgear_rce crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=red-sound name=crowdsecurity/http-admin-interface-probing crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=snowy-shadow name=crowdsecurity/jira_cve-2021-26086 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=green-morning name=crowdsecurity/http-wordpress_user-enum crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=broken-cloud name=crowdsecurity/vmware-cve-2022-22954 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=delicate-lake name=crowdsecurity/vmware-vcenter-vmsa-2021-0027 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=holy-shape name=crowdsecurity/fortinet-cve-2022-40684 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=sparkling-tree name=crowdsecurity/http-cve-2021-41773 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=hidden-breeze name=crowdsecurity/CVE-2023-22515 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=green-field name=crowdsecurity/CVE-2023-22518 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=floral-river name=crowdsecurity/http-open-proxy crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=patient-glitter name=crowdsecurity/http-path-traversal-probing crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=misty-pine name=crowdsecurity/http-crawl-non_statics crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=wispy-sound name=crowdsecurity/http-dos-invalid-http-versions crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=proud-frog name=crowdsecurity/CVE-2022-26134 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=bitter-bird name=crowdsecurity/CVE-2022-35914 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=spring-pond name=crowdsecurity/CVE-2022-42889 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=polished-dust name=crowdsecurity/f5-big-ip-cve-2020-5902 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=empty-resonance name=crowdsecurity/http-cve-2021-42013 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=polished-darkness name=crowdsecurity/CVE-2022-37042 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=polished-sun name=crowdsecurity/http-dos-bypass-cache crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=lingering-mountain name=crowdsecurity/CVE-2017-9841 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=crimson-frog name=crowdsecurity/ssh-bf crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=solitary-thunder name=crowdsecurity/ssh-bf_user-enum crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=restless-waterfall name=crowdsecurity/pulse-secure-sslvpn-cve-2019-11510 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=still-glade name=crowdsecurity/CVE-2023-49103 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=delicate-feather name=crowdsecurity/CVE-2022-44877 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=empty-mountain name=crowdsecurity/http-bf-wordpress_bf crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=old-voice name=ltsich/http-w00tw00t crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=rough-wind name=crowdsecurity/thinkphp-cve-2018-20062 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=lively-breeze name=crowdsecurity/http-dos-random-uri crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=weathered-glitter name=crowdsecurity/apache_log4j2_cve-2021-44228 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=fragrant-paper name=crowdsecurity/http-probing crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=delicate-mountain name=crowdsecurity/fortinet-cve-2018-13379 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=throbbing-dawn name=crowdsecurity/grafana-cve-2021-43798 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=dawn-haze name=crowdsecurity/http-sensitive-files crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=patient-dew name=crowdsecurity/appsec-vpatch crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=damp-sun name=crowdsecurity/http-generic-bf crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=bitter-snowflake name=LePresidente/http-generic-401-bf crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=late-star name=LePresidente/http-generic-403-bf crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=dawn-firefly name=crowdsecurity/http-xss-probbing crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=icy-haze name=crowdsecurity/CVE-2022-41082 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=proud-shadow name=crowdsecurity/CVE-2022-41697 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=patient-firefly name=crowdsecurity/http-dos-swithcing-ua crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=summer-butterfly name=crowdsecurity/CVE-2022-46169-bf crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=silent-pine name=crowdsecurity/CVE-2022-46169-cmd crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=delicate-firefly name=crowdsecurity/http-bad-user-agent crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=purple-pond name=crowdsecurity/http-sqli-probbing-detection crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=broken-snow name=crowdsecurity/http-cve-probing crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=cold-violet name=crowdsecurity/http-wordpress_wpconfig crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=solitary-frog name=crowdsecurity/ssh-slow-bf crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=quiet-dream name=crowdsecurity/ssh-slow-bf_user-enum crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding leaky bucket" cfg=falling-water name=crowdsecurity/http-backdoors-attempts crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding trigger bucket" cfg=snowy-rain name=crowdsecurity/spring4shell_cve-2022-22965 crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Loaded 56 scenarios" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-23488 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-laravel-debug-mode to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-22515 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-22954 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-20198 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-1061 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-35082 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-40044 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-4634 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/generic-freemarker-ssti to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-11738 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-44877 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-0900 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-1389 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-connectwise-auth-bypass to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-1000861 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-46805 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-7028 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-28121 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-49070 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-22024 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-27198 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-24489 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-34362 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-6360 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-env-access to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2020-17496 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-33617 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-1071 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/base-config to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-1003030 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-2009 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-35078 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-3519 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-0600 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-23752 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/crs to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-22527 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-6567 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-3273 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-22965 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-27926 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-50164 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-6553 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-3129 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-38205 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-42793 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-6623 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2021-22941 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-35914 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-1212 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2024-23897 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-symfony-profiler to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2017-9841 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2019-12989 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2023-23489 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2018-10562 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding crowdsecurity/vpatch-CVE-2022-46169 to appsec rules" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="loading acquisition file : /etc/crowdsec/acquis.yaml" crowdsec | time="2024-07-08T10:40:02Z" level=warning msg="No matching files for pattern /var/log/nginx/*.log" type=file crowdsec | time="2024-07-08T10:40:02Z" level=warning msg="No matching files for pattern ./tests/nginx/nginx.log" type=file crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding file /var/log/auth.log to datasources" type=file crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Adding file /var/log/syslog to datasources" type=file crowdsec | time="2024-07-08T10:40:02Z" level=warning msg="No matching files for pattern /var/log/apache2/*.log" type=file crowdsec | time="2024-07-08T10:40:02Z" level=info msg="127.0.0.1 - [Mon, 08 Jul 2024 10:40:02 UTC] \"POST /v1/watchers/login HTTP/1.1 200 70.575933ms \"crowdsec/v1.6.1-c6e40191\" \"" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Starting processing data" crowdsec | time="2024-07-08T10:40:02Z" level=info msg="Starting community-blocklist update" crowdsec | time="2024-07-08T10:40:03Z" level=info msg="capi/community-blocklist : 0 explicit deletions" crowdsec | time="2024-07-08T10:40:03Z" level=info msg="capi/community-blocklist : received 0 new entries (expected if you just installed crowdsec)" crowdsec | time="2024-07-08T10:40:03Z" level=info msg="Start pull from CrowdSec Central API (interval: 2h1m9s once, then 2h0m0s)" crowdsec | time="2024-07-08T10:40:09Z" level=info msg="127.0.0.1 - [Mon, 08 Jul 2024 10:40:09 UTC] \"POST /v1/watchers/login HTTP/1.1 200 69.826588ms \"crowdsec/v1.6.1-c6e40191\" \"" crowdsec | time="2024-07-08T10:40:20Z" level=info msg="127.0.0.1 - [Mon, 08 Jul 2024 10:40:20 UTC] \"POST /v1/watchers/login HTTP/1.1 200 60.985393ms \"crowdsec/v1.6.1-c6e40191\" \"" crowdsec | time="2024-07-08T10:40:30Z" level=info msg="127.0.0.1 - [Mon, 08 Jul 2024 10:40:30 UTC] \"POST /v1/watchers/login HTTP/1.1 200 65.641902ms \"crowdsec/v1.6.1-c6e40191\" \"" ```

Here are my logs

``` 2024-07-08 14:55:49 Populating configuration directory... 2024-07-08 14:55:49 sending incremental file list 2024-07-08 14:55:49 config.yaml 2024-07-08 14:55:49 console.yaml 2024-07-08 14:55:49 dev.yaml 2024-07-08 14:55:49 local_api_credentials.yaml 2024-07-08 14:55:49 profiles.yaml 2024-07-08 14:55:49 simulation.yaml 2024-07-08 14:55:49 user.yaml 2024-07-08 14:55:49 acquis.d/ 2024-07-08 14:55:49 appsec-configs/ 2024-07-08 14:55:49 appsec-rules/ 2024-07-08 14:55:49 collections/ 2024-07-08 14:55:49 collections/linux.yaml -> /etc/crowdsec/hub/collections/crowdsecurity/linux.yaml 2024-07-08 14:55:49 collections/sshd.yaml -> /etc/crowdsec/hub/collections/crowdsecurity/sshd.yaml 2024-07-08 14:55:49 console/ 2024-07-08 14:55:49 console/context.yaml 2024-07-08 14:55:49 contexts/ 2024-07-08 14:55:49 contexts/bf_base.yaml -> /etc/crowdsec/hub/contexts/crowdsecurity/bf_base.yaml 2024-07-08 14:55:49 hub/ 2024-07-08 14:55:49 hub/.index.json 2024-07-08 14:55:49 hub/appsec-configs/ 2024-07-08 14:55:49 hub/appsec-configs/crowdsecurity/ 2024-07-08 14:55:49 hub/appsec-configs/crowdsecurity/appsec-default.yaml 2024-07-08 14:55:49 hub/appsec-configs/crowdsecurity/crs.yaml 2024-07-08 14:55:49 hub/appsec-configs/crowdsecurity/generic-rules.yaml 2024-07-08 14:55:49 hub/appsec-configs/crowdsecurity/virtual-patching.yaml 2024-07-08 14:55:49 hub/appsec-rules/ 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/ 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/base-config.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/crs.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/generic-freemarker-ssti.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2017-9841.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2018-1000861.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2018-10562.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2019-1003030.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2019-12989.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2020-11738.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2020-17496.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2021-22941.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2021-3129.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2022-22954.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2022-22965.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2022-27926.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2022-35914.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2022-44877.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2022-46169.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-0600.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-0900.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-1389.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-2009.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-20198.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-22515.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-22527.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-23488.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-23489.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-23752.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-24489.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-28121.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-33617.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-34362.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-35078.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-35082.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-3519.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-38205.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-40044.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-42793.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-4634.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-46805.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-49070.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-50164.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-6360.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-6553.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-6567.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-6623.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2023-7028.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2024-1061.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2024-1071.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2024-1212.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2024-22024.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2024-23897.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2024-27198.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-CVE-2024-3273.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-connectwise-auth-bypass.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-env-access.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-laravel-debug-mode.yaml 2024-07-08 14:55:49 hub/appsec-rules/crowdsecurity/vpatch-symfony-profiler.yaml 2024-07-08 14:55:49 hub/collections/ 2024-07-08 14:55:49 hub/collections/Dominic-Wagner/ 2024-07-08 14:55:49 hub/collections/Dominic-Wagner/vaultwarden.yml 2024-07-08 14:55:49 hub/collections/LePresidente/ 2024-07-08 14:55:49 hub/collections/LePresidente/adguardhome.yml 2024-07-08 14:55:49 hub/collections/LePresidente/authelia.yml 2024-07-08 14:55:49 hub/collections/LePresidente/emby.yml 2024-07-08 14:55:49 hub/collections/LePresidente/gitea.yml 2024-07-08 14:55:49 hub/collections/LePresidente/grafana.yml 2024-07-08 14:55:49 hub/collections/LePresidente/harbor.yml 2024-07-08 14:55:49 hub/collections/LePresidente/jellyfin.yml 2024-07-08 14:55:49 hub/collections/LePresidente/jellyseerr.yml 2024-07-08 14:55:49 hub/collections/LePresidente/ombi.yml 2024-07-08 14:55:49 hub/collections/LePresidente/overseerr.yml 2024-07-08 14:55:49 hub/collections/LePresidente/redmine.yml 2024-07-08 14:55:49 hub/collections/MariuszKociubinski/ 2024-07-08 14:55:49 hub/collections/MariuszKociubinski/bitwarden.yaml 2024-07-08 14:55:49 hub/collections/ZoeyVid/ 2024-07-08 14:55:49 hub/collections/ZoeyVid/npmplus.yaml 2024-07-08 14:55:49 hub/collections/a1ad/ 2024-07-08 14:55:49 hub/collections/a1ad/meshcentral.yml 2024-07-08 14:55:49 hub/collections/a1ad/mikrotik.yml 2024-07-08 14:55:49 hub/collections/aidalinfo/ 2024-07-08 14:55:49 hub/collections/aidalinfo/couchdb.yaml 2024-07-08 14:55:49 hub/collections/andreasbrett/ 2024-07-08 14:55:49 hub/collections/andreasbrett/baikal.yml 2024-07-08 14:55:49 hub/collections/andreasbrett/paperless-ngx.yml 2024-07-08 14:55:49 hub/collections/andreasbrett/webmin.yml 2024-07-08 14:55:49 hub/collections/baudneo/ 2024-07-08 14:55:49 hub/collections/baudneo/gotify.yaml 2024-07-08 14:55:49 hub/collections/baudneo/zoneminder.yaml 2024-07-08 14:55:49 hub/collections/baudneo/zoneminder_http-cve.yaml 2024-07-08 14:55:49 hub/collections/corvese/ 2024-07-08 14:55:49 hub/collections/corvese/apache-guacamole.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/ 2024-07-08 14:55:49 hub/collections/crowdsecurity/amavis.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/apache2.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/apiscp.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/appsec-crs.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/appsec-generic-rules.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/appsec-virtual-patching.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/appsec-wordpress.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/asterisk.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/auditd.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/aws-cis-benchmark.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/aws-cloudfront.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/aws-console.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/aws-postexploit.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/base-http-scenarios.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/caddy.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/cpanel.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/discord-crawler-whitelist.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/dovecot.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/endlessh.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/exchange.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/exim.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/fastly.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/freebsd.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/freeswitch.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/haproxy.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/home-assistant.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/http-cve.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/http-dos.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/iis.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/iptables.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/k8s-audit.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/kasm.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/linux-lpe.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/linux.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/litespeed.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/magento.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/mariadb.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/modsecurity.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/mssql.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/mysql.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/naxsi.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/nextcloud.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/nginx-proxy-manager.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/nginx.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/odoo.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/opnsense-gui.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/opnsense.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/palo-alto.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/pfsense-gui.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/pfsense.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/pgsql.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/postfix.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/proftpd.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/smb.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/sshd-impossible-travel.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/sshd.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/supabase-compose.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/suricata.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/synology-dsm.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/teamspeak3.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/teleport.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/thehive.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/traefik.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/unifi.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/vsftpd.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/whitelist-good-actors.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/whm.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/windows-cve.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/windows-firewall.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/windows.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/wireguard.yaml 2024-07-08 14:55:49 hub/collections/crowdsecurity/wordpress.yaml 2024-07-08 14:55:49 hub/collections/darkclip/ 2024-07-08 14:55:49 hub/collections/darkclip/charon-ipsec.yaml 2024-07-08 14:55:49 hub/collections/firewallservices/ 2024-07-08 14:55:49 hub/collections/firewallservices/lemonldap-ng.yaml 2024-07-08 14:55:49 hub/collections/firewallservices/pf.yaml 2024-07-08 14:55:49 hub/collections/firewallservices/zimbra.yaml 2024-07-08 14:55:49 hub/collections/firix/ 2024-07-08 14:55:49 hub/collections/firix/authentik.yaml 2024-07-08 14:55:49 hub/collections/fulljackz/ 2024-07-08 14:55:49 hub/collections/fulljackz/proxmox.yaml 2024-07-08 14:55:49 hub/collections/fulljackz/pureftpd.yaml 2024-07-08 14:55:49 hub/collections/gauth-fr/ 2024-07-08 14:55:49 hub/collections/gauth-fr/immich.yml 2024-07-08 14:55:49 hub/collections/hitech95/ 2024-07-08 14:55:49 hub/collections/hitech95/nginx-mail.yaml 2024-07-08 14:55:49 hub/collections/inherent-io/ 2024-07-08 14:55:49 hub/collections/inherent-io/keycloak.yaml 2024-07-08 14:55:49 hub/collections/jbowdre/ 2024-07-08 14:55:49 hub/collections/jbowdre/miniflux.yml 2024-07-08 14:55:49 hub/collections/jusabatier/ 2024-07-08 14:55:49 hub/collections/jusabatier/apereo-cas.yaml 2024-07-08 14:55:49 hub/collections/lourys/ 2024-07-08 14:55:49 hub/collections/lourys/pterodactyl.yaml 2024-07-08 14:55:49 hub/collections/mstilkerich/ 2024-07-08 14:55:49 hub/collections/mstilkerich/bind9.yaml 2024-07-08 14:55:49 hub/collections/mwinters-stuff/ 2024-07-08 14:55:49 hub/collections/mwinters-stuff/mailu-admin.yaml 2024-07-08 14:55:49 hub/collections/openappsec/ 2024-07-08 14:55:49 hub/collections/openappsec/openappsec.yaml 2024-07-08 14:55:49 hub/collections/schiz0phr3ne/ 2024-07-08 14:55:49 hub/collections/schiz0phr3ne/prowlarr.yaml 2024-07-08 14:55:49 hub/collections/schiz0phr3ne/radarr.yaml 2024-07-08 14:55:49 hub/collections/schiz0phr3ne/sonarr.yaml 2024-07-08 14:55:49 hub/collections/thespad/ 2024-07-08 14:55:49 hub/collections/thespad/sshesame.yaml 2024-07-08 14:55:49 hub/collections/timokoessler/ 2024-07-08 14:55:49 hub/collections/timokoessler/gitlab.yaml 2024-07-08 14:55:49 hub/collections/timokoessler/mongodb.yaml 2024-07-08 14:55:49 hub/collections/timokoessler/uptime-kuma.yaml 2024-07-08 14:55:49 hub/collections/xs539/ 2024-07-08 14:55:49 hub/collections/xs539/bookstack.yml 2024-07-08 14:55:49 hub/collections/xs539/joplin-server.yml 2024-07-08 14:55:49 hub/contexts/ 2024-07-08 14:55:49 hub/contexts/crowdsecurity/ 2024-07-08 14:55:49 hub/contexts/crowdsecurity/appsec_base.yaml 2024-07-08 14:55:49 hub/contexts/crowdsecurity/bf_base.yaml 2024-07-08 14:55:49 hub/contexts/crowdsecurity/firewall_base.yaml 2024-07-08 14:55:49 hub/contexts/crowdsecurity/http_base.yaml 2024-07-08 14:55:49 hub/contexts/crowdsecurity/palo_alto.yaml 2024-07-08 14:55:49 hub/parsers/ 2024-07-08 14:55:49 hub/parsers/s00-raw/ 2024-07-08 14:55:49 hub/parsers/s00-raw/crowdsecurity/ 2024-07-08 14:55:49 hub/parsers/s00-raw/crowdsecurity/cri-logs.yaml 2024-07-08 14:55:49 hub/parsers/s00-raw/crowdsecurity/docker-logs.yaml 2024-07-08 14:55:49 hub/parsers/s00-raw/crowdsecurity/syslog-logs.yaml 2024-07-08 14:55:49 hub/parsers/s00-raw/crowdsecurity/unifi-logs.yaml 2024-07-08 14:55:49 hub/parsers/s00-raw/crowdsecurity/windows-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/ 2024-07-08 14:55:49 hub/parsers/s01-parse/Dominic-Wagner/ 2024-07-08 14:55:49 hub/parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/ 2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/adguardhome-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/authelia-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/emby-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/gitea-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/grafana-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/harbor-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/jellyfin-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/jellyseerr-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/ombi-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/overseerr-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/LePresidente/redmine-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/MariuszKociubinski/ 2024-07-08 14:55:49 hub/parsers/s01-parse/MariuszKociubinski/bitwarden-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/Zaulao/ 2024-07-08 14:55:49 hub/parsers/s01-parse/Zaulao/aws-alb.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/ZoeyVid/ 2024-07-08 14:55:49 hub/parsers/s01-parse/ZoeyVid/npmplus-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/a1ad/ 2024-07-08 14:55:49 hub/parsers/s01-parse/a1ad/meshcentral-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/a1ad/mikrotik-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/aderumier/ 2024-07-08 14:55:49 hub/parsers/s01-parse/aderumier/proxmox-iptables-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/aidalinfo/ 2024-07-08 14:55:49 hub/parsers/s01-parse/aidalinfo/couchdb-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/aidalinfo/tcpudp-flood-traefik.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/andreasbrett/ 2024-07-08 14:55:49 hub/parsers/s01-parse/andreasbrett/baikal-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/andreasbrett/paperless-ngx-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/andreasbrett/webmin-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/baudneo/ 2024-07-08 14:55:49 hub/parsers/s01-parse/baudneo/gotify-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/baudneo/zoneminder-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/corvese/ 2024-07-08 14:55:49 hub/parsers/s01-parse/corvese/apache-guacamole-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/ 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/amavis-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/apache2-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/appsec-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/asterisk-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/auditd-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/aws-cloudfront.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/aws-cloudtrail.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/caddy-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/configserver-lfd-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/cowrie-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/cpanel-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/dovecot-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/dropbear-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/endlessh-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/exchange-imap-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/exchange-pop-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/exchange-smtp-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/exim-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/fastly-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/freeswitch.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/haproxy-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/home-assistant-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/iis-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/iptables-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/k8s-audit.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/kasm-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/laurel-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/litespeed-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/magento-extension-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/mariadb-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/modsecurity.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/mssql-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/mysql-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/nextcloud-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/nginx-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/nginx-proxy-manager-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/odoo-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/opnsense-gui-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/palo-alto-threat-log.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/pam-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/pfsense-gui-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/pgsql-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/pkexec-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/postfix-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/postscreen-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/proftpd-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/segfault-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/smb-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/sshd-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/sshd-success-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/supabase-docker-pgsql.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/suricata-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/synology-dsm-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/sysmon-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/tcpdump-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/teamspeak3-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/teleport-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/thehive-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/traefik-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/vsftpd-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/windows-auth.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/windows-firewall-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/crowdsecurity/wireguard-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/darkclip/ 2024-07-08 14:55:49 hub/parsers/s01-parse/darkclip/charon-ipsec-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/firewallservices/ 2024-07-08 14:55:49 hub/parsers/s01-parse/firewallservices/lemonldap-ng.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/firewallservices/pf-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/firewallservices/zimbra-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/firix/ 2024-07-08 14:55:49 hub/parsers/s01-parse/firix/authentik-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/fulljackz/ 2024-07-08 14:55:49 hub/parsers/s01-parse/fulljackz/proxmox-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/fulljackz/pureftpd-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/gauth-fr/ 2024-07-08 14:55:49 hub/parsers/s01-parse/gauth-fr/immich-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/hitech95/ 2024-07-08 14:55:49 hub/parsers/s01-parse/hitech95/nginx-mail-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/inherent-io/ 2024-07-08 14:55:49 hub/parsers/s01-parse/inherent-io/keycloak-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/jbowdre/ 2024-07-08 14:55:49 hub/parsers/s01-parse/jbowdre/miniflux-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/jusabatier/ 2024-07-08 14:55:49 hub/parsers/s01-parse/jusabatier/apereo-cas-audit-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/lourys/ 2024-07-08 14:55:49 hub/parsers/s01-parse/lourys/pterodactyl-wings-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/mstilkerich/ 2024-07-08 14:55:49 hub/parsers/s01-parse/mstilkerich/bind9-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/mwinters-stuff/ 2024-07-08 14:55:49 hub/parsers/s01-parse/mwinters-stuff/mailu-admin-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/openappsec/ 2024-07-08 14:55:49 hub/parsers/s01-parse/openappsec/openappsec-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/schiz0phr3ne/ 2024-07-08 14:55:49 hub/parsers/s01-parse/schiz0phr3ne/prowlarr-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/schiz0phr3ne/radarr-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/schiz0phr3ne/sonarr-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/thespad/ 2024-07-08 14:55:49 hub/parsers/s01-parse/thespad/sshesame-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/timokoessler/ 2024-07-08 14:55:49 hub/parsers/s01-parse/timokoessler/gitlab-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/timokoessler/mongodb-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/timokoessler/uptime-kuma-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/xs539/ 2024-07-08 14:55:49 hub/parsers/s01-parse/xs539/bookstack-logs.yaml 2024-07-08 14:55:49 hub/parsers/s01-parse/xs539/joplin-server-logs.yaml 2024-07-08 14:55:49 hub/parsers/s02-enrich/ 2024-07-08 14:55:49 hub/parsers/s02-enrich/crowdsecurity/ 2024-07-08 14:55:49 hub/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml 2024-07-08 14:55:49 hub/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml 2024-07-08 14:55:49 hub/parsers/s02-enrich/crowdsecurity/http-logs.yaml 2024-07-08 14:55:49 hub/parsers/s02-enrich/crowdsecurity/jellyfin-whitelist.yaml 2024-07-08 14:55:49 hub/parsers/s02-enrich/crowdsecurity/naxsi-logs.yaml 2024-07-08 14:55:49 hub/parsers/s02-enrich/crowdsecurity/nextcloud-whitelist.yaml 2024-07-08 14:55:49 hub/parsers/s02-enrich/crowdsecurity/whitelists.yaml 2024-07-08 14:55:49 hub/postoverflows/ 2024-07-08 14:55:49 hub/postoverflows/s00-enrich/ 2024-07-08 14:55:49 hub/postoverflows/s00-enrich/crowdsecurity/ 2024-07-08 14:55:49 hub/postoverflows/s00-enrich/crowdsecurity/ipv6_to_range.yaml 2024-07-08 14:55:49 hub/postoverflows/s00-enrich/crowdsecurity/rdns.yaml 2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/ 2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/crowdsecurity/ 2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/crowdsecurity/auditd-nvm-whitelist-process.yaml 2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/crowdsecurity/auditd-whitelisted-process.yaml 2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/crowdsecurity/cdn-qc-whitelsit.yaml 2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml 2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/crowdsecurity/cookiebot-whitelist.yaml 2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/crowdsecurity/discord-crawler-whitelist.yaml 2024-07-08 14:55:49 hub/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.yaml 2024-07-08 14:55:49 hub/scenarios/ 2024-07-08 14:55:49 hub/scenarios/Dominic-Wagner/ 2024-07-08 14:55:49 hub/scenarios/Dominic-Wagner/vaultwarden-bf.yaml 2024-07-08 14:55:49 hub/scenarios/LePresidente/ 2024-07-08 14:55:49 hub/scenarios/LePresidente/adguardhome-bf.yaml 2024-07-08 14:55:49 hub/scenarios/LePresidente/authelia-bf.yaml 2024-07-08 14:55:49 hub/scenarios/LePresidente/emby-bf.yaml 2024-07-08 14:55:49 hub/scenarios/LePresidente/gitea-bf.yaml 2024-07-08 14:55:49 hub/scenarios/LePresidente/grafana-bf.yaml 2024-07-08 14:55:49 hub/scenarios/LePresidente/harbor-bf.yaml 2024-07-08 14:55:49 hub/scenarios/LePresidente/jellyfin-bf.yaml 2024-07-08 14:55:49 hub/scenarios/LePresidente/jellyseerr-bf.yaml 2024-07-08 14:55:49 hub/scenarios/LePresidente/ombi-bf.yaml 2024-07-08 14:55:49 hub/scenarios/LePresidente/overseerr-bf.yaml 2024-07-08 14:55:49 hub/scenarios/LePresidente/redmine-bf.yaml 2024-07-08 14:55:49 hub/scenarios/LePresidente/ssh-bad-keyexchange-bf.yaml 2024-07-08 14:55:49 hub/scenarios/MariuszKociubinski/ 2024-07-08 14:55:49 hub/scenarios/MariuszKociubinski/bitwarden-bf.yaml 2024-07-08 14:55:49 hub/scenarios/a1ad/ 2024-07-08 14:55:49 hub/scenarios/a1ad/meshcentral-bf.yaml 2024-07-08 14:55:49 hub/scenarios/a1ad/mikrotik-bf.yaml 2024-07-08 14:55:49 hub/scenarios/a1ad/mikrotik-scan-multi_ports.yaml 2024-07-08 14:55:49 hub/scenarios/aidalinfo/ 2024-07-08 14:55:49 hub/scenarios/aidalinfo/couchdb-bf.yaml 2024-07-08 14:55:49 hub/scenarios/aidalinfo/couchdb-crawl.yaml 2024-07-08 14:55:49 hub/scenarios/aidalinfo/tcpudp-flood-traefik.yaml 2024-07-08 14:55:49 hub/scenarios/andreasbrett/ 2024-07-08 14:55:49 hub/scenarios/andreasbrett/baikal-bf.yaml 2024-07-08 14:55:49 hub/scenarios/andreasbrett/paperless-ngx-bf.yaml 2024-07-08 14:55:49 hub/scenarios/andreasbrett/webmin-bf.yaml 2024-07-08 14:55:49 hub/scenarios/baudneo/ 2024-07-08 14:55:49 hub/scenarios/baudneo/gotify-bf.yaml 2024-07-08 14:55:49 hub/scenarios/baudneo/zoneminder-bf.yaml 2024-07-08 14:55:49 hub/scenarios/baudneo/zoneminder_cve-2022-39285.yaml 2024-07-08 14:55:49 hub/scenarios/baudneo/zoneminder_cve-2022-39290.yaml 2024-07-08 14:55:49 hub/scenarios/baudneo/zoneminder_cve-2022-39291.yaml 2024-07-08 14:55:49 hub/scenarios/corvese/ 2024-07-08 14:55:49 hub/scenarios/corvese/apache-guacamole_bf.yaml 2024-07-08 14:55:49 hub/scenarios/corvese/apache-guacamole_user_enum.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/ 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2017-9841.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2019-18935.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2021-4034.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-26134.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-35914.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-37042.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-40684.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-41082.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-41697.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-42889.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-44877.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2022-46169.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2023-22515.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2023-22518.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2023-23397.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2023-49103.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/CVE-2023-4911.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/amavis-blocked.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/apache_log4j2_cve-2021-44228.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/appsec-vpatch.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/asterisk_bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/asterisk_user_enum.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/auditd-base64-exec-behavior.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/auditd-postexploit-exec-from-net.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/auditd-postexploit-pkill.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/auditd-postexploit-rm.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/auditd-suid-crash.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/auditd-sus-exec.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-cloudtrail-config-change.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-config-config-change.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-console-auth-fail.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-iam-policy-change.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-kms-deletion.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-login-no-mfa.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-nacl-change.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-ngw-change.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-root-usage.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-route-table-change.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-s3-policy-change.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-security-group-change.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-unauthorized-call.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cis-benchmark-vpc-change.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-cloudtrail-postexploit.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/aws-nwo-login.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/ban-defcon-drop_range.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/configserver-lfd-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/cpanel-bf-attempt.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/cpanel-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/crowdsec-appsec-inband.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/crowdsec-appsec-outofband.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/dovecot-spam.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/endlessh-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/exchange-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/exim-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/exim-spam.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/f5-big-ip-cve-2020-5902.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/fortinet-cve-2018-13379.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/freeswitch-acl-reject.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/freeswitch-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/freeswitch-user-enumeration.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/grafana-cve-2021-43798.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/home-assistant-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-admin-interface-probing.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-apiscp-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-backdoors-attempts.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-bad-user-agent.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-bf-wordpress_bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-bf-wordpress_bf_xmlrpc.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-crawl-non_statics.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-cve-2021-41773.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-cve-2021-42013.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-cve-probing.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-dos-bypass-cache.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-dos-invalid-http-versions.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-dos-random-uri.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-dos-switching-ua.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-generic-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-magento-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-magento-ccs-by-as.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-magento-ccs-by-country.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-magento-ccs.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-open-proxy.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-path-traversal-probing.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-probing.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-sensitive-files.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-sqli-probing.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-wordpress-scan.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-wordpress_user-enum.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-wordpress_wpconfig.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/http-xss-probing.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/impossible-travel-user.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/impossible-travel.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/iptables-scan-multi_ports.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/jira_cve-2021-26086.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/k8s-audit-anonymous-access.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/k8s-audit-api-server-bruteforce.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/k8s-audit-pod-exec.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/k8s-audit-pod-host-network.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/k8s-audit-pod-host-path-volume.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/k8s-audit-privileged-pod-creation.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/k8s-audit-service-account-access-denied.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/kasm-bruteforce.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/litespeed-admin-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/mariadb-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/modsecurity.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/mssql-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/mysql-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/naxsi-exploit-vpatch.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/netgear_rce.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/nextcloud-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/nginx-req-limit-exceeded.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/odoo-bf_user-enum.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/opnsense-gui-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/palo-alto-threat.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/pfsense-gui-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/pgsql-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/pgsql-user-enum.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/postfix-spam.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/proftpd-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/proftpd-bf_user-enum.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/pulse-secure-sslvpn-cve-2019-11510.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/smb-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/spring4shell_cve-2022-22965.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/ssh-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/ssh-slow-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/suricata-alerts.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/synology-dsm-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/teamspeak3-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/teleport-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/telnet-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/thehive-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/thinkphp-cve-2018-20062.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/vmware-cve-2022-22954.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/vmware-vcenter-vmsa-2021-0027.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/vsftpd-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/windows-CVE-2022-30190-msdt.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/windows-bf.yaml 2024-07-08 14:55:49 hub/scenarios/crowdsecurity/wireguard-auth.yaml 2024-07-08 14:55:49 hub/scenarios/darkclip/ 2024-07-08 14:55:49 hub/scenarios/darkclip/charon-ipsec-bf.yaml 2024-07-08 14:55:49 hub/scenarios/darkclip/charon-ipsec-slow-bf.yaml 2024-07-08 14:55:49 hub/scenarios/firewallservices/ 2024-07-08 14:55:49 hub/scenarios/firewallservices/lemonldap-ng-bf.yaml 2024-07-08 14:55:49 hub/scenarios/firewallservices/pf-scan-multi_ports.yaml 2024-07-08 14:55:49 hub/scenarios/firewallservices/zimbra-bf.yaml 2024-07-08 14:55:49 hub/scenarios/firix/ 2024-07-08 14:55:49 hub/scenarios/firix/authentik-bf.yaml 2024-07-08 14:55:49 hub/scenarios/fulljackz/ 2024-07-08 14:55:49 hub/scenarios/fulljackz/proxmox-bf.yaml 2024-07-08 14:55:49 hub/scenarios/fulljackz/pureftpd-bf.yaml 2024-07-08 14:55:49 hub/scenarios/gauth-fr/ 2024-07-08 14:55:49 hub/scenarios/gauth-fr/immich-bf.yaml 2024-07-08 14:55:49 hub/scenarios/hitech95/ 2024-07-08 14:55:49 hub/scenarios/hitech95/mail-generic-bf.yaml 2024-07-08 14:55:49 hub/scenarios/inherent-io/ 2024-07-08 14:55:49 hub/scenarios/inherent-io/keycloak-bf.yaml 2024-07-08 14:55:49 hub/scenarios/inherent-io/keycloak-slow-bf.yaml 2024-07-08 14:55:49 hub/scenarios/jbowdre/ 2024-07-08 14:55:49 hub/scenarios/jbowdre/miniflux-bf.yaml 2024-07-08 14:55:49 hub/scenarios/jusabatier/ 2024-07-08 14:55:49 hub/scenarios/jusabatier/apereo-cas-bf.yaml 2024-07-08 14:55:49 hub/scenarios/jusabatier/apereo-cas-slow-bf.yaml 2024-07-08 14:55:49 hub/scenarios/jusabatier/cas-slow-bf.yaml 2024-07-08 14:55:49 hub/scenarios/lourys/ 2024-07-08 14:55:49 hub/scenarios/lourys/pterodactyl-wings-bf.yaml 2024-07-08 14:55:49 hub/scenarios/ltsich/ 2024-07-08 14:55:49 hub/scenarios/ltsich/http-w00tw00t.yaml 2024-07-08 14:55:49 hub/scenarios/mstilkerich/ 2024-07-08 14:55:49 hub/scenarios/mstilkerich/bind9-refused.yaml 2024-07-08 14:55:49 hub/scenarios/mwinters-stuff/ 2024-07-08 14:55:49 hub/scenarios/mwinters-stuff/mailu-admin-bf.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/ 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-bot-protection.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-cross-site-redirect.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-csrf.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-error-disclosure.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-error-limit.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-evasion-techniques.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-general.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-http-limit-violation.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-http-method-violation.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-ldap-injection.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-open-redirect.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-path-traversal.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-probing.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-rce.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-request-rate-limit.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-schema-validation.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-sql-injection.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-url-instead-of-file.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-xss.yaml 2024-07-08 14:55:49 hub/scenarios/openappsec/openappsec-xxe.yaml 2024-07-08 14:55:49 hub/scenarios/schiz0phr3ne/ 2024-07-08 14:55:49 hub/scenarios/schiz0phr3ne/prowlarr-bf.yaml 2024-07-08 14:55:49 hub/scenarios/schiz0phr3ne/radarr-bf.yaml 2024-07-08 14:55:49 hub/scenarios/schiz0phr3ne/sonarr-bf.yaml 2024-07-08 14:55:49 hub/scenarios/thespad/ 2024-07-08 14:55:49 hub/scenarios/thespad/sshesame-honeypot.yaml 2024-07-08 14:55:49 hub/scenarios/timokoessler/ 2024-07-08 14:55:49 hub/scenarios/timokoessler/gitlab-bf.yaml 2024-07-08 14:55:49 hub/scenarios/timokoessler/mongodb-bf.yaml 2024-07-08 14:55:49 hub/scenarios/timokoessler/uptime-kuma-bf.yaml 2024-07-08 14:55:49 hub/scenarios/xs539/ 2024-07-08 14:55:49 hub/scenarios/xs539/bookstack-bf.yaml 2024-07-08 14:55:49 hub/scenarios/xs539/joplin-server-bf.yaml 2024-07-08 14:55:49 notifications/ 2024-07-08 14:55:49 notifications/email.yaml 2024-07-08 14:55:49 notifications/http.yaml 2024-07-08 14:55:49 notifications/sentinel.yaml 2024-07-08 14:55:49 notifications/slack.yaml 2024-07-08 14:55:49 notifications/splunk.yaml 2024-07-08 14:55:49 parsers/ 2024-07-08 14:55:49 parsers/s00-raw/ 2024-07-08 14:55:49 parsers/s00-raw/syslog-logs.yaml -> /etc/crowdsec/hub/parsers/s00-raw/crowdsecurity/syslog-logs.yaml 2024-07-08 14:55:49 parsers/s01-parse/ 2024-07-08 14:55:49 parsers/s01-parse/sshd-logs.yaml -> /etc/crowdsec/hub/parsers/s01-parse/crowdsecurity/sshd-logs.yaml 2024-07-08 14:55:49 parsers/s02-enrich/ 2024-07-08 14:55:49 parsers/s02-enrich/dateparse-enrich.yaml -> /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml 2024-07-08 14:55:49 parsers/s02-enrich/geoip-enrich.yaml -> /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml 2024-07-08 14:55:49 parsers/s02-enrich/whitelists.yaml -> /etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity/whitelists.yaml 2024-07-08 14:55:49 patterns/ 2024-07-08 14:55:49 patterns/aws 2024-07-08 14:55:49 patterns/bacula 2024-07-08 14:55:49 patterns/bro 2024-07-08 14:55:49 patterns/cowrie_honeypot 2024-07-08 14:55:49 patterns/exim 2024-07-08 14:55:49 patterns/firewalls 2024-07-08 14:55:49 patterns/haproxy 2024-07-08 14:55:49 patterns/java 2024-07-08 14:55:49 patterns/junos 2024-07-08 14:55:49 patterns/linux-syslog 2024-07-08 14:55:49 patterns/mcollective 2024-07-08 14:55:49 patterns/modsecurity 2024-07-08 14:55:49 patterns/mongodb 2024-07-08 14:55:49 patterns/mysql 2024-07-08 14:55:49 patterns/nagios 2024-07-08 14:55:49 patterns/nginx 2024-07-08 14:55:49 patterns/paths 2024-07-08 14:55:49 patterns/postgresql 2024-07-08 14:55:49 patterns/rails 2024-07-08 14:55:49 patterns/redis 2024-07-08 14:55:49 patterns/ruby 2024-07-08 14:55:49 patterns/smb 2024-07-08 14:55:49 patterns/ssh 2024-07-08 14:55:49 patterns/tcpdump 2024-07-08 14:55:49 postoverflows/ 2024-07-08 14:55:49 scenarios/ 2024-07-08 14:55:49 scenarios/ssh-bf.yaml -> /etc/crowdsec/hub/scenarios/crowdsecurity/ssh-bf.yaml 2024-07-08 14:55:49 scenarios/ssh-slow-bf.yaml -> /etc/crowdsec/hub/scenarios/crowdsecurity/ssh-slow-bf.yaml 2024-07-08 14:55:49 2024-07-08 14:55:49 sent 1,747,918 bytes received 11,571 bytes 3,518,978.00 bytes/sec 2024-07-08 14:55:49 total size is 1,703,749 speedup is 0.97 2024-07-08 14:55:49 Generate local agent credentials 2024-07-08 14:55:49 Check if lapi needs to register an additional agent 2024-07-08 14:55:49 sqlite database permissions updated 2024-07-08 14:55:49 Skipping hub update, index file is not in a volume 2024-07-08 14:55:49 /var/lib/crowdsec/data was found in a volume 2024-07-08 14:55:49 Running hub upgrade 2024-07-08 14:55:49 Error: no matches found 2024-07-08 14:55:49 Machine 'localhost' successfully added to the local API. 2024-07-08 14:55:49 API credentials written to '/etc/crowdsec/local_api_credentials.yaml'. 2024-07-08 14:55:50 level=info msg="Upgrading parsers" 2024-07-08 14:55:50 level=info msg="crowdsecurity/whitelists: up-to-date" 2024-07-08 14:55:50 level=info msg="crowdsecurity/syslog-logs: up-to-date" 2024-07-08 14:55:50 level=info msg="crowdsecurity/dateparse-enrich: up-to-date" 2024-07-08 14:55:50 level=info msg="crowdsecurity/geoip-enrich: up-to-date" 2024-07-08 14:55:59 level=info msg="crowdsecurity/sshd-logs: up-to-date" 2024-07-08 14:55:59 level=info msg="Upgraded 0 parsers" 2024-07-08 14:55:59 level=info msg="Upgrading postoverflows" 2024-07-08 14:55:59 level=info msg="Upgraded 0 postoverflows" 2024-07-08 14:55:59 level=info msg="Upgrading scenarios" 2024-07-08 14:55:59 level=info msg="crowdsecurity/ssh-bf: up-to-date" 2024-07-08 14:55:59 level=info msg="crowdsecurity/ssh-slow-bf: up-to-date" 2024-07-08 14:55:59 level=info msg="Upgraded 0 scenarios" 2024-07-08 14:55:59 level=info msg="Upgrading contexts" 2024-07-08 14:55:59 level=info msg="crowdsecurity/bf_base: up-to-date" 2024-07-08 14:55:59 level=info msg="Upgraded 0 contexts" 2024-07-08 14:55:59 level=info msg="Upgrading appsec-configs" 2024-07-08 14:55:59 level=info msg="Upgraded 0 appsec-configs" 2024-07-08 14:55:59 level=info msg="Upgrading appsec-rules" 2024-07-08 14:55:59 level=info msg="Upgraded 0 appsec-rules" 2024-07-08 14:55:59 level=info msg="Upgrading collections" 2024-07-08 14:55:59 level=info msg="crowdsecurity/linux: up-to-date" 2024-07-08 14:55:59 level=info msg="crowdsecurity/sshd: up-to-date" 2024-07-08 14:55:59 level=info msg="Upgraded 0 collections" 2024-07-08 14:55:59 Running: cscli parsers install "crowdsecurity/docker-logs" 2024-07-08 14:55:59 level=info msg="Enabled parsers: crowdsecurity/docker-logs" 2024-07-08 14:55:59 level=info msg="Enabled crowdsecurity/docker-logs" 2024-07-08 14:55:59 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." 2024-07-08 14:55:59 installed crowdsecurity/docker-logs 2024-07-08 14:55:59 Running: cscli parsers install "crowdsecurity/cri-logs" 2024-07-08 14:55:59 level=info msg="Enabled parsers: crowdsecurity/cri-logs" 2024-07-08 14:55:59 level=info msg="Enabled crowdsecurity/cri-logs" 2024-07-08 14:55:59 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." 2024-07-08 14:55:59 installed crowdsecurity/cri-logs 2024-07-08 14:55:59 Running: cscli collections install "crowdsecurity/caddy" 2024-07-08 14:55:59 level=info msg="Enabled parsers: crowdsecurity/caddy-logs" 2024-07-08 14:55:59 level=info msg="Enabled parsers: crowdsecurity/http-logs" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-crawl-non_statics" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-probing" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-bad-user-agent" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-path-traversal-probing" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-sensitive-files" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-sqli-probing" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-xss-probing" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-backdoors-attempts" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: ltsich/http-w00tw00t" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-generic-bf" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-open-proxy" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-admin-interface-probing" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-wordpress-scan" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-cve-probing" 2024-07-08 14:55:59 level=info msg="Enabled contexts: crowdsecurity/http_base" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-cve-2021-41773" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/http-cve-2021-42013" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/grafana-cve-2021-43798" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/vmware-vcenter-vmsa-2021-0027" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/fortinet-cve-2018-13379" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/pulse-secure-sslvpn-cve-2019-11510" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/f5-big-ip-cve-2020-5902" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/thinkphp-cve-2018-20062" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/apache_log4j2_cve-2021-44228" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/jira_cve-2021-26086" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/spring4shell_cve-2022-22965" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/vmware-cve-2022-22954" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-37042" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-41082" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-35914" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-40684" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-26134" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-42889" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-41697" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-46169" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2022-44877" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2019-18935" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/netgear_rce" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2023-22515" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2023-22518" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2023-49103" 2024-07-08 14:55:59 level=info msg="Enabled scenarios: crowdsecurity/CVE-2017-9841" 2024-07-08 14:55:59 level=info msg="Enabled collections: crowdsecurity/http-cve" 2024-07-08 14:55:59 level=info msg="Enabled collections: crowdsecurity/base-http-scenarios" 2024-07-08 14:55:59 installed crowdsecurity/caddy 2024-07-08 14:55:59 level=info msg="Enabled collections: crowdsecurity/caddy" 2024-07-08 14:55:59 level=info msg="Enabled crowdsecurity/caddy" 2024-07-08 14:55:59 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." 2024-07-08 14:55:59 Running: cscli collections install "crowdsecurity/whitelist-good-actors" 2024-07-08 14:55:59 level=info msg="Enabled postoverflows: crowdsecurity/seo-bots-whitelist" 2024-07-08 14:55:59 level=info msg="Enabled postoverflows: crowdsecurity/cdn-whitelist" 2024-07-08 14:55:59 level=info msg="Enabled postoverflows: crowdsecurity/rdns" 2024-07-08 14:55:59 level=info msg="Enabled collections: crowdsecurity/whitelist-good-actors" 2024-07-08 14:55:59 level=info msg="Enabled crowdsecurity/whitelist-good-actors" 2024-07-08 14:55:59 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." 2024-07-08 14:55:59 installed crowdsecurity/whitelist-good-actors 2024-07-08 14:56:00 Running: cscli collections install "crowdsecurity/http-cve" 2024-07-08 14:56:00 level=info msg="Downloaded /var/lib/crowdsec/data/thinkphp_cve_2018-20062.txt" 2024-07-08 14:56:00 updated /var/lib/crowdsec/data/thinkphp_cve_2018-20062.txt 2024-07-08 14:56:00 updated /var/lib/crowdsec/data/log4j2_cve_2021_44228.txt 2024-07-08 14:56:00 level=info msg="Downloaded /var/lib/crowdsec/data/log4j2_cve_2021_44228.txt" 2024-07-08 14:56:00 level=info msg="Downloaded /var/lib/crowdsec/data/jira_cve_2021-26086.txt" 2024-07-08 14:56:00 updated /var/lib/crowdsec/data/jira_cve_2021-26086.txt 2024-07-08 14:56:01 level=info msg="/etc/crowdsec/collections/http-cve.yaml already exists." 2024-07-08 14:56:01 level=info msg="Enabled collections: crowdsecurity/http-cve" 2024-07-08 14:56:01 level=info msg="Enabled crowdsecurity/http-cve" 2024-07-08 14:56:01 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." 2024-07-08 14:56:01 installed crowdsecurity/http-cve 2024-07-08 14:56:01 Running: cscli collections install "crowdsecurity/http-dos" 2024-07-08 14:56:01 level=info msg="Enabled scenarios: crowdsecurity/http-dos-bypass-cache" 2024-07-08 14:56:01 level=info msg="Enabled scenarios: crowdsecurity/http-dos-random-uri" 2024-07-08 14:56:01 level=info msg="Enabled scenarios: crowdsecurity/http-dos-switching-ua" 2024-07-08 14:56:01 level=info msg="Enabled scenarios: crowdsecurity/http-dos-invalid-http-versions" 2024-07-08 14:56:01 level=info msg="Enabled collections: crowdsecurity/http-dos" 2024-07-08 14:56:01 level=info msg="Enabled crowdsecurity/http-dos" 2024-07-08 14:56:01 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." 2024-07-08 14:56:01 installed crowdsecurity/http-dos 2024-07-08 14:56:01 Running: cscli collections install "crowdsecurity/base-http-scenarios" 2024-07-08 14:56:01 level=info msg="Downloaded /var/lib/crowdsec/data/bad_user_agents.regex.txt" 2024-07-08 14:56:01 updated /var/lib/crowdsec/data/bad_user_agents.regex.txt 2024-07-08 14:56:01 level=info msg="Downloaded /var/lib/crowdsec/data/http_path_traversal.txt" 2024-07-08 14:56:01 updated /var/lib/crowdsec/data/http_path_traversal.txt 2024-07-08 14:56:01 level=info msg="Downloaded /var/lib/crowdsec/data/sensitive_data.txt" 2024-07-08 14:56:01 updated /var/lib/crowdsec/data/sensitive_data.txt 2024-07-08 14:56:01 level=info msg="Downloaded /var/lib/crowdsec/data/sqli_probe_patterns.txt" 2024-07-08 14:56:01 updated /var/lib/crowdsec/data/sqli_probe_patterns.txt 2024-07-08 14:56:01 level=info msg="Downloaded /var/lib/crowdsec/data/xss_probe_patterns.txt" 2024-07-08 14:56:01 updated /var/lib/crowdsec/data/xss_probe_patterns.txt 2024-07-08 14:56:01 level=info msg="Downloaded /var/lib/crowdsec/data/backdoors.txt" 2024-07-08 14:56:01 updated /var/lib/crowdsec/data/backdoors.txt 2024-07-08 14:56:01 updated /var/lib/crowdsec/data/admin_interfaces.txt 2024-07-08 14:56:01 level=info msg="Downloaded /var/lib/crowdsec/data/admin_interfaces.txt" 2024-07-08 14:56:01 updated /var/lib/crowdsec/data/trendy_cves.txt 2024-07-08 14:56:01 level=info msg="Downloaded /var/lib/crowdsec/data/trendy_cves.txt" 2024-07-08 14:56:02 installed crowdsecurity/base-http-scenarios 2024-07-08 14:56:02 level=info msg="/etc/crowdsec/collections/http-cve.yaml already exists." 2024-07-08 14:56:02 level=info msg="Enabled collections: crowdsecurity/http-cve" 2024-07-08 14:56:02 level=info msg="/etc/crowdsec/collections/base-http-scenarios.yaml already exists." 2024-07-08 14:56:02 level=info msg="Enabled collections: crowdsecurity/base-http-scenarios" 2024-07-08 14:56:02 level=info msg="Enabled crowdsecurity/base-http-scenarios" 2024-07-08 14:56:02 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." 2024-07-08 14:56:02 Running: cscli collections install "crowdsecurity/appsec-crs" 2024-07-08 14:56:02 installed crowdsecurity/appsec-crs 2024-07-08 14:56:02 level=info msg="Enabled parsers: crowdsecurity/appsec-logs" 2024-07-08 14:56:02 level=info msg="Enabled appsec-configs: crowdsecurity/crs" 2024-07-08 14:56:02 level=info msg="Enabled appsec-rules: crowdsecurity/crs" 2024-07-08 14:56:02 level=info msg="Enabled collections: crowdsecurity/appsec-crs" 2024-07-08 14:56:02 level=info msg="Enabled crowdsecurity/appsec-crs" 2024-07-08 14:56:02 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." 2024-07-08 14:56:02 Running: cscli collections install "crowdsecurity/appsec-generic-rules" 2024-07-08 14:56:02 level=info msg="Enabled scenarios: crowdsecurity/appsec-vpatch" 2024-07-08 14:56:02 level=info msg="Enabled contexts: crowdsecurity/appsec_base" 2024-07-08 14:56:02 level=info msg="Enabled appsec-configs: crowdsecurity/generic-rules" 2024-07-08 14:56:02 level=info msg="Enabled appsec-configs: crowdsecurity/appsec-default" 2024-07-08 14:56:02 level=info msg="Enabled appsec-rules: crowdsecurity/base-config" 2024-07-08 14:56:02 level=info msg="Enabled appsec-rules: crowdsecurity/generic-freemarker-ssti" 2024-07-08 14:56:02 level=info msg="Enabled collections: crowdsecurity/appsec-generic-rules" 2024-07-08 14:56:02 level=info msg="Enabled crowdsecurity/appsec-generic-rules" 2024-07-08 14:56:02 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." 2024-07-08 14:56:02 installed crowdsecurity/appsec-generic-rules 2024-07-08 14:56:03 Running: cscli collections install "crowdsecurity/appsec-virtual-patching" 2024-07-08 14:56:03 level=info msg="Enabled appsec-configs: crowdsecurity/virtual-patching" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-env-access" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-40044" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2017-9841" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2020-11738" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-27926" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-35914" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-46169" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-20198" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-22515" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-33617" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-34362" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-3519" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-42793" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-50164" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-38205" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-24489" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2021-3129" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2021-22941" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2019-12989" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-44877" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2018-10562" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6553" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2018-1000861" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2019-1003030" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-22965" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-23752" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-49070" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-laravel-debug-mode" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-28121" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2020-17496" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-1389" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-7028" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-46805" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-23897" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-22527" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-35078" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-35082" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2022-22954" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-1212" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-symfony-profiler" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-connectwise-auth-bypass" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-22024" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-27198" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-3273" 2024-07-08 14:56:03 level=info msg="Enabled collections: crowdsecurity/appsec-virtual-patching" 2024-07-08 14:56:03 level=info msg="Enabled crowdsecurity/appsec-virtual-patching" 2024-07-08 14:56:03 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." 2024-07-08 14:56:03 installed crowdsecurity/appsec-virtual-patching 2024-07-08 14:56:03 Running: cscli collections install "crowdsecurity/appsec-wordpress" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-0600" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-0900" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-2009" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-23488" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-23489" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-4634" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6360" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6567" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2023-6623" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-1061" 2024-07-08 14:56:03 level=info msg="Enabled appsec-rules: crowdsecurity/vpatch-CVE-2024-1071" 2024-07-08 14:56:03 installed crowdsecurity/appsec-wordpress 2024-07-08 14:56:03 level=info msg="Enabled collections: crowdsecurity/appsec-wordpress" 2024-07-08 14:56:03 level=info msg="Enabled crowdsecurity/appsec-wordpress" 2024-07-08 14:56:03 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." 2024-07-08 14:56:03 Running: cscli collections install "crowdsecurity/wordpress" 2024-07-08 14:56:03 level=info msg="Enabled scenarios: crowdsecurity/http-bf-wordpress_bf" 2024-07-08 14:56:03 level=info msg="Enabled scenarios: crowdsecurity/http-wordpress_wpconfig" 2024-07-08 14:56:03 level=info msg="Enabled scenarios: crowdsecurity/http-wordpress_user-enum" 2024-07-08 14:56:03 level=info msg="Enabled collections: crowdsecurity/wordpress" 2024-07-08 14:56:03 level=info msg="Enabled crowdsecurity/wordpress" 2024-07-08 14:56:03 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." 2024-07-08 14:56:03 installed crowdsecurity/wordpress 2024-07-08 14:56:03 Running: cscli collections install "crowdsecurity/discord-crawler-whitelist" 2024-07-08 14:56:03 installed crowdsecurity/discord-crawler-whitelist 2024-07-08 14:56:03 level=info msg="Enabled postoverflows: crowdsecurity/discord-crawler-whitelist" 2024-07-08 14:56:03 level=info msg="Enabled collections: crowdsecurity/discord-crawler-whitelist" 2024-07-08 14:56:03 level=info msg="Enabled crowdsecurity/discord-crawler-whitelist" 2024-07-08 14:56:03 level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." 2024-07-08 14:56:03 Registered bouncer for CADDY 2024-07-08 14:56:03 time="2024-07-08T11:56:03Z" level=info msg="Loading yaml file: '/etc/crowdsec/config.yaml' with additional values from '/etc/crowdsec/config.yaml.local'" ```

And then from the log file:

time="2024-07-08T11:56:05Z" level=warning msg="Machine is not allowed to synchronize decisions, you can enable it with `cscli console enable console_management`"
time="2024-07-08T11:56:05Z" level=warning msg="scenario list is empty, will not pull yet"
time="2024-07-08T11:56:05Z" level=error msg="open /var/lib/crowdsec/data/cloudflare_ips.txt: no such file or directory"
time="2024-07-08T11:56:05Z" level=error msg="open /var/lib/crowdsec/data/cloudflare_ip6s.txt: no such file or directory"
time="2024-07-08T11:56:05Z" level=error msg="open /var/lib/crowdsec/data/rdns_seo_bots.txt: no such file or directory"
time="2024-07-08T11:56:05Z" level=error msg="open /var/lib/crowdsec/data/rdns_seo_bots.regex: no such file or directory"
time="2024-07-08T11:56:05Z" level=error msg="open /var/lib/crowdsec/data/ip_seo_bots.txt: no such file or directory"
time="2024-07-08T11:56:05Z" level=warning msg="No matching files for pattern /var/log/syslog" type=file
time="2024-07-08T11:56:06Z" level=warning msg="/var/log/auth.log is a directory, ignoring it." type=file

I do not think it's related to OneDrive, it looks like you did not clear the data directory, because you have

crowdsec  | updated rdns_seo_bots.txt
crowdsec  | updated rdns_seo_bots.regex
crowdsec  | updated ip_seo_bots.txt
crowdsec  | time="2024-07-08T10:39:47Z" level=info msg="Enabled postoverflows: crowdsecurity/seo-bots-whitelist"
crowdsec  | time="2024-07-08T10:39:47Z" level=info msg="crowdsecurity/cdn-whitelist: OK"
crowdsec  | updated cloudflare_ips.txt
crowdsec  | updated cloudflare_ip6s.txt

in your logs, and I get similar entries only after 2nd launch of container. If data folder is empty at the time of container launch, you will get appropriate warnings.

So here is my compose, I dont use volume I just specified a test folder which does not exist:

services:
  crowdsec:
    container_name: crowdsec
    image: crowdsecurity/crowdsec:v1.6.2
    restart: unless-stopped
    environment:
      GID: 1000
      COLLECTIONS: crowdsecurity/caddy crowdsecurity/whitelist-good-actors crowdsecurity/http-cve crowdsecurity/http-dos crowdsecurity/base-http-scenarios crowdsecurity/appsec-crs crowdsecurity/appsec-generic-rules crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-wordpress crowdsecurity/wordpress crowdsecurity/discord-crawler-whitelist
    volumes:
       - ./test/:/var/lib/crowdsec/data/:rw
       #Required to read syslog. This will be valid only on UNIX
       - /var/log/:/var/log/:ro
       #Caddy logs folder is RW, because we're also writing Crowdsec logs here
       - ./logs:/usr/local/logs/:rw
    security_opt:
      - no-new-privileges=true
    healthcheck:
       test: [ "CMD", "cscli", "lapi", "status" ]
       start_period: 120s
       interval: 10s
       timeout: 5s
       retries: 3

Disk check to see there is no test folder

root@bookworm:/tmp# ls -la
total 44
drwxrwxrwt 10 root root 4096 Jul  8 12:23 .
drwxr-xr-x 18 root root 4096 May 15 16:13 ..
drwxrwxrwt  2 root root 4096 Jul  8 10:35 .ICE-unix
drwxrwxrwt  2 root root 4096 Jul  8 10:35 .X11-unix
drwxrwxrwt  2 root root 4096 Jul  8 10:35 .XIM-unix
drwxrwxrwt  2 root root 4096 Jul  8 10:35 .font-unix
drwxr-xr-x  3 root root 4096 Jul  8 10:36 config
-rw-r--r--  1 root root    0 Jul  8 10:37 config.yaml.local
-rw-r--r--  1 root root 1046 Jul  8 10:48 docker-compose.yaml
drwxr-xr-x  2 root root 4096 Jul  8 10:36 logs
drwx------  3 root root 4096 Jul  8 10:35 systemd-private-0640d25d1096422496910f954a1f546b-chrony.service-6lZV62
drwx------  3 root root 4096 Jul  8 10:35 systemd-private-0640d25d1096422496910f954a1f546b-systemd-logind.service-DKpJ5I

Same cant replicate: but what do you mean from And then from the log file: ? as all logs are printed to stdout unless your config.yaml.local has specified to print to a log file?

When the directory is empty you get logs stating it will download them

crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/thinkphp_cve_2018-20062.txt"
crowdsec  | updated /var/lib/crowdsec/data/thinkphp_cve_2018-20062.txt
crowdsec  | updated /var/lib/crowdsec/data/log4j2_cve_2021_44228.txt
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/log4j2_cve_2021_44228.txt"
crowdsec  | updated /var/lib/crowdsec/data/jira_cve_2021-26086.txt
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/jira_cve_2021-26086.txt"
crowdsec  | level=info msg="/etc/crowdsec/collections/http-cve.yaml already exists."
crowdsec  | level=info msg="Enabled collections: crowdsecurity/http-cve"
crowdsec  | level=info msg="Enabled crowdsecurity/http-cve"
crowdsec  | level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | installed crowdsecurity/http-cve
crowdsec  | Running: cscli  collections install "crowdsecurity/http-dos"
crowdsec  | level=info msg="Enabled scenarios: crowdsecurity/http-dos-bypass-cache"
crowdsec  | level=info msg="Enabled scenarios: crowdsecurity/http-dos-random-uri"
crowdsec  | level=info msg="Enabled scenarios: crowdsecurity/http-dos-switching-ua"
crowdsec  | level=info msg="Enabled scenarios: crowdsecurity/http-dos-invalid-http-versions"
crowdsec  | level=info msg="Enabled collections: crowdsecurity/http-dos"
crowdsec  | level=info msg="Enabled crowdsecurity/http-dos"
crowdsec  | level=info msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective."
crowdsec  | installed crowdsecurity/http-dos
crowdsec  | Running: cscli  collections install "crowdsecurity/base-http-scenarios"
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/bad_user_agents.regex.txt"
crowdsec  | updated /var/lib/crowdsec/data/bad_user_agents.regex.txt
crowdsec  | updated /var/lib/crowdsec/data/http_path_traversal.txt
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/http_path_traversal.txt"
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/sensitive_data.txt"
crowdsec  | updated /var/lib/crowdsec/data/sensitive_data.txt
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/sqli_probe_patterns.txt"
crowdsec  | updated /var/lib/crowdsec/data/sqli_probe_patterns.txt
crowdsec  | updated /var/lib/crowdsec/data/xss_probe_patterns.txt
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/xss_probe_patterns.txt"
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/backdoors.txt"
crowdsec  | updated /var/lib/crowdsec/data/backdoors.txt
crowdsec  | updated /var/lib/crowdsec/data/admin_interfaces.txt
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/admin_interfaces.txt"
crowdsec  | level=info msg="Downloaded /var/lib/crowdsec/data/trendy_cves.txt"

The wording updated is misleading it just means the file was modified.

My config.yaml.local is pointing to a file, yes. Interesting, that your logs do not have a line like

2024-07-08 14:55:49 hub/collections/crowdsecurity/whitelist-good-actors.yaml

when configs are being copied. Some difference in the image? latest seems to be the same as 1.6.2, though, from what I see 🤔

Managed to replicate the error by setting config.yaml.local to log to a file instead

time="2024-07-08T12:46:57Z" level=debug msg="adding expression any(File('cloudflare_ips.txt'), { IpInRange(evt.Overflow.Alert.Source.IP ,#)}) to whitelists" id=cool-wind name=crowdsecurity/cdn-whitelist stage=s01-whitelist
time="2024-07-08T12:46:57Z" level=debug msg="adding expression any(File('cloudflare_ip6s.txt'), { IpInRange(evt.Overflow.Alert.Source.IP ,#)}) to whitelists" id=cool-wind name=crowdsecurity/cdn-whitelist stage=s01-whitelist
time="2024-07-08T12:46:57Z" level=debug msg="init (folder:/var/lib/crowdsec/data) (file:cloudflare_ips.txt) (type:string)"
time="2024-07-08T12:46:57Z" level=error msg="open /var/lib/crowdsec/data/cloudflare_ips.txt: no such file or directory"
time="2024-07-08T12:46:57Z" level=debug msg="init (folder:/var/lib/crowdsec/data) (file:cloudflare_ip6s.txt) (type:string)"
time="2024-07-08T12:46:57Z" level=error msg="open /var/lib/crowdsec/data/cloudflare_ip6s.txt: no such file or directory"
time="2024-07-08T12:46:57Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s01-whitelist/cdn-whitelist.yaml stage=s01-whitelist
time="2024-07-08T12:46:57Z" level=debug msg="loading parser file '{/etc/crowdsec/postoverflows/s01-whitelist/discord-crawler-whitelist.yaml s01-whitelist}'"
time="2024-07-08T12:46:57Z" level=debug msg="adding expression evt.Enriched.reverse_dns endsWith '.ptr.discord.com.' to whitelists" id=holy-sunset name=crowdsecurity/discord-crawler-whitelist stage=s01-whitelist
time="2024-07-08T12:46:57Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s01-whitelist/discord-crawler-whitelist.yaml stage=s01-whitelist
time="2024-07-08T12:46:57Z" level=debug msg="loading parser file '{/etc/crowdsec/postoverflows/s01-whitelist/seo-bots-whitelist.yaml s01-whitelist}'"
time="2024-07-08T12:46:57Z" level=debug msg="adding expression any(File('rdns_seo_bots.txt'), { len(#) > 0 && evt.Enriched.reverse_dns endsWith #}) to whitelists" id=misty-snowflake name=crowdsecurity/seo-bots-whitelist stage=s01-whitelist
time="2024-07-08T12:46:57Z" level=debug msg="adding expression RegexpInFile(evt.Enriched.reverse_dns, 'rdns_seo_bots.regex') to whitelists" id=misty-snowflake name=crowdsecurity/seo-bots-whitelist stage=s01-whitelist
time="2024-07-08T12:46:57Z" level=debug msg="adding expression any(File('ip_seo_bots.txt'), { len(#) > 0 && IpInRange(evt.Overflow.Alert.Source.IP ,#)}) to whitelists" id=misty-snowflake name=crowdsecurity/seo-bots-whitelist stage=s01-whitelist
time="2024-07-08T12:46:57Z" level=debug msg="init (folder:/var/lib/crowdsec/data) (file:rdns_seo_bots.txt) (type:string)"
time="2024-07-08T12:46:57Z" level=error msg="open /var/lib/crowdsec/data/rdns_seo_bots.txt: no such file or directory"
time="2024-07-08T12:46:57Z" level=debug msg="init (folder:/var/lib/crowdsec/data) (file:rdns_seo_bots.regex) (type:regexp)"
time="2024-07-08T12:46:57Z" level=error msg="open /var/lib/crowdsec/data/rdns_seo_bots.regex: no such file or directory"
time="2024-07-08T12:46:57Z" level=debug msg="init (folder:/var/lib/crowdsec/data) (file:ip_seo_bots.txt) (type:string)"
time="2024-07-08T12:46:57Z" level=error msg="open /var/lib/crowdsec/data/ip_seo_bots.txt: no such file or directory"
time="2024-07-08T12:46:57Z" level=info msg="Loaded 1 parser nodes" file=/etc/crowdsec/postoverflows/s01-whitelist/seo-bots-whitelist.yaml stage=s01-whitelist

let me dig further

Right we managed to find the cause and it is indeed a bug ✨ thank you for reporting it, but TLDR; is when we decided to ship all the hub files using rsync there was an oversight in this, when the file exists in the /etc/crowdsec/hub directory it already believes it has been remotely download (which is not the case for docker since they are installed at build time). This then causes cscli to not bother downloading the file because it already thinks they exist when they dont. The reason the second time to container is brought back it knows to download them is cscli hub upgrade is ran as the first item and this then trigger all files to be downloaded.

That's somewhat similar to what I was wondering in relationship to

if [ ! -e "/etc/crowdsec/local_api_credentials.yaml" ] && [ ! -e "/etc/crowdsec/config.yaml" ]; then

then. Documentation kind of suggests, that using a .local file is the way to go, instead of regular config.yaml. But since I do not have a config.yaml the entrypoint copies all yaml files from staging, including default config.yaml and default acquis.yaml. While the former may not a big deal, the latter one can be - it has multiple acquisitions in 1 config (which is supposed to be deprecated), and they may not be needed even. Since I have my acquisitions in acquis.d folder, I have to have an empty acquis.yaml file, so that it does not get overwritten. While this is a separate issue (I can create a ticket for that, if required), it may be coming from the same assumptions of how things will be setup in a container. While I have at least 2 ideas how to handle acquis.yaml, I do not know what other potential issues may be hidden here.

Will be resolved as next release as off #3120

Classing issue as completed until then you can use 1.6.3 RC image tags

crowdsecurity / crowdsec