zbalkan / notification-file Goto Github PK
View Code? Open in Web Editor NEWCrowdSec plugin that writes the alerts to a file so that any SIEM agent can consume.
License: MIT License
CrowdSec plugin that writes the alerts to a file so that any SIEM agent can consume.
License: MIT License
Just a little reminder as of 1.6.2
there is a built in compatible file notification plugin that accepts the same yaml definition as the ones stated in this repository. I know @zbalkan wanted to archive this repo as soon as the "official" plugin was generally available so this is just a reminder.
Helpful links:
https://docs.crowdsec.net/docs/next/notification_plugins/file
The application creates the alert file but it does not append the alerts.
-rw-r--r-- 1 nobody nobody 0 Jan 24 14:35 crowdsec_alerts.json
When I check the logs with cat /var/log/crowdsec.log | grep notif
command, I saw that the plugin process is exited.
time="24-01-2023 16:15:24" level=debug msg="starting plugin" args="[/usr/lib64/crowdsec/plugins/notification-file]" path=/usr/lib64/crowdsec/plugins/notification-file
time="24-01-2023 16:15:24" level=debug msg="plugin started" path=/usr/lib64/crowdsec/plugins/notification-file pid=172371
time="24-01-2023 16:15:24" level=debug msg="waiting for RPC address" path=/usr/lib64/crowdsec/plugins/notification-file
time="24-01-2023 16:15:24" level=debug msg="plugin process exited" path=/usr/lib64/crowdsec/plugins/notification-file pid=172336
but htop
shows that process is running, yet does not use any CPU resources. There's something wrong with this setup.
The notification plugin processes run under context nobody:nogroup
, and cannot write/append log file under /var/log/
.
Solutions:
/tmp
: This is the easiest and most secure solution as it does not require permission management.chmod 666 crowdsec_alerts.json
command. NOT SUGGESSTED.Line 23 in d1cbec4
Sometimes even though alerts can be 1 by 1 sometimes when the alert channel get rushed by 2 or more it may become more than one
Your object may look like this
{"time": "2022-11-01 18:59:52", "alert": "{"capacity":1,"decisions":[{"duration":"4h","origin":"crowdsec","scenario":"crowdsecurity/http-bad-user-agent","scope":"Ip","type":"ban","value":"127.0.0.1"}],"events":[{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_path","value":"/"},{"key":"http_status","value":"200"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Port Check)"},{"key":"http_verb","value":"HEAD"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_path","value":"/"},{"key":"http_status","value":"200"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:getinfo)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"}],"events_count":2,"labels":null,"leakspeed":"1m0s","machine_id":"203197ac930c45ec90ffda924404eaddXJqgU5aDwYu2pT4F","message":"Ip 127.0.0.1 performed 'crowdsecurity/http-bad-user-agent' (2 events over 2.107751ms) at 2022-11-01 18:59:51.818121657 +0000 UTC","remediation":true,"scenario":"crowdsecurity/http-bad-user-agent","scenario_hash":"51360ad64c9672e5d3ba9c1786e6fc380c8752871a977a5dddac0d08551aa66a","scenario_version":"0.7","simulated":false,"source":{"as_number":"0","ip":"127.0.0.1","scope":"Ip","value":"127.0.0.1"},"start_at":"2022-11-01T18:59:51.816014581Z","stop_at":"2022-11-01T18:59:51.818122332Z"}
{"capacity":10,"decisions":[{"duration":"4h","origin":"crowdsec","scenario":"crowdsecurity/http-probing","scope":"Ip","type":"ban","value":"127.0.0.1"}],"events":[{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.class"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.html"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.php4"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.listprint"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.ml"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.csc"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.do"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.dat"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.asp+"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.exe"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.1"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"}],"events_count":11,"labels":null,"leakspeed":"10s","machine_id":"203197ac930c45ec90ffda924404eaddXJqgU5aDwYu2pT4F","message":"Ip 127.0.0.1 performed 'crowdsecurity/http-probing' (11 events over 20.416157ms) at 2022-11-01 18:59:51.841489021 +0000 UTC","remediation":true,"scenario":"crowdsecurity/http-probing","scenario_hash":"c8bb45b4fb8834ea1dc5cff6439dd272c87d7ee5af4a51e77341ec6edc5d7a25","scenario_version":"0.2","simulated":false,"source":{"as_number":"0","ip":"127.0.0.1","scope":"Ip","value":"127.0.0.1"},"start_at":"2022-11-01T18:59:51.821073281Z","stop_at":"2022-11-01T18:59:51.841489438Z"}
{"capacity":40,"decisions":[{"duration":"4h","origin":"crowdsec","scenario":"crowdsecurity/http-crawl-non_statics","scope":"Ip","type":"ban","value":"127.0.0.1"}],"events":[{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.iso2022-jp"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.stat"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.access"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.types"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.xsql"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG/"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"}],"events_count":41,"labels":null,"leakspeed":"500ms","machine_id":"203197ac930c45ec90ffda924404eaddXJqgU5aDwYu2pT4F","message":"Ip 127.0.0.1 performed 'crowdsecurity/http-crawl-non_statics' (41 events over 82.425021ms) at 2022-11-01 18:59:51.896373419 +0000 UTC","remediation":true,"scenario":"crowdsecurity/http-crawl-non_statics","scenario_hash":"f0fa40870cdeea7b0da40b9f132e9c6de5e32d584334ec8a2d355faa35cde01c","scenario_version":"0.3","simulated":false,"source":{"as_number":"0","ip":"127.0.0.1","scope":"Ip","value":"127.0.0.1"},"start_at":"2022-11-01T18:59:51.813948628Z","stop_at":"2022-11-01T18:59:51.896373649Z"}
{"capacity":4,"decisions":[{"duration":"4h","origin":"crowdsec","scenario":"crowdsecurity/http-sensitive-files","scope":"Ip","type":"ban","value":"127.0.0.1"}],"events":[{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.exe"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.sql"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.passwd"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.printer"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.bak"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"}],"events_count":5,"labels":null,"leakspeed":"5s","machine_id":"203197ac930c45ec90ffda924404eaddXJqgU5aDwYu2pT4F","message":"Ip 127.0.0.1 performed 'crowdsecurity/http-sensitive-files' (5 events over 239.55461ms) at 2022-11-01 18:59:52.071716315 +0000 UTC","remediation":true,"scenario":"crowdsecurity/http-sensitive-files","scenario_hash":"3f20d74ee5b040db30743ed189537e8c43e04f8954bb5a02251a3495e7a2a555","scenario_version":"0.2","simulated":false,"source":{"as_number":"0","ip":"127.0.0.1","scope":"Ip","value":"127.0.0.1"},"start_at":"2022-11-01T18:59:51.832161845Z","stop_at":"2022-11-01T18:59:52.071716455Z"}
"}{"time": "2022-11-01 18:59:53", "alert": "{"capacity":40,"decisions":[{"duration":"4h","origin":"crowdsec","scenario":"crowdsecurity/http-crawl-non_statics","scope":"Ip","type":"ban","value":"127.0.0.1"}],"events":[{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/images"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/index.html"},{"key":"http_status","value":"200"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/127.0.zip"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)"},{"key":"http_verb","value":"HEAD"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/backup.tar.bz2"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)"},{"key":"http_verb","value":"HEAD"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/127.0.tgz"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)"},{"key":"http_verb","value":"HEAD"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/127.0.pem"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)"},{"key":"http_verb","value":"HEAD"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"}],"events_count":42,"labels":null,"leakspeed":"500ms","machine_id":"203197ac930c45ec90ffda924404eaddXJqgU5aDwYu2pT4F","message":"Ip 127.0.0.1 performed 'crowdsecurity/http-crawl-non_statics' (42 events over 682.422971ms) at 2022-11-01 18:59:52.498146044 +0000 UTC","remediation":true,"scenario":"crowdsecurity/http-crawl-non_statics","scenario_hash":"f0fa40870cdeea7b0da40b9f132e9c6de5e32d584334ec8a2d355faa35cde01c","scenario_version":"0.3","simulated":false,"source":{"as_number":"0","ip":"127.0.0.1","scope":"Ip","value":"127.0.0.1"},"start_at":"2022-11-01T18:59:51.815723562Z","stop_at":"2022-11-01T18:59:52.498146533Z"}
"}{"time": "2022-11-01 18:59:54", "alert": "{"capacity":3,"decisions":[{"duration":"4h","origin":"crowdsec","scenario":"crowdsecurity/http-path-traversal-probing","scope":"Ip","type":"ban","value":"127.0.0.1"}],"events":[{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"32"},{"key":"http_path","value":"/newuser?Image=../../database/rbsserv.mdb"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"38"},{"key":"http_path","value":"/3rdparty/phpMyAdmin/db_details_importdocsql.php?submit_show=true\u0026do=import\u0026docpath=../"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"38"},{"key":"http_path","value":"/phpMyAdmin/db_details_importdocsql.php?submit_show=true\u0026do=import\u0026docpath=../"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"38"},{"key":"http_path","value":"/3rdparty/phpmyadmin/db_details_importdocsql.php?submit_show=true\u0026do=import\u0026docpath=../"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"}],"events_count":4,"labels":null,"leakspeed":"10s","machine_id":"203197ac930c45ec90ffda924404eaddXJqgU5aDwYu2pT4F","message":"Ip 127.0.0.1 performed 'crowdsecurity/http-path-traversal-probing' (4 events over 301.859838ms) at 2022-11-01 18:59:53.604640304 +0000 UTC","remediation":true,"scenario":"crowdsecurity/http-path-traversal-probing","scenario_hash":"b02022230086b96c212913406376584cc431332bb5cd26078dffa44ff9454499","scenario_version":"0.2","simulated":false,"source":{"as_number":"0","ip":"127.0.0.1","scope":"Ip","value":"127.0.0.1"},"start_at":"2022-11-01T18:59:53.302780592Z","stop_at":"2022-11-01T18:59:53.60464043Z"}
{"capacity":0,"decisions":[{"duration":"4h","origin":"crowdsec","scenario":"crowdsecurity/http-cve-2021-41773","scope":"Ip","type":"ban","value":"127.0.0.1"}],"events":[{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"53"},{"key":"http_path","value":"/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"}],"events_count":1,"labels":null,"leakspeed":"0s","machine_id":"203197ac930c45ec90ffda924404eaddXJqgU5aDwYu2pT4F","message":"Ip 127.0.0.1 performed 'crowdsecurity/http-cve-2021-41773' (1 events over 69ns) at 2022-11-01 18:59:53.819387033 +0000 UTC","remediation":true,"scenario":"crowdsecurity/http-cve-2021-41773","scenario_hash":"297eff27011c942a75937838e09c60c80f9dfdbfcb18b358b666777b4d1e89aa","scenario_version":"0.1","simulated":false,"source":{"as_number":"0","ip":"127.0.0.1","scope":"Ip","value":"127.0.0.1"},"start_at":"2022-11-01T18:59:53.819387121Z","stop_at":"2022-11-01T18:59:53.81938719Z"}
{"capacity":5,"decisions":[{"duration":"4h","origin":"crowdsec","scenario":"crowdsecurity/http-xss-probbing","scope":"Ip","type":"ban","value":"127.0.0.1"}],"events":[{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"75"},{"key":"http_path","value":"/themes/mambosimple.php?detection=detected\u0026sitename=\u003c/title\u003e\u003cscript\u003ealert(document.cookie)\u003c/script\u003e"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"65"},{"key":"http_path","value":"/index.php?option=search\u0026searchword=\u003cscript\u003ealert(document.cookie);\u003c/script\u003e"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"40"},{"key":"http_path","value":"/index.php?dir=\u003cscript\u003ealert('Vulnerable')\u003c/script\u003e"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"40"},{"key":"http_path","value":"/https-admserv/bin/index?/\u003cscript\u003ealert(document.cookie)\u003c/script\u003e"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"47"},{"key":"http_path","value":"/clusterframe.jsp?cluster=\u003cscript\u003ealert(document.cookie)\u003c/script\u003e"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"45"},{"key":"http_path","value":"/article.cfm?id=1'\u003cscript\u003ealert(document.cookie);\u003c/script\u003e"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"}],"events_count":6,"labels":null,"leakspeed":"1s","machine_id":"203197ac930c45ec90ffda924404eaddXJqgU5aDwYu2pT4F","message":"Ip 127.0.0.1 performed 'crowdsecurity/http-xss-probbing' (6 events over 29.783578ms) at 2022-11-01 18:59:54.004147724 +0000 UTC","remediation":true,"scenario":"crowdsecurity/http-xss-probbing","scenario_hash":"1c4d58e1a29cf806a92f67c981532f8a4656312abd05697dcc69b59b757f0076","scenario_version":"0.2","simulated":false,"source":{"as_number":"0","ip":"127.0.0.1","scope":"Ip","value":"127.0.0.1"},"start_at":"2022-11-01T18:59:53.974364516Z","stop_at":"2022-11-01T18:59:54.004148094Z"}
"}
Please install our new product, Sonatype Lift with advanced features
The project could not be analyzed because of build errors. Please review the error messages here. Another build will be scheduled when a change to a manifest file* occurs. If the build is successful this issue will be closed, otherwise the error message will be updated.
This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.
* Supported manifest files are: pom.xml, package.json, package-lock.json, npm-shrinkwrap.json, Cargo.lock, Cargo.toml, main.rs, lib.rs, build.gradle, build.gradle.kts, settings.gradle, settings.gradle.kts, gradle.properties, gradle-wrapper.properties, go.mod, go.sum
i have a problem with adding the file.yaml. I can't restart crowdsec if I put it in profile.yaml. Where could the problem come from ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.