zbalkan / notification-file Goto Github PK

View Code? Open in Web Editor NEW

1.0 1.0 3.0 107 KB

CrowdSec plugin that writes the alerts to a file so that any SIEM agent can consume.

License: MIT License

Go 100.00%

crowdsec plugin siem

notification-file's People

Contributors

Stargazers

Watchers

Forkers

laurencejjones andyoulovexy blotus

notification-file's Issues

[1.6.2] Includes file notification plugin

Just a little reminder as of 1.6.2 there is a built in compatible file notification plugin that accepts the same yaml definition as the ones stated in this repository. I know @zbalkan wanted to archive this repo as soon as the "official" plugin was generally available so this is just a reminder.

Helpful links:
https://docs.crowdsec.net/docs/next/notification_plugins/file

Plugin creates the file but does not append alerts

The application creates the alert file but it does not append the alerts.

-rw-r--r--   1 nobody nobody     0 Jan 24 14:35 crowdsec_alerts.json

When I check the logs with cat /var/log/crowdsec.log | grep notif command, I saw that the plugin process is exited.

time="24-01-2023 16:15:24" level=debug msg="starting plugin" args="[/usr/lib64/crowdsec/plugins/notification-file]" path=/usr/lib64/crowdsec/plugins/notification-file
time="24-01-2023 16:15:24" level=debug msg="plugin started" path=/usr/lib64/crowdsec/plugins/notification-file pid=172371
time="24-01-2023 16:15:24" level=debug msg="waiting for RPC address" path=/usr/lib64/crowdsec/plugins/notification-file
time="24-01-2023 16:15:24" level=debug msg="plugin process exited" path=/usr/lib64/crowdsec/plugins/notification-file pid=172336

but htop shows that process is running, yet does not use any CPU resources. There's something wrong with this setup.

Log file permissions

The notification plugin processes run under context nobody:nogroup, and cannot write/append log file under /var/log/.

Solutions:

Write to /tmp: This is the easiest and most secure solution as it does not require permission management.
Run plugin under a user context: It requires creating a user, allowing the user to write/append to the target file. NOT SUGGESTED
Allow everyone to write to the log file: Insecure way of handling the situation with chmod 666 crowdsec_alerts.json command. NOT SUGGESSTED.

Be careful of too fast alerts

notification-file/file.yaml

Line 23 in d1cbec4

    
           custom_format: '{ timestamp:"%time%", alert: %msg% }' # https://github.com/t-tomalak/logrus-easy-formatter

Sometimes even though alerts can be 1 by 1 sometimes when the alert channel get rushed by 2 or more it may become more than one
Your object may look like this

{"time": "2022-11-01 18:59:52", "alert": "{"capacity":1,"decisions":[{"duration":"4h","origin":"crowdsec","scenario":"crowdsecurity/http-bad-user-agent","scope":"Ip","type":"ban","value":"127.0.0.1"}],"events":[{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_path","value":"/"},{"key":"http_status","value":"200"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:Port Check)"},{"key":"http_verb","value":"HEAD"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_path","value":"/"},{"key":"http_status","value":"200"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:getinfo)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"}],"events_count":2,"labels":null,"leakspeed":"1m0s","machine_id":"203197ac930c45ec90ffda924404eaddXJqgU5aDwYu2pT4F","message":"Ip 127.0.0.1 performed 'crowdsecurity/http-bad-user-agent' (2 events over 2.107751ms) at 2022-11-01 18:59:51.818121657 +0000 UTC","remediation":true,"scenario":"crowdsecurity/http-bad-user-agent","scenario_hash":"51360ad64c9672e5d3ba9c1786e6fc380c8752871a977a5dddac0d08551aa66a","scenario_version":"0.7","simulated":false,"source":{"as_number":"0","ip":"127.0.0.1","scope":"Ip","value":"127.0.0.1"},"start_at":"2022-11-01T18:59:51.816014581Z","stop_at":"2022-11-01T18:59:51.818122332Z"}
{"capacity":10,"decisions":[{"duration":"4h","origin":"crowdsec","scenario":"crowdsecurity/http-probing","scope":"Ip","type":"ban","value":"127.0.0.1"}],"events":[{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.class"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.html"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.php4"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.listprint"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.ml"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.csc"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.do"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.dat"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.asp+"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.exe"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.1"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:map_codes)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"}],"events_count":11,"labels":null,"leakspeed":"10s","machine_id":"203197ac930c45ec90ffda924404eaddXJqgU5aDwYu2pT4F","message":"Ip 127.0.0.1 performed 'crowdsecurity/http-probing' (11 events over 20.416157ms) at 2022-11-01 18:59:51.841489021 +0000 UTC","remediation":true,"scenario":"crowdsecurity/http-probing","scenario_hash":"c8bb45b4fb8834ea1dc5cff6439dd272c87d7ee5af4a51e77341ec6edc5d7a25","scenario_version":"0.2","simulated":false,"source":{"as_number":"0","ip":"127.0.0.1","scope":"Ip","value":"127.0.0.1"},"start_at":"2022-11-01T18:59:51.821073281Z","stop_at":"2022-11-01T18:59:51.841489438Z"}
{"capacity":40,"decisions":[{"duration":"4h","origin":"crowdsec","scenario":"crowdsecurity/http-crawl-non_statics","scope":"Ip","type":"ban","value":"127.0.0.1"}],"events":[{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.iso2022-jp"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.stat"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.access"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.types"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.xsql"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG/"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"}],"events_count":41,"labels":null,"leakspeed":"500ms","machine_id":"203197ac930c45ec90ffda924404eaddXJqgU5aDwYu2pT4F","message":"Ip 127.0.0.1 performed 'crowdsecurity/http-crawl-non_statics' (41 events over 82.425021ms) at 2022-11-01 18:59:51.896373419 +0000 UTC","remediation":true,"scenario":"crowdsecurity/http-crawl-non_statics","scenario_hash":"f0fa40870cdeea7b0da40b9f132e9c6de5e32d584334ec8a2d355faa35cde01c","scenario_version":"0.3","simulated":false,"source":{"as_number":"0","ip":"127.0.0.1","scope":"Ip","value":"127.0.0.1"},"start_at":"2022-11-01T18:59:51.813948628Z","stop_at":"2022-11-01T18:59:51.896373649Z"}
{"capacity":4,"decisions":[{"duration":"4h","origin":"crowdsec","scenario":"crowdsecurity/http-sensitive-files","scope":"Ip","type":"ban","value":"127.0.0.1"}],"events":[{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.exe"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.sql"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.passwd"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.printer"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/G0x6TppG.bak"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"}],"events_count":5,"labels":null,"leakspeed":"5s","machine_id":"203197ac930c45ec90ffda924404eaddXJqgU5aDwYu2pT4F","message":"Ip 127.0.0.1 performed 'crowdsecurity/http-sensitive-files' (5 events over 239.55461ms) at 2022-11-01 18:59:52.071716315 +0000 UTC","remediation":true,"scenario":"crowdsecurity/http-sensitive-files","scenario_hash":"3f20d74ee5b040db30743ed189537e8c43e04f8954bb5a02251a3495e7a2a555","scenario_version":"0.2","simulated":false,"source":{"as_number":"0","ip":"127.0.0.1","scope":"Ip","value":"127.0.0.1"},"start_at":"2022-11-01T18:59:51.832161845Z","stop_at":"2022-11-01T18:59:52.071716455Z"}
"}{"time": "2022-11-01 18:59:53", "alert": "{"capacity":40,"decisions":[{"duration":"4h","origin":"crowdsec","scenario":"crowdsecurity/http-crawl-non_statics","scope":"Ip","type":"ban","value":"127.0.0.1"}],"events":[{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/images"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/index.html"},{"key":"http_status","value":"200"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:multiple_index)"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/127.0.zip"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)"},{"key":"http_verb","value":"HEAD"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/backup.tar.bz2"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)"},{"key":"http_verb","value":"HEAD"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/127.0.tgz"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)"},{"key":"http_verb","value":"HEAD"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/access.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"0"},{"key":"http_path","value":"/127.0.pem"},{"key":"http_status","value":"404"},{"key":"http_user_agent","value":"Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:sitefiles)"},{"key":"http_verb","value":"HEAD"},{"key":"log_type","value":"http_access-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"timestamp","value":"2022-11-01T18:59:51Z"}],"timestamp":"2022-11-01T18:59:51Z"}],"events_count":42,"labels":null,"leakspeed":"500ms","machine_id":"203197ac930c45ec90ffda924404eaddXJqgU5aDwYu2pT4F","message":"Ip 127.0.0.1 performed 'crowdsecurity/http-crawl-non_statics' (42 events over 682.422971ms) at 2022-11-01 18:59:52.498146044 +0000 UTC","remediation":true,"scenario":"crowdsecurity/http-crawl-non_statics","scenario_hash":"f0fa40870cdeea7b0da40b9f132e9c6de5e32d584334ec8a2d355faa35cde01c","scenario_version":"0.3","simulated":false,"source":{"as_number":"0","ip":"127.0.0.1","scope":"Ip","value":"127.0.0.1"},"start_at":"2022-11-01T18:59:51.815723562Z","stop_at":"2022-11-01T18:59:52.498146533Z"}
"}{"time": "2022-11-01 18:59:54", "alert": "{"capacity":3,"decisions":[{"duration":"4h","origin":"crowdsec","scenario":"crowdsecurity/http-path-traversal-probing","scope":"Ip","type":"ban","value":"127.0.0.1"}],"events":[{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"32"},{"key":"http_path","value":"/newuser?Image=../../database/rbsserv.mdb"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"38"},{"key":"http_path","value":"/3rdparty/phpMyAdmin/db_details_importdocsql.php?submit_show=true\u0026do=import\u0026docpath=../"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"38"},{"key":"http_path","value":"/phpMyAdmin/db_details_importdocsql.php?submit_show=true\u0026do=import\u0026docpath=../"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"38"},{"key":"http_path","value":"/3rdparty/phpmyadmin/db_details_importdocsql.php?submit_show=true\u0026do=import\u0026docpath=../"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"}],"events_count":4,"labels":null,"leakspeed":"10s","machine_id":"203197ac930c45ec90ffda924404eaddXJqgU5aDwYu2pT4F","message":"Ip 127.0.0.1 performed 'crowdsecurity/http-path-traversal-probing' (4 events over 301.859838ms) at 2022-11-01 18:59:53.604640304 +0000 UTC","remediation":true,"scenario":"crowdsecurity/http-path-traversal-probing","scenario_hash":"b02022230086b96c212913406376584cc431332bb5cd26078dffa44ff9454499","scenario_version":"0.2","simulated":false,"source":{"as_number":"0","ip":"127.0.0.1","scope":"Ip","value":"127.0.0.1"},"start_at":"2022-11-01T18:59:53.302780592Z","stop_at":"2022-11-01T18:59:53.60464043Z"}
{"capacity":0,"decisions":[{"duration":"4h","origin":"crowdsec","scenario":"crowdsecurity/http-cve-2021-41773","scope":"Ip","type":"ban","value":"127.0.0.1"}],"events":[{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"53"},{"key":"http_path","value":"/typo3/dev/translations.php?ONLY=%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd%00"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"}],"events_count":1,"labels":null,"leakspeed":"0s","machine_id":"203197ac930c45ec90ffda924404eaddXJqgU5aDwYu2pT4F","message":"Ip 127.0.0.1 performed 'crowdsecurity/http-cve-2021-41773' (1 events over 69ns) at 2022-11-01 18:59:53.819387033 +0000 UTC","remediation":true,"scenario":"crowdsecurity/http-cve-2021-41773","scenario_hash":"297eff27011c942a75937838e09c60c80f9dfdbfcb18b358b666777b4d1e89aa","scenario_version":"0.1","simulated":false,"source":{"as_number":"0","ip":"127.0.0.1","scope":"Ip","value":"127.0.0.1"},"start_at":"2022-11-01T18:59:53.819387121Z","stop_at":"2022-11-01T18:59:53.81938719Z"}
{"capacity":5,"decisions":[{"duration":"4h","origin":"crowdsec","scenario":"crowdsecurity/http-xss-probbing","scope":"Ip","type":"ban","value":"127.0.0.1"}],"events":[{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"75"},{"key":"http_path","value":"/themes/mambosimple.php?detection=detected\u0026sitename=\u003c/title\u003e\u003cscript\u003ealert(document.cookie)\u003c/script\u003e"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"65"},{"key":"http_path","value":"/index.php?option=search\u0026searchword=\u003cscript\u003ealert(document.cookie);\u003c/script\u003e"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"40"},{"key":"http_path","value":"/index.php?dir=\u003cscript\u003ealert('Vulnerable')\u003c/script\u003e"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"40"},{"key":"http_path","value":"/https-admserv/bin/index?/\u003cscript\u003ealert(document.cookie)\u003c/script\u003e"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"47"},{"key":"http_path","value":"/clusterframe.jsp?cluster=\u003cscript\u003ealert(document.cookie)\u003c/script\u003e"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"},{"meta":[{"key":"ASNNumber","value":"0"},{"key":"IsInEU","value":"false"},{"key":"datasource_path","value":"/var/log/nginx/error.log"},{"key":"datasource_type","value":"file"},{"key":"http_args_len","value":"45"},{"key":"http_path","value":"/article.cfm?id=1'\u003cscript\u003ealert(document.cookie);\u003c/script\u003e"},{"key":"http_verb","value":"GET"},{"key":"log_type","value":"http_error-log"},{"key":"service","value":"http"},{"key":"source_ip","value":"127.0.0.1"},{"key":"target_fqdn","value":"_"},{"key":"timestamp","value":"2022-11-01T18:59:52Z"}],"timestamp":"2022-11-01T18:59:52Z"}],"events_count":6,"labels":null,"leakspeed":"1s","machine_id":"203197ac930c45ec90ffda924404eaddXJqgU5aDwYu2pT4F","message":"Ip 127.0.0.1 performed 'crowdsecurity/http-xss-probbing' (6 events over 29.783578ms) at 2022-11-01 18:59:54.004147724 +0000 UTC","remediation":true,"scenario":"crowdsecurity/http-xss-probbing","scenario_hash":"1c4d58e1a29cf806a92f67c981532f8a4656312abd05697dcc69b59b757f0076","scenario_version":"0.2","simulated":false,"source":{"as_number":"0","ip":"127.0.0.1","scope":"Ip","value":"127.0.0.1"},"start_at":"2022-11-01T18:59:53.974364516Z","stop_at":"2022-11-01T18:59:54.004148094Z"}
"}

DepShield encountered errors while building your project

Depshield will be deprecated soon

Please install our new product, Sonatype Lift with advanced features

The project could not be analyzed because of build errors. Please review the error messages here. Another build will be scheduled when a change to a manifest file^* occurs. If the build is successful this issue will be closed, otherwise the error message will be updated.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

_{* Supported manifest files are: pom.xml, package.json, package-lock.json, npm-shrinkwrap.json, Cargo.lock, Cargo.toml, main.rs, lib.rs, build.gradle, build.gradle.kts, settings.gradle, settings.gradle.kts, gradle.properties, gradle-wrapper.properties, go.mod, go.sum}

problem restart

i have a problem with adding the file.yaml. I can't restart crowdsec if I put it in profile.yaml. Where could the problem come from ?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.