blob: 703a3045657d3621444f19b8f9eb45d86df2bd2c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
#!/bin/sh
# PROVIDE: crowdsec
# BEFORE: crowdsec_firewall
# REQUIRE: LOGIN DAEMON NETWORKING
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# crowdsec_enable (bool): Set it to YES to enable crowdsec agent.
# Default is "NO".
# crowdsec_config (str): Set the agent config path.
# Default is "%%PREFIX%%/etc/crowdsec/config.yaml".
# crowdsec_machine_name (str): Name for the crowdsec instance when it's running its own lapi.
# Default is "localhost".
# crowdsec_flags (str): Set the extra flags to run the agent.
# Default is ""
. /etc/rc.subr
name=crowdsec
rcvar=crowdsec_enable
load_rc_config "$name"
: "${crowdsec_enable:=NO}"
: "${crowdsec_config:=%%PREFIX%%/etc/crowdsec/config.yaml}"
: "${crowdsec_machine_name:=localhost}"
: "${crowdsec_flags:=}"
pidfile=/var/run/${name}_daemon.pid
pidfile_crowdsec=/var/run/${name}.pid
required_files="$crowdsec_config"
command="/usr/sbin/daemon"
command_crowdsec="%%PREFIX%%/bin/crowdsec"
command_cscli="%%PREFIX%%/bin/cscli"
command_args="-f -P ${pidfile} -p ${pidfile_crowdsec} -r -R 10 -t \"${name}\" -- ${command_crowdsec} -c ${crowdsec_config} ${crowdsec_flags}"
reload_cmd="${name}_reload"
start_precmd="${name}_precmd"
configtest_cmd="${name}_configtest"
reload_precmd="${name}_configtest"
restart_precmd="${name}_configtest"
stop_precmd="${name}_stop_precmd"
stop_postcmd="${name}_stop_postcmd"
extra_commands="configtest reload"
crowdsec_stop_precmd() {
# take note of the pid, because sbin/daemon will remove the file
# without waiting for crowdsec to exit
if [ -r "$pidfile_crowdsec" ]; then
_CROWDSECPID="$(check_pidfile "$pidfile_crowdsec" "$command_crowdsec")"
export _CROWDSECPID
fi
}
crowdsec_stop_postcmd() {
# wait for process to exit before restarting, or it will find the http port in use
if [ -n "$_CROWDSECPID" ]; then
wait_for_pids "$_CROWDSECPID"
fi
}
crowdsec_precmd() {
cs_cli() {
"$command_cscli" -c "$crowdsec_config" "$@"
}
Config() {
cs_cli config show --key "Config.$1"
}
# Is the LAPI enabled on this node?
if [ "$(Config API.Server.Enable)" != "false" ]; then
# There are no machines, we create one for cscli & log processor
if [ "$(cs_cli machines list -o json --error)" = "[]" ]; then
echo "Registering LAPI"
cs_cli machines add "${crowdsec_machine_name}" --auto --force --error || :
fi
CONFIG_DIR=$(Config ConfigPaths.ConfigDir)
# Register to the central server to receive the community blocklist and more
if [ ! -s "${CONFIG_DIR}/online_api_credentials.yaml" ]; then
echo "Registering CAPI"
cs_cli capi register || :
fi
fi
# install the collection for the first time, or if it has been removed
cs_cli collections inspect crowdsecurity/freebsd --no-metrics 2>/dev/null | grep ^installed | grep -q true || \
cs_cli collections install crowdsecurity/freebsd || :
}
crowdsec_configtest() {
echo "Performing sanity check on ${name} configuration."
if ! "$command_crowdsec" -c "$crowdsec_config" -t -error; then
exit 1
fi
echo "Configuration test OK"
}
crowdsec_reload() {
echo "Reloading configuration"
if [ -r "$pidfile_crowdsec" ]; then
kill -HUP "$(check_pidfile "$pidfile_crowdsec" "${command_crowdsec}")"
fi
}
run_rc_command "$1"
|
