diff --git a/services/crowdsec/config/acquis.yaml b/services/crowdsec/config/acquis.yaml new file mode 100644 index 0000000..2789b36 --- /dev/null +++ b/services/crowdsec/config/acquis.yaml @@ -0,0 +1,17 @@ +filenames: + - /var/log/syslog + - /var/log/kern.log +labels: + type: syslog +--- +filenames: + - /var/log/traefik/access.log +labels: + type: traefik +--- +listen_addr: 0.0.0.0:7422 +appsec_config: crowdsecurity/virtual-patching +name: myAppSecComponent +source: appsec +labels: + type: appsec diff --git a/services/crowdsec/config/config.yaml b/services/crowdsec/config/config.yaml new file mode 100644 index 0000000..4e5c3d5 --- /dev/null +++ b/services/crowdsec/config/config.yaml @@ -0,0 +1,51 @@ +common: + daemonize: false + log_media: stdout + log_level: info + log_dir: /var/log/ + working_dir: . + log_format: json +config_paths: + config_dir: /etc/crowdsec/ + data_dir: /var/lib/crowdsec/data/ + simulation_path: /etc/crowdsec/simulation.yaml + hub_dir: /etc/crowdsec/hub/ + index_path: /etc/crowdsec/hub/.index.json + notification_dir: /etc/crowdsec/notifications/ + plugin_dir: /usr/local/lib/crowdsec/plugins/ +crowdsec_service: + acquisition_path: /etc/crowdsec/acquis.yaml + acquisition_dir: /etc/crowdsec/acquis.d + parser_routines: 1 +plugin_config: + user: nobody + group: nobody +cscli: + output: human +db_config: + log_level: info + type: sqlite + db_path: /var/lib/crowdsec/data/crowdsec.db + flush: + max_items: 5000 + max_age: 7d + use_wal: false +api: + client: + insecure_skip_verify: false + credentials_path: /etc/crowdsec/local_api_credentials.yaml + server: + log_level: info + listen_uri: 0.0.0.0:8080 + profiles_path: /etc/crowdsec/profiles.yaml + trusted_ips: # IP ranges, or IPs which can have admin API access + - 127.0.0.1 + - ::1 + online_client: # Central API credentials (to push signals and receive bad IPs) + credentials_path: /etc/crowdsec//online_api_credentials.yaml + enable: true +prometheus: + enabled: true + level: full + listen_addr: "[::]" + listen_port: 6060