csconfig

package
v1.7.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 3, 2025 License: MIT Imports: 32 Imported by: 2

Documentation

Overview

Package csconfig contains the configuration structures for crowdsec and cscli.

Index

Constants

View Source 
const (
	SEND_CUSTOM_SCENARIOS  = "custom"
	SEND_TAINTED_SCENARIOS = "tainted"
	SEND_MANUAL_SCENARIOS  = "manual"
	CONSOLE_MANAGEMENT     = "console_management"
	SEND_CONTEXT           = "context"
)
View Source 
const (
	DEFAULT_MAX_OPEN_CONNS = 100
)

Variables

View Source 
var CONSOLE_CONFIGS = []string{SEND_CUSTOM_SCENARIOS, SEND_MANUAL_SCENARIOS, SEND_TAINTED_SCENARIOS, SEND_CONTEXT, CONSOLE_MANAGEMENT}
View Source 
var CONSOLE_CONFIGS_HELP = map[string]string{
	SEND_CUSTOM_SCENARIOS:  "Forward alerts from custom scenarios to the console",
	SEND_MANUAL_SCENARIOS:  "Forward manual decisions to the console",
	SEND_TAINTED_SCENARIOS: "Forward alerts from tainted scenarios to the console",
	SEND_CONTEXT:           "Forward context with alerts to the console",
	CONSOLE_MANAGEMENT:     "Receive decisions from console",
}
View Source 
var DefaultConsoleConfigFilePath = DefaultConfigPath("console.yaml")
View Source 
var ErrNoAcquisitionDefined = errors.New("no acquisition_path or acquisition_dir specified")
View Source 
var PAPIBaseURL = "https://papi.api.crowdsec.net/"

Functions

func DefaultConfigPath added in v1.3.1 

func DefaultConfigPath(elem ...string) string

DefaultConfigPath returns the default path for a configuration resource "elem" parameters are path components relative to the default cfg directory.

func DefaultDataPath added in v1.3.1 

func DefaultDataPath(elem ...string) string

DefaultDataPath returns the default path for a data resource. "elem" parameters are path components relative to the default data directory.

func GetFeatureFilePath added in v1.5.5 

func GetFeatureFilePath(configPath string) string

FeatureFlagsFileLocation returns the path to the feature.yaml file. The file is in the same directory as config.yaml, which is provided as the fist parameter. This can be different than ConfigPaths.ConfigDir because we have not read config.yaml yet so we don't know the value of ConfigDir.

func ListFeatureFlags added in v1.5.0 

func ListFeatureFlags() string

ListFeatureFlags returns a list of the enabled feature flags.

func LoadFeatureFlagsEnv added in v1.5.0 

func LoadFeatureFlagsEnv(logger *log.Logger) error

LoadFeatureFlagsEnv parses the environment variables to enable feature flags.

func LoadFeatureFlagsFile added in v1.5.0 

func LoadFeatureFlagsFile(configPath string, logger *log.Logger) error

LoadFeatureFlags parses feature.yaml to enable feature flags.

Types

type APICfg added in v1.0.0 

type APICfg struct {
	Client *LocalApiClientCfg `yaml:"client"`
	Server *LocalApiServerCfg `yaml:"server"`
	CTI    *CTICfg            `yaml:"cti"`
}

type ApiCredentialsCfg added in v1.0.0 

type ApiCredentialsCfg struct {
	PapiURL    string `json:"papi_url,omitempty"     yaml:"papi_url,omitempty"`
	URL        string `json:"url,omitempty"          yaml:"url,omitempty"`
	Login      string `json:"login,omitempty"        yaml:"login,omitempty"`
	Password   string `json:"-"                      yaml:"password,omitempty"`
	CACertPath string `yaml:"ca_cert_path,omitempty"`
	KeyPath    string `yaml:"key_path,omitempty"`
	CertPath   string `yaml:"cert_path,omitempty"`
}

type AuthGCCfg added in v1.4.0 

type AuthGCCfg struct {
	Cert                  *string `yaml:"cert,omitempty"`
	CertDuration          *time.Duration
	Api                   *string `yaml:"api_key,omitempty"`
	ApiDuration           *time.Duration
	LoginPassword         *string `yaml:"login_password,omitempty"`
	LoginPasswordDuration *time.Duration
}

type CTICfg added in v1.5.0 

type CTICfg struct {
	Key          *string        `yaml:"key,omitempty"`
	CacheTimeout *time.Duration `yaml:"cache_timeout,omitempty"`
	CacheSize    *int           `yaml:"cache_size,omitempty"`
	Enabled      *bool          `yaml:"enabled,omitempty"`
	LogLevel     log.Level      `yaml:"log_level,omitempty"`
}

func (*CTICfg) Load added in v1.5.0 

func (a *CTICfg) Load() error

type CapiPullConfig added in v1.6.5 

type CapiPullConfig struct {
	Community  *bool `yaml:"community,omitempty"`
	Blocklists *bool `yaml:"blocklists,omitempty"`
}

type CapiWhitelist added in v1.5.0 

type CapiWhitelist struct {
	Ips   []netip.Addr   `yaml:"ips,omitempty"`
	Cidrs []netip.Prefix `yaml:"cidrs,omitempty"`
}

type CommonCfg added in v1.0.0 

type CommonCfg struct {
	Daemonize      string    // TODO: This is just for backward compat. Remove this later
	PidDir         string    `yaml:"pid_dir,omitempty"`     // TODO: This is just for backward compat. Remove this later
	WorkingDir     string    `yaml:"working_dir,omitempty"` // TODO: This is just for backward compat. Remove this later
	ForceColorLogs bool      `yaml:"force_color_logs,omitempty"`
	LogLevel       log.Level `yaml:"log_level"` // can be overridden by each service
	LogConfig      `yaml:",inline"`
}

daemonization/service related stuff

type Config added in v1.0.10 

type Config struct {
	// just a path to ourselves :p
	FilePath     string              `yaml:"-"`
	Self         []byte              `yaml:"-"`
	Common       *CommonCfg          `yaml:"common,omitempty"`
	Prometheus   *PrometheusCfg      `yaml:"prometheus,omitempty"`
	Crowdsec     *CrowdsecServiceCfg `yaml:"crowdsec_service,omitempty"`
	Cscli        *CscliCfg           `yaml:"cscli,omitempty"`
	DbConfig     *DatabaseCfg        `yaml:"db_config,omitempty"`
	API          *APICfg             `yaml:"api,omitempty"`
	ConfigPaths  *ConfigurationPaths `yaml:"config_paths,omitempty"`
	PluginConfig *PluginCfg          `yaml:"plugin_config,omitempty"`
	DisableAPI   bool                `yaml:"-"`
	DisableAgent bool                `yaml:"-"`
	Hub          *LocalHubCfg        `yaml:"-"`
}

Config contains top-level defaults -> overridden by configuration file -> overridden by CLI flags

func GetConfig added in v1.6.0 

func GetConfig() Config

func NewConfig added in v1.0.0 

func NewConfig(configFile string, disableAgent bool, disableAPI bool, quiet bool) (*Config, string, error)

func NewDefaultConfig added in v1.0.0 

func NewDefaultConfig() *Config

func (*Config) LoadAPIClient added in v1.0.10 

func (c *Config) LoadAPIClient() error

func (*Config) LoadAPIServer added in v1.0.10 

func (c *Config) LoadAPIServer(inCli bool, skipOnlineCreds bool) error

func (*Config) LoadCrowdsec added in v1.0.10 

func (c *Config) LoadCrowdsec() error

func (*Config) LoadDBConfig added in v1.0.10 

func (c *Config) LoadDBConfig(inCli bool) error

func (*Config) LoadSimulation added in v1.0.10 

func (c *Config) LoadSimulation() error

type ConfigurationPaths added in v1.0.0 

type ConfigurationPaths struct {
	ConfigDir          string `yaml:"config_dir"`
	DataDir            string `yaml:"data_dir,omitempty"`
	SimulationFilePath string `yaml:"simulation_path,omitempty"`
	HubIndexFile       string `yaml:"index_path,omitempty"` // path of the .index.json
	HubDir             string `yaml:"hub_dir,omitempty"`
	PluginDir          string `yaml:"plugin_dir,omitempty"`
	NotificationDir    string `yaml:"notification_dir,omitempty"`
	PatternDir         string `yaml:"pattern_dir,omitempty"`
}

type ConsoleConfig added in v1.3.0 

type ConsoleConfig struct {
	ShareManualDecisions  *bool `yaml:"share_manual_decisions"`
	ShareTaintedScenarios *bool `yaml:"share_tainted"`
	ShareCustomScenarios  *bool `yaml:"share_custom"`
	ConsoleManagement     *bool `yaml:"console_management"`
	ShareContext          *bool `yaml:"share_context"`
}

func (*ConsoleConfig) EnabledOptions added in v1.6.1 

func (c *ConsoleConfig) EnabledOptions() []string

func (*ConsoleConfig) IsPAPIEnabled added in v1.6.0 

func (c *ConsoleConfig) IsPAPIEnabled() bool

type CrowdsecServiceCfg added in v1.0.0 

type CrowdsecServiceCfg struct {
	Enable                    *bool            `yaml:"enable"`
	AcquisitionFilePath       string           `yaml:"acquisition_path,omitempty"`
	AcquisitionDirPath        string           `yaml:"acquisition_dir,omitempty"`
	ConsoleContextPath        string           `yaml:"console_context_path"`
	ConsoleContextValueLength int              `yaml:"console_context_value_length"`
	AcquisitionFiles          []string         `yaml:"-"`
	ParserRoutinesCount       int              `yaml:"parser_routines"`
	BucketsRoutinesCount      int              `yaml:"buckets_routines"`
	OutputRoutinesCount       int              `yaml:"output_routines"`
	SimulationConfig          SimulationConfig `yaml:"-"`
	BucketStateFile           string           `yaml:"state_input_file,omitempty"` // if we need to unserialize buckets at start
	BucketStateDumpDir        string           `yaml:"state_output_dir,omitempty"` // if we need to unserialize buckets on shutdown
	BucketsGCEnabled          bool             `yaml:"-"`                          // we need to garbage collect buckets when in forensic mode

	SimulationFilePath string              `yaml:"-"`
	ContextToSend      map[string][]string `yaml:"-"`
}

CrowdsecServiceCfg contains the location of parsers/scenarios/... and acquisition files

func (*CrowdsecServiceCfg) CollectAcquisitionFiles added in v1.7.0 

func (c *CrowdsecServiceCfg) CollectAcquisitionFiles() ([]string, error)

func (*CrowdsecServiceCfg) DumpContextConfigFile added in v1.5.0 

func (c *CrowdsecServiceCfg) DumpContextConfigFile() error

type CscliCfg added in v1.0.0 

type CscliCfg struct {
	Output           string           `yaml:"output,omitempty"`
	Color            string           `yaml:"color,omitempty"`
	HubBranch        string           `yaml:"hub_branch"`
	HubURLTemplate   string           `yaml:"__hub_url_template__,omitempty"`
	HubWithContent   bool             `yaml:"hub_with_content,omitempty"`
	SimulationConfig SimulationConfig `yaml:"-"`
	DbConfig         *DatabaseCfg     `yaml:"-"`

	SimulationFilePath string `yaml:"-"`
	PrometheusUrl      string `yaml:"prometheus_uri"`
}

type DatabaseCfg added in v1.0.0 

type DatabaseCfg struct {
	User             string      `yaml:"user"`
	Password         string      `yaml:"password"`
	DbName           string      `yaml:"db_name"`
	SSLMode          string      `yaml:"sslmode"`
	SSLCACert        string      `yaml:"ssl_ca_cert"`
	SSLClientCert    string      `yaml:"ssl_client_cert"`
	SSLClientKey     string      `yaml:"ssl_client_key"`
	Host             string      `yaml:"host"`
	Port             int         `yaml:"port"`
	DbPath           string      `yaml:"db_path"`
	Type             string      `yaml:"type"`
	Flush            *FlushDBCfg `yaml:"flush"`
	LogLevel         log.Level   `yaml:"log_level"`
	MaxOpenConns     int         `yaml:"max_open_conns,omitempty"`
	UseWal           *bool       `yaml:"use_wal,omitempty"`
	DecisionBulkSize int         `yaml:"decision_bulk_size,omitempty"`
}

func (*DatabaseCfg) ConnectionDialect added in v1.5.0 

func (d *DatabaseCfg) ConnectionDialect() (string, string, error)

func (*DatabaseCfg) ConnectionString added in v1.5.0 

func (d *DatabaseCfg) ConnectionString() (string, error)

func (*DatabaseCfg) NewLogger added in v1.7.4 

func (d *DatabaseCfg) NewLogger() *log.Entry

type FlushDBCfg added in v1.0.0 

type FlushDBCfg struct {
	MaxItems *int `yaml:"max_items,omitempty"`
	// We could unmarshal as time.Duration, but alert filters right now are a map of strings
	MaxAge        cstime.DurationWithDays `yaml:"max_age,omitempty"`
	BouncersGC    *AuthGCCfg              `yaml:"bouncers_autodelete,omitempty"`
	AgentsGC      *AuthGCCfg              `yaml:"agents_autodelete,omitempty"`
	MetricsMaxAge cstime.DurationWithDays `yaml:"metrics_max_age,omitempty"`
}

type Getter added in v1.7.4 

type Getter func() *Config

type LocalAPIAutoRegisterCfg added in v1.6.3 

type LocalAPIAutoRegisterCfg struct {
	Enable              *bool        `yaml:"enabled"`
	Token               string       `yaml:"token"`
	AllowedRanges       []string     `yaml:"allowed_ranges,omitempty"`
	AllowedRangesParsed []*net.IPNet `yaml:"-"`
}

type LocalApiClientCfg added in v1.0.0 

type LocalApiClientCfg struct {
	CredentialsFilePath string             `yaml:"credentials_path,omitempty"` // credz will be edited by software, store in diff file
	Credentials         *ApiCredentialsCfg `yaml:"-"`
	InsecureSkipVerify  *bool              `yaml:"insecure_skip_verify"` // check if api certificate is bad or not
	UnregisterOnExit    bool               `yaml:"unregister_on_exit,omitempty"`
}

local api config (for crowdsec/cscli->lapi)

func (*LocalApiClientCfg) Load added in v1.0.10 

func (l *LocalApiClientCfg) Load() error

type LocalApiServerCfg added in v1.0.0 

type LocalApiServerCfg struct {
	Enable                        *bool                    `yaml:"enable"`
	ListenURI                     string                   `yaml:"listen_uri,omitempty"` // 127.0.0.1:8080
	ListenSocket                  string                   `yaml:"listen_socket,omitempty"`
	TLS                           *TLSCfg                  `yaml:"tls"`
	DbConfig                      *DatabaseCfg             `yaml:"-"`
	OnlineClient                  *OnlineApiClientCfg      `yaml:"online_client"`
	ProfilesPath                  string                   `yaml:"profiles_path,omitempty"`
	ConsoleConfigPath             string                   `yaml:"console_path,omitempty"`
	ConsoleConfig                 *ConsoleConfig           `yaml:"-"`
	Profiles                      []*ProfileCfg            `yaml:"-"`
	LogLevel                      log.Level                `yaml:"log_level"` // 0 == Panic - default to common log level
	UseForwardedForHeaders        bool                     `yaml:"use_forwarded_for_headers,omitempty"`
	TrustedProxies                *[]string                `yaml:"trusted_proxies,omitempty"`
	TrustedIPs                    []string                 `yaml:"trusted_ips,omitempty"`
	PapiLogLevel                  log.Level                `yaml:"papi_log_level"`
	DisableRemoteLapiRegistration bool                     `yaml:"disable_remote_lapi_registration,omitempty"`
	CapiWhitelistsPath            string                   `yaml:"capi_whitelists_path,omitempty"`
	CapiWhitelists                *CapiWhitelist           `yaml:"-"`
	AutoRegister                  *LocalAPIAutoRegisterCfg `yaml:"auto_registration,omitempty"`
	DisableUsageMetricsExport     bool                     `yaml:"disable_usage_metrics_export"`
}

local api service configuration

func (*LocalApiServerCfg) ClientURL added in v1.6.1 

func (c *LocalApiServerCfg) ClientURL() string

func (*LocalApiServerCfg) GetTrustedIPs added in v1.3.3 

func (c *LocalApiServerCfg) GetTrustedIPs() ([]net.IPNet, error)

func (*LocalApiServerCfg) LoadAutoRegister added in v1.6.3 

func (c *LocalApiServerCfg) LoadAutoRegister() error

func (*LocalApiServerCfg) LoadCapiWhitelists added in v1.5.0 

func (c *LocalApiServerCfg) LoadCapiWhitelists() error

func (*LocalApiServerCfg) LoadConsoleConfig added in v1.3.0 

func (c *LocalApiServerCfg) LoadConsoleConfig() error

func (*LocalApiServerCfg) LoadProfiles added in v1.0.0 

func (c *LocalApiServerCfg) LoadProfiles() error

func (*LocalApiServerCfg) NewAccessLogger added in v1.7.4 

func (c *LocalApiServerCfg) NewAccessLogger(cfg LogConfig, filename string) *log.Entry

NewAccessLogger builds and returns a logger configured for HTTP access logging using the provided log configuration. If log_media is "file", the access log is written to the provided filename inside LogDir. For "stdout" or "syslog", the access logger uses the same output destination as the standard logger.

func (*LocalApiServerCfg) NewPAPILogger added in v1.7.4 

func (c *LocalApiServerCfg) NewPAPILogger() *log.Entry

type LocalHubCfg added in v1.6.0 

type LocalHubCfg struct {
	HubIndexFile   string // Path to the local index file
	HubDir         string // Where the hub items are downloaded
	InstallDir     string // Where to install items
	InstallDataDir string // Where to install data
}

LocalHubCfg holds the configuration for a local hub: where to download etc.

type LogConfig added in v1.7.4 

type LogConfig struct {
	LogMedia     string `yaml:"log_media"`
	LogDir       string `yaml:"log_dir,omitempty"` // if LogMedia = file
	CompressLogs *bool  `yaml:"compress_logs,omitempty"`
	LogMaxSize   int    `yaml:"log_max_size,omitempty"`
	LogFormat    string `yaml:"log_format,omitempty"`
	LogMaxAge    int    `yaml:"log_max_age,omitempty"`
	LogMaxFiles  int    `yaml:"log_max_files,omitempty"`
}

LogConfig contains common fields used to create the default logger, or a service logger when the clone/sublogger pattern is not enough, for example access logger to use a different file name.

func (LogConfig) GetDir added in v1.7.4 

func (c LogConfig) GetDir() string

func (LogConfig) GetFormat added in v1.7.4 

func (c LogConfig) GetFormat() string

func (LogConfig) GetMedia added in v1.7.4 

func (c LogConfig) GetMedia() string

func (LogConfig) NewRotatingLogger added in v1.7.4 

func (c LogConfig) NewRotatingLogger(filename string) *lumberjack.Logger

type OnlineApiClientCfg added in v1.0.0 

type OnlineApiClientCfg struct {
	CredentialsFilePath string             `yaml:"credentials_path,omitempty"` // credz will be edited by software, store in diff file
	Credentials         *ApiCredentialsCfg `yaml:"-"`
	PullConfig          CapiPullConfig     `yaml:"pull,omitempty"`
	Sharing             *bool              `yaml:"sharing,omitempty"`
}

global api config (for lapi->capi)

func (*OnlineApiClientCfg) Load added in v1.0.10 

func (o *OnlineApiClientCfg) Load() error

Load loads the online credentials from the specified file, returning fs.ErrNotExist if the file does not exist.

type PluginCfg added in v1.2.0 

type PluginCfg struct {
	User  string
	Group string
}

type ProfileCfg added in v1.0.0 

type ProfileCfg struct {
	Name          string            `yaml:"name,omitempty"`
	Debug         *bool             `yaml:"debug,omitempty"`
	Filters       []string          `yaml:"filters,omitempty"` // A list of OR'ed expressions. the models.Alert object
	Decisions     []models.Decision `yaml:"decisions,omitempty"`
	DurationExpr  string            `yaml:"duration_expr,omitempty"`
	OnSuccess     string            `yaml:"on_success,omitempty"` // continue or break
	OnFailure     string            `yaml:"on_failure,omitempty"` // continue or break
	OnError       string            `yaml:"on_error,omitempty"`   // continue, break, error, report, apply, ignore
	Notifications []string          `yaml:"notifications,omitempty"`
}

Profile structure(s) are used by the local API to "decide" what kind of decision should be applied when a scenario with an active remediation has been triggered

type PrometheusCfg added in v1.0.0 

type PrometheusCfg struct {
	Enabled    bool                       `yaml:"enabled"`
	Level      metrics.MetricsLevelConfig `yaml:"level"`
	ListenAddr string                     `yaml:"listen_addr"`
	ListenPort int                        `yaml:"listen_port"`
}

type SimulationConfig added in v0.3.0 

type SimulationConfig struct {
	Simulation bool     `yaml:"simulation"`
	Exclusions []string `yaml:"exclusions,omitempty"`
}

func (*SimulationConfig) IsSimulated added in v1.0.0 

func (s *SimulationConfig) IsSimulated(scenario string) bool

type TLSCfg added in v1.0.0 

type TLSCfg struct {
	CertFilePath       string         `yaml:"cert_file"`
	KeyFilePath        string         `yaml:"key_file"`
	ClientVerification string         `yaml:"client_verification,omitempty"`
	ServerName         string         `yaml:"server_name"`
	CACertPath         string         `yaml:"ca_cert_path"`
	AllowedAgentsOU    []string       `yaml:"agents_allowed_ou"`
	AllowedBouncersOU  []string       `yaml:"bouncers_allowed_ou"`
	CRLPath            string         `yaml:"crl_path"`
	CacheExpiration    *time.Duration `yaml:"cache_expiration,omitempty"`
}

func (*TLSCfg) GetAuthType added in v1.6.0 

func (t *TLSCfg) GetAuthType() (tls.ClientAuthType, error)

func (*TLSCfg) GetTLSConfig added in v1.6.0 

func (t *TLSCfg) GetTLSConfig() (*tls.Config, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.