mirror of
https://github.com/SebastianStork/nixos-config.git
synced 2026-01-21 18:41:34 +01:00
Track ssh logs with crowdsec
This commit is contained in:
parent
cb6570667b
commit
494327d30e
2 changed files with 30 additions and 18 deletions
|
|
@ -16,6 +16,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
firewallBouncer.enable = true;
|
firewallBouncer.enable = true;
|
||||||
sources = [
|
sources = [
|
||||||
|
"sshd"
|
||||||
"iptables"
|
"iptables"
|
||||||
"caddy"
|
"caddy"
|
||||||
];
|
];
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,7 @@ in
|
||||||
sources = lib.mkOption {
|
sources = lib.mkOption {
|
||||||
type = lib.types.listOf (
|
type = lib.types.listOf (
|
||||||
lib.types.enum [
|
lib.types.enum [
|
||||||
|
"sshd"
|
||||||
"iptables"
|
"iptables"
|
||||||
"caddy"
|
"caddy"
|
||||||
]
|
]
|
||||||
|
|
@ -42,33 +43,43 @@ in
|
||||||
prometheus.enabled = false;
|
prometheus.enabled = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
acquisitions = [
|
acquisitions =
|
||||||
|
let
|
||||||
|
mkAcquisition =
|
||||||
|
enable: unit:
|
||||||
|
lib.optionalAttrs enable {
|
||||||
|
source = "journalctl";
|
||||||
|
journalctl_filter = [ "_SYSTEMD_UNIT=${unit}" ];
|
||||||
|
labels.type = "syslog";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
[
|
||||||
|
(mkAcquisition (lib.elem "sshd" cfg.sources) "sshd.service")
|
||||||
|
(mkAcquisition (lib.elem "caddy" cfg.sources) "caddy.service")
|
||||||
(lib.mkIf (lib.elem "iptables" cfg.sources) {
|
(lib.mkIf (lib.elem "iptables" cfg.sources) {
|
||||||
source = "journalctl";
|
source = "journalctl";
|
||||||
journalctl_filter = [ "-k" ];
|
journalctl_filter = [ "-k" ];
|
||||||
labels.type = "syslog";
|
labels.type = "syslog";
|
||||||
})
|
})
|
||||||
(lib.mkIf (lib.elem "caddy" cfg.sources) {
|
|
||||||
source = "journalctl";
|
|
||||||
journalctl_filter = [ "_SYSTEMD_UNIT=caddy.service" ];
|
|
||||||
labels.type = "syslog";
|
|
||||||
})
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.crowdsec.preStart =
|
systemd.services.crowdsec.preStart =
|
||||||
let
|
let
|
||||||
collections = lib.flatten [
|
|
||||||
"crowdsecurity/linux"
|
|
||||||
(lib.optional (lib.elem "iptables" cfg.sources) "crowdsecurity/iptables")
|
|
||||||
(lib.optional (lib.elem "caddy" cfg.sources) "crowdsecurity/caddy")
|
|
||||||
];
|
|
||||||
addCollection = collection: ''
|
addCollection = collection: ''
|
||||||
if ! cscli collections list | grep -q "${collection}"; then
|
if ! cscli collections list | grep -q "${collection}"; then
|
||||||
cscli collections install ${collection}
|
cscli collections install ${collection}
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
collections |> lib.map addCollection |> lib.concatLines;
|
[
|
||||||
|
"crowdsecurity/linux"
|
||||||
|
(lib.optional (lib.elem "sshd" cfg.sources) "crowdsecurity/sshd")
|
||||||
|
(lib.optional (lib.elem "caddy" cfg.sources) "crowdsecurity/caddy")
|
||||||
|
(lib.optional (lib.elem "iptables" cfg.sources) "crowdsecurity/iptables")
|
||||||
|
]
|
||||||
|
|> lib.flatten
|
||||||
|
|> lib.map addCollection
|
||||||
|
|> lib.concatLines;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue