add crowdsec rule ot skip my home ip[ci skip]
This commit is contained in:
parent
43800017b3
commit
83545c6327
2 changed files with 57 additions and 0 deletions
|
|
@ -64,6 +64,28 @@ resource "kubernetes_config_map" "crowdsec_custom_scenarios" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Whitelist for trusted IPs that should never be blocked
|
||||||
|
resource "kubernetes_config_map" "crowdsec_whitelist" {
|
||||||
|
metadata {
|
||||||
|
name = "crowdsec-whitelist"
|
||||||
|
namespace = kubernetes_namespace.crowdsec.metadata[0].name
|
||||||
|
labels = {
|
||||||
|
"app.kubernetes.io/name" = "crowdsec"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
data = {
|
||||||
|
"whitelist.yaml" = <<-YAML
|
||||||
|
name: crowdsecurity/whitelist-trusted-ips
|
||||||
|
description: "Whitelist for trusted IPs that should never be blocked"
|
||||||
|
whitelist:
|
||||||
|
reason: "Trusted IP - never block"
|
||||||
|
ip:
|
||||||
|
- "176.12.22.76"
|
||||||
|
YAML
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
resource "helm_release" "crowdsec" {
|
resource "helm_release" "crowdsec" {
|
||||||
namespace = kubernetes_namespace.crowdsec.metadata[0].name
|
namespace = kubernetes_namespace.crowdsec.metadata[0].name
|
||||||
|
|
|
||||||
|
|
@ -31,10 +31,17 @@ agent:
|
||||||
mountPath: /etc/crowdsec/scenarios/http-429-abuse.yaml
|
mountPath: /etc/crowdsec/scenarios/http-429-abuse.yaml
|
||||||
subPath: "http-429-abuse.yaml"
|
subPath: "http-429-abuse.yaml"
|
||||||
readonly: true
|
readonly: true
|
||||||
|
- name: whitelist
|
||||||
|
mountPath: /etc/crowdsec/parsers/s02-enrich/whitelist.yaml
|
||||||
|
subPath: "whitelist.yaml"
|
||||||
|
readonly: true
|
||||||
extraVolumes:
|
extraVolumes:
|
||||||
- name: custom-scenarios
|
- name: custom-scenarios
|
||||||
configMap:
|
configMap:
|
||||||
name: crowdsec-custom-scenarios
|
name: crowdsec-custom-scenarios
|
||||||
|
- name: whitelist
|
||||||
|
configMap:
|
||||||
|
name: crowdsec-whitelist
|
||||||
lapi:
|
lapi:
|
||||||
replicas: 3
|
replicas: 3
|
||||||
extraSecrets:
|
extraSecrets:
|
||||||
|
|
@ -117,6 +124,34 @@ lapi:
|
||||||
type: RollingUpdate
|
type: RollingUpdate
|
||||||
|
|
||||||
config:
|
config:
|
||||||
|
# Custom profiles: captcha for rate limiting, ban for attacks
|
||||||
|
profiles.yaml: |
|
||||||
|
# Captcha for rate limiting and 403 abuse (user can unblock themselves)
|
||||||
|
name: captcha_remediation
|
||||||
|
filters:
|
||||||
|
- Alert.Remediation == true && Alert.GetScope() == "Ip" && Alert.GetScenario() in ["crowdsecurity/http-429-abuse", "crowdsecurity/http-403-abuse", "crowdsecurity/http-crawl-non_statics", "crowdsecurity/http-sensitive-files"]
|
||||||
|
decisions:
|
||||||
|
- type: captcha
|
||||||
|
duration: 4h
|
||||||
|
on_success: break
|
||||||
|
---
|
||||||
|
# Default: Ban for serious attacks (CVE exploits, scanners, brute force)
|
||||||
|
name: default_ip_remediation
|
||||||
|
filters:
|
||||||
|
- Alert.Remediation == true && Alert.GetScope() == "Ip"
|
||||||
|
decisions:
|
||||||
|
- type: ban
|
||||||
|
duration: 4h
|
||||||
|
on_success: break
|
||||||
|
---
|
||||||
|
name: default_range_remediation
|
||||||
|
filters:
|
||||||
|
- Alert.Remediation == true && Alert.GetScope() == "Range"
|
||||||
|
decisions:
|
||||||
|
- type: ban
|
||||||
|
duration: 4h
|
||||||
|
on_success: break
|
||||||
|
|
||||||
config.yaml.local: |
|
config.yaml.local: |
|
||||||
db_config:
|
db_config:
|
||||||
type: mysql
|
type: mysql
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue