crowdsec: initial package v1.2.0

[erdoukki]

/net/crowdsec/

Crowdsec - An open-source, lightweight agent to detect
and respond to bad behaviours.
It also automatically benefits from a global community-wide
IP reputation database.

Signed-off-by: Kerma Gérald gandalf@gk2.net

CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.

Maintainer: Gérald Kerma Gandalf@Gk2.net

Compile tested:

• ARM64, MVEBU, EspressoBin & EspressoBin Ultra, OpenWrt master)
• MIPS, MT7621, Xiaomi Mi Router 3 Pro, OpenWrt master)

Run tested:

• ARM64, MVEBU, EspressoBin & EspressoBin Ultra, OpenWrt version 19.07.7 & 21.02-RC4)

Short Descritpion:
CrowdSec is an Open Source Participative Security IPS.

Description:
Crowdsec - An open-source, lightweight agent to detect and respond to bad behaviours. It also automatically benefits from our global community-wide IP reputation database.
crowdsec-firewall-bouncer will fetch new and old decisions from a CrowdSec API to add them in a blocklist used by supported firewalls.

References:
crowdsecurity/crowdsec#685

CrowdSec is the new Fail2Ban alternative...
CrowdSec is an open-source and collaborative EDR.
Analyze behaviors, respond to attacks & share signals across the community.

CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM based infrastructures (by decoupling detection and remediation). Once detected you can remedy threats with various bouncers (firewall block, nginx http 403, Captchas, etc.) while the aggressive IP can be sent to CrowdSec for curation before being shared among all users to further improve everyone's security.

More @ https://crowdsec.net/

Use case (POC):
On an OpenWrt based router, you can quickly and efficiently ban a collaborative list of bad guys IP source, you can also centralize remote servers access attempts and ban on bad access attempts scenarios directly on your OpenWrt Internet access gateway...

Forum Topic :
https://forum.openwrt.org/t/crowdsec-packages-for-openwrt/102648/

[erdoukki]

Builds tests on Ubuntu, without any errors...

gerald@P3530:/media/gerald/EBINDEV/DEVEL/OWRT/crowdsec/openwrt$ uname -ar
Linux P3530 5.8.0-63-lowlatency #71-Ubuntu SMP PREEMPT Tue Jul 13 16:59:06 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

gerald@P3530:/media/gerald/EBINDEV/DEVEL/OWRT/crowdsec/openwrt$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 20.10
Release:	20.10
Codename:	groovy

[ja-pa]

Tests are failing because of dirty patches. You should call make package/example/refresh V=s to refresh them (see https://openwrt.org/docs/guide-developer/build-system/use-patches-with-buildsystem#refreshing_patches)

[erdoukki]

Some issue because of the missing ld-gold :
I have used :

  PKG_CONFIG_DEPENDS:= \
  	@CONFIG_EXTRA_BINUTILS_CONFIG_OPTIONS="--enable-gold --enable-plugins"

but it looks like not to work !
How can I fix this ?

Edit: It is a requirement for ARM builds !

collect2: fatal error: cannot find 'ld'

Reference :
#16193

[erdoukki]

another issue with jq host depends ?

   HOST_DEPENDS:=jq

How can I fix this ?

[neheb]

ping @jefferyto

[erdoukki]

Precompiled packages for mvebu espressobin boards are available here for testing
https://github.com/erdoukki/crowdsec-openwrt
In package/custom

[erdoukki]

@jefferyto Okay for you ?

[erdoukki]

Please update to 1.2

@aparcar
Done.
Thanks

[erdoukki]

@PolynomialDivision
Can you, please, look at this PR ?

[erdoukki]

I hope this PR can be merged soon, there is not a lot of solution as this to fight efficiently against Ransomware and Mass DDOS Cyber Attack !
I am testing CrowdSec and CrowdSec Firewall Bouncer on OpenWrt 21.02.0 and on 19.07.x since some months now, as a fan.
I can say that the solution already protect me of all days attacks without needing any user interaction...

I do not see any better place than a Routeur to take action and ban aggressive IP.
The Fail2Ban alternative of CrowdSec may remedy the rise of attacks.

@ALL

Sorry at all OpenWrt members if I still ask for your time, but I still will as recommended in the Guidelines ( https://openwrt.org/submitting-patches#don_t_get_discouraged_re-submit )...

@jefferyto Okay for you ?

Do I need to add a mention as "Reviewed-by:" ?

@blotus @buixor

Do you want that I add a “Cc:” mention ?

@aparcar @ja-pa @BKPepe @neheb

Thanks for your comments, is the modifications done okay for you now ?

@erdoukki

Be patient, OpenWrt users will soon enter into this great project in the Open Source Participative Security IPS...

[erdoukki]

PING

[erdoukki]

PING

What can I do to help this package to be merged ?

Sorry to ask again, and again, and again...
I am sure all @openwrt have already their spare time full !
Thanks in advance

[PolynomialDivision]

@PolynomialDivision Can you, please, look at this PR ?

I can have a look, but aren't enough people already reviewing it?

[PolynomialDivision]

You add in 1 commit 2 packages. To my knowledge, our GitHub workflows won't work correctly. Please seperate that into two commits.

[erdoukki]

You add in 1 commit 2 packages. To my knowledge, our GitHub workflows won't work correctly. Please seperate that into two commits.

Okay, I will update this PR with the master component, and open another with the Firewall add-on...
Thanks...

[erdoukki]

#16844 will contain the crowdsec-firewall-bouncer part...

[PolynomialDivision]

Here, also. Please don't do capital C in the commit message. So crowdsec: ...

[erdoukki]

@PolynomialDivision Thanks for your time and review !

[PolynomialDivision]

Thanks for contributing! I gave you my approve for both PRs. However, I will not merge directly since I do not want to bypass other reviewers. Maybe @jefferyto can take care of this, since he was initial reviewer. If nothing happens and no nack happens, I will also merge in a couple of days, so your package gets upstream openwrt support.

[jefferyto]

It is better to have separate commits to add multiple packages, but it wasn't strictly necessary to split the packages into separate PRs. (The CI checks were running fine before.)

I usually help to review Go packages and leave merging to people who know more than me. I guess in this case people are waiting for me to merge 😂

Thanks for your patience @erdoukki!