new plugin: security/crowdsec

[mmetc]

This is a plugin we developed to provide configuration and a basic UI for the crowdsec IDS and IPS. It depends on a couple of binaries recently added to ports.conf

Adding machines (servers, other firewalls) and advanced configuration are not managed by the UI but available from the command line.

[AdSchellevis]

@mmetc it would be better to unpack the different flag options into parsable ones, it's more or less impossible to validate user input in the long term for these kind of fields. I'll try to review the rest of the plugin later.

[mmetc]

@AdSchellevis thanks, good point. I replaced the free-text *_flags options with the only two flags that are actually useful right now, and updated the screenshot.

[fichtner]

overall this looks good for inclusion, nice work! let's iterate through some early feedback and then merge to work on the remainder in the tree

[mmetc]

Thanks for the careful review!
I am collecting your remarks and will act upon them, if not for the initial release, for the next one.

[fichtner]

Two open comments, but looks good to me. I'll leave the merge up to @AdSchellevis which could take a bit since this week is more or less a vacation week.

[AdSchellevis]

@mmetc If I'm not mistaken the only open item on the list is the setup.sh at the moment, right? if you need help, just ping me.

[mmetc]

Oh thanks, I thought and closed it. I'm not doing setup.sh because the directory is needed by "configctl template reload" upon install, not by my own daemons at boot.
Thanks again for the extensive review

[mmetc]

I don't want to push but I think this is ready to be merged, just in case I'm missing something..

[fichtner]

I don’t understand the argument against setup.sh, but as said I’m ok with the current state.