diff --git a/docker/compose/crowdsec.env b/docker/compose/crowdsec.env index 6fb45d8..63e6c1d 100644 --- a/docker/compose/crowdsec.env +++ b/docker/compose/crowdsec.env @@ -1,2 +1,88 @@ #CROWDSEC_COLLECTIONS="crowdsecurity/linux crowdsecurity/traefik" -CROWDSEC_COLLECTIONS="crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/iptables crowdsecurity/linux fulljackz/proxmox" \ No newline at end of file +CROWDSEC_COLLECTIONS="crowdsecurity/traefik crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/iptables crowdsecurity/linux fulljackz/proxmox" +TZ=${TZ} +# +#Register a new agent with LAPI +#Without TLS authentication: + +#docker exec -it crowdsec_lapi_container_name cscli machines add agent_user_name --password agent_password +#With TLS authentication: + +#Agents are automatically registered and don't need a username or password. The agents' names are derived from the IP address from which they connect. + +#Run an agent connected to LAPI +#Add the following environment variables to the docker run command: + +#DISABLE_LOCAL_API=true +#AGENT_USERNAME="agent_user_name" - agent_user_name previously registered with LAPI +#AGENT_PASSWORD="agent_password" - agent_password previously registered with LAPI +#LOCAL_API_URL="http://LAPI_host:LAPI_port" + +#Variable Default Description +#CONFIG_FILE /etc/crowdsec/config.yaml Configuration file location +#DISABLE_AGENT false Disable the agent, run a LAPI-only container +#DISABLE_LOCAL_API false Disable LAPI, run an agent-only container +#DISABLE_ONLINE_API false Disable online API registration for signal sharing +#TEST_MODE false Don't run the service, only test the configuration: -e TEST_MODE=true +#TZ Set the timezone⁠ to ensure the logs have a local timestamp. +#LOCAL_API_URL http://0.0.0.0:8080 The LAPI URL, you need to change this when DISABLE_LOCAL_API is true: +# -e LOCAL_API_URL="http://lapi-address:8080" +#PLUGIN_DIR /usr/local/lib/crowdsec/plugins/ Directory for plugins: -e PLUGIN_DIR="" +#METRICS_PORT 6060 Port to expose Prometheus metrics +# +#LAPI (useless with DISABLE_LOCAL_API) +# USE_WAL false Enable Write-Ahead Logging with SQLite +3 CUSTOM_HOSTNAME localhost Name for the local agent (running in the container with LAPI) +3 CAPI_WHITELISTS_PATH Path for capi_whitelists.yaml +#Agent (these don't work with DISABLE_AGENT) +# TYPE Labels.type⁠ for file in time-machine: -e TYPE="" +# DSN Process a single source in time-machine: +# -e DSN="file:///var/log/toto.log" or +# -e DSN="cloudwatch:///your/group/path:stream_name?profile=dev&backlog=16h" or +# -e DSN="journalctl://filters=_SYSTEMD_UNIT=ssh.service" +#Bouncers +# BOUNCER_KEY_ Register a bouncer with the name and a key equal to the value of the environment variable. +#Console +# ENROLL_KEY Enroll key retrieved from the console⁠ to enroll the instance. +# ENROLL_INSTANCE_NAME To set an instance name and see it on the console⁠ +# ENROLL_TAGS Tags of the enrolled instance, for search and filter +#Password Auth +# AGENT_USERNAME Agent username (to register if is LAPI or to use if it's an agent): -e AGENT_USERNAME="machine_id" +# AGENT_PASSWORD Agent password (to register if is LAPI or to use if it's an agent): -e AGENT_PASSWORD="machine_password" +#TLS Encryption +# USE_TLS false Enable TLS encryption (either as a LAPI or agent) +# CACERT_FILE CA certificate bundle (for self-signed certificates) +# INSECURE_SKIP_VERIFY Skip LAPI certificate validation +# LAPI_CERT_FILE LAPI TLS Certificate path +# LAPI_KEY_FILE LAPI TLS Key path +#TLS Authentication (these require USE_TLS=true) +# CLIENT_CERT_FILE Client TLS Certificate path (enable TLS authentication) +# CLIENT_KEY_FILE Client TLS Key path +# AGENTS_ALLOWED_OU agent-ou OU values allowed for agents, separated by comma +# BOUNCERS_ALLOWED_OU bouncer-ou OU values allowed for bouncers, separated by comma +#Hub management +# NO_HUB_UPGRADE false Skip hub update / upgrade when the container starts +# COLLECTIONS Collections to install, separated by space: -e COLLECTIONS="crowdsecurity/linux crowdsecurity/apache2" +# PARSERS Parsers to install, separated by space +# SCENARIOS Scenarios to install, separated by space +# POSTOVERFLOWS Postoverflows to install, separated by space +# CONTEXTS Context files to install, separated by space +# APPSEC_CONFIGS Appsec configs files to install, separated by space +# APPSEC_RULES Appsec rules files to install, separated by space +# DISABLE_COLLECTIONS Collections to remove, separated by space: -e DISABLE_COLLECTIONS="crowdsecurity/linux crowdsecurity/nginx" +# DISABLE_PARSERS Parsers to remove, separated by space +# DISABLE_SCENARIOS Scenarios to remove, separated by space +# DISABLE_POSTOVERFLOWS Postoverflows to remove, separated by space +# DISABLE_CONTEXTS Context files to remove, separated by space +# DISABLE_APPSEC_CONFIGS Appsec configs files to remove, separated by space +# DISABLE_APPSEC_RULES Appsec rules files to remove, separated by space +#Log verbosity +# LEVEL_FATAL false Force FATAL level for the container log +# LEVEL_ERROR false Force ERROR level for the container log +# LEVEL_WARN false Force WARN level for the container log +# LEVEL_INFO false Force INFO level for the container log +# LEVEL_DEBUG false Force DEBUG level for the container log +# LEVEL_TRACE false Force TRACE level (VERY verbose) for the container log +#Developer options +# CI_TESTING false Used during functional tests +# DEBUG false Trace the entrypoint \ No newline at end of file