MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-02-03 09:55:57 -05:00
Code Issues Packages Projects Releases Wiki Activity

More CrowdSec improvements.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2022-07-08 00:15:06 -07:00
parent 40bc91b6f3
commit ecdf0e450a
3 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
MeshCentralServer.njsproj
View File

@ -100,6 +100,7 @@
<Compile Include="amt\amt-xml.js" /> <Compile Include="amt\amt-xml.js" />
<Compile Include="amt\amt.js" /> <Compile Include="amt\amt.js" />
<Compile Include="authenticode.js" /> <Compile Include="authenticode.js" />
<Compile Include="crowdsec.js" />
<Compile Include="exeHandler.js" /> <Compile Include="exeHandler.js" />
<Compile Include="amtprovisioningserver.js" /> <Compile Include="amtprovisioningserver.js" />
<Compile Include="firebase.js" /> <Compile Include="firebase.js" />

7
crowdsec.js
View File

@ -5,7 +5,7 @@ module.exports.CreateCrowdSecBouncer = function (parent, config) {
const { getLogger } = require('@crowdsec/express-bouncer/src/nodejs-bouncer/lib/logger'); const { getLogger } = require('@crowdsec/express-bouncer/src/nodejs-bouncer/lib/logger');
const { configure, renderBanWall, testConnectionToCrowdSec, getRemediationForIp } = require('@crowdsec/express-bouncer/src/nodejs-bouncer'); const { configure, renderBanWall, testConnectionToCrowdSec, getRemediationForIp } = require('@crowdsec/express-bouncer/src/nodejs-bouncer');
const applyCaptcha = require('@crowdsec/express-bouncer/src/express-crowdsec-middleware/lib/captcha'); const applyCaptcha = require('@crowdsec/express-bouncer/src/express-crowdsec-middleware/lib/captcha');
const { BYPASS_REMEDIATION, CAPTCHA_REMEDIATION, BAN_REMEDIATION } = require('@crowdsec/express-bouncer/src/nodejs-bouncer/lib/constants'); const { BYPASS_REMEDIATION, CAPTCHA_REMEDIATION, BAN_REMEDIATION } = require('@crowdsec/express-bouncer/src/nodejs-bouncer/lib/constants'); // "bypass", "captcha", "ban";
const svgCaptcha = require('svg-captcha'); const svgCaptcha = require('svg-captcha');
const { renderCaptchaWall } = require('@crowdsec/express-bouncer/src/nodejs-bouncer'); const { renderCaptchaWall } = require('@crowdsec/express-bouncer/src/nodejs-bouncer');
@ -15,7 +15,7 @@ module.exports.CreateCrowdSecBouncer = function (parent, config) {
// Set the default values // Set the default values
if (typeof config.userAgent != 'string') { config.userAgent = "CrowdSec Express-NodeJS bouncer/v0.0.1"; } if (typeof config.userAgent != 'string') { config.userAgent = "CrowdSec Express-NodeJS bouncer/v0.0.1"; }
if (typeof config.timeout != 'number') { config.timeout = 2000; } if (typeof config.timeout != 'number') { config.timeout = 2000; }
if (typeof config.fallbackRemediation != 'number') { config.fallbackRemediation = BAN_REMEDIATION; } if ((typeof config.fallbackRemediation != 'string') || (["bypass", "captcha", "ban"].indexOf(config.fallbackRemediation) == -1)) { config.fallbackRemediation = BAN_REMEDIATION; }
if (typeof config.maxRemediation != 'number') { config.maxRemediation = BAN_REMEDIATION; } if (typeof config.maxRemediation != 'number') { config.maxRemediation = BAN_REMEDIATION; }
if (typeof config.captchaGenerationCacheDuration != 'number') { config.captchaGenerationCacheDuration = 60 * 1000; } if (typeof config.captchaGenerationCacheDuration != 'number') { config.captchaGenerationCacheDuration = 60 * 1000; }
if (typeof config.captchaResolutionCacheDuration != 'number') { config.captchaResolutionCacheDuration = 30 * 60 * 1000; } if (typeof config.captchaResolutionCacheDuration != 'number') { config.captchaResolutionCacheDuration = 30 * 60 * 1000; }
@ -53,7 +53,8 @@ module.exports.CreateCrowdSecBouncer = function (parent, config) {
// Process a web request // Process a web request
obj.process = async function (domain, req, res, next) { obj.process = async function (domain, req, res, next) {
try { try {
const remediation = await getRemediationForIp(req.clientIp); var remediation = config.fallbackRemediation;
try { remediation = await getRemediationForIp(req.clientIp); } catch (ex) { }
//console.log('CrowdSec', req.clientIp, remediation, req.url); //console.log('CrowdSec', req.clientIp, remediation, req.url);
switch (remediation) { switch (remediation) {
case BAN_REMEDIATION: case BAN_REMEDIATION:

3
meshcentral-config-schema.json
View File

@ -201,7 +201,8 @@
"description": "Enabled the MeshCentral built-in Crowdsec bouncer. This section is passed directly to the bouncer, all of the settings are documented at https://www.npmjs.com/package/@crowdsec/express-bouncer", "description": "Enabled the MeshCentral built-in Crowdsec bouncer. This section is passed directly to the bouncer, all of the settings are documented at https://www.npmjs.com/package/@crowdsec/express-bouncer",
"properties": { "properties": {
"url": { "type": "string", "description": "The URL of your LAPI instance. Ex: http://localhost:8080" }, "url": { "type": "string", "description": "The URL of your LAPI instance. Ex: http://localhost:8080" },
"apiKey": { "type": "string", "description": "The bouncer key (generated via cscli)" } "apiKey": { "type": "string", "description": "The bouncer key (generated via cscli)." },
"fallbackRemediation": { "type": "string", "default": "ban", "enum": ["bypass", "captcha", "ban"], "description": "Action to perform if the CrowdSec agent can't be contacted." }
}, },
"required": [ "url", "apiKey" ] "required": [ "url", "apiKey" ]
}, },