Initial commit

2023-08-09 14:01:28 +02:00
commit f4efbc7a63
199 changed files with 13338 additions and 0 deletions
--- a/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/base-http-scenarios.yaml
+++ b/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/base-http-scenarios.yaml
@@ -0,0 +1,25 @@
+parsers:
+  - crowdsecurity/http-logs
+scenarios:
+  - crowdsecurity/http-crawl-non_statics
+  - crowdsecurity/http-probing
+  - crowdsecurity/http-bad-user-agent
+  - crowdsecurity/http-path-traversal-probing
+  - crowdsecurity/http-sensitive-files
+  - crowdsecurity/http-sqli-probing
+  - crowdsecurity/http-xss-probing
+  - crowdsecurity/http-backdoors-attempts
+  - ltsich/http-w00tw00t
+  - crowdsecurity/http-generic-bf
+  - crowdsecurity/http-open-proxy
+collections:
+  - crowdsecurity/http-cve
+
+description: "http common : scanners detection"
+author: crowdsecurity
+tags:
+  - linux
+  - http
+  - crawl
+  - scan
+
--- a/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/dovecot.yaml
+++ b/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/dovecot.yaml
@@ -0,0 +1,10 @@
+parsers:
+  - crowdsecurity/dovecot-logs
+scenarios:
+  - crowdsecurity/dovecot-spam
+description: "dovecot support : parser and spammer detection"
+author: crowdsecurity
+tags:
+  - linux
+  - spam
+  - bruteforce
--- a/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/http-cve.yaml
+++ b/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/http-cve.yaml
@@ -0,0 +1,30 @@
+scenarios:
+  - crowdsecurity/http-cve-2021-41773
+  - crowdsecurity/http-cve-2021-42013
+  - crowdsecurity/grafana-cve-2021-43798
+  - crowdsecurity/vmware-vcenter-vmsa-2021-0027
+  - crowdsecurity/fortinet-cve-2018-13379
+  - crowdsecurity/pulse-secure-sslvpn-cve-2019-11510
+  - crowdsecurity/f5-big-ip-cve-2020-5902
+  - crowdsecurity/thinkphp-cve-2018-20062
+  - crowdsecurity/apache_log4j2_cve-2021-44228
+  - crowdsecurity/jira_cve-2021-26086
+  - crowdsecurity/spring4shell_cve-2022-22965
+  - crowdsecurity/vmware-cve-2022-22954
+  - crowdsecurity/CVE-2022-37042
+  - crowdsecurity/CVE-2022-41082
+  - crowdsecurity/CVE-2022-35914
+  - crowdsecurity/CVE-2022-40684
+  - crowdsecurity/CVE-2022-26134
+  - crowdsecurity/CVE-2022-42889
+  - crowdsecurity/CVE-2022-41697
+  - crowdsecurity/CVE-2022-46169
+  - crowdsecurity/CVE-2022-44877
+  - crowdsecurity/CVE-2019-18935
+  - crowdsecurity/netgear_rce
+author: crowdsecurity
+tags:
+  - web
+  - exploit
+  - cve
+  - http
--- a/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/linux.yaml
+++ b/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/linux.yaml
@@ -0,0 +1,11 @@
+parsers:
+  - crowdsecurity/syslog-logs
+  - crowdsecurity/geoip-enrich
+  - crowdsecurity/dateparse-enrich
+collections:
+  - crowdsecurity/sshd
+description: "core linux support : syslog+geoip+ssh"
+author: crowdsecurity
+tags:
+  - linux
+
--- a/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/nginx.yaml
+++ b/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/nginx.yaml
@@ -0,0 +1,15 @@
+parsers:
+#generic post-parsing of http stuff
+  - crowdsecurity/nginx-logs
+collections:
+  - crowdsecurity/base-http-scenarios
+scenarios:
+  - crowdsecurity/nginx-req-limit-exceeded
+description: "nginx support : parser and generic http scenarios"
+author: crowdsecurity
+tags:
+  - linux
+  - nginx
+  - crawl
+  - scan
+
--- a/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/postfix.yaml
+++ b/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/postfix.yaml
@@ -0,0 +1,11 @@
+parsers:
+  - crowdsecurity/postfix-logs
+  - crowdsecurity/postscreen-logs
+scenarios:
+  - crowdsecurity/postfix-spam
+description: "postfix support : parser and spammer detection"
+author: crowdsecurity
+tags:
+  - linux
+  - spam
+  - bruteforce
--- a/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/sshd.yaml
+++ b/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/sshd.yaml
@@ -0,0 +1,12 @@
+parsers:
+  - crowdsecurity/sshd-logs
+scenarios:
+  - crowdsecurity/ssh-bf
+  - crowdsecurity/ssh-slow-bf
+description: "sshd support : parser and brute-force detection"
+author: crowdsecurity
+tags:
+  - linux
+  - ssh
+  - bruteforce
+
--- a/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/traefik.yaml
+++ b/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/traefik.yaml
@@ -0,0 +1,12 @@
+# co-authored with gmelodie (https://github.com/gmelodie)
+parsers:
+  - crowdsecurity/traefik-logs
+collections:
+  - crowdsecurity/base-http-scenarios
+description: "traefik support: parser and generic http scenarios"
+author: crowdsecurity
+tags:
+  - traefik
+  - http
+  - bruteforce
+
--- a/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/whitelist-good-actors.yaml
+++ b/traefik-crowdsec-stack/crowdsec/config/hub/collections/crowdsecurity/whitelist-good-actors.yaml
@@ -0,0 +1,10 @@
+postoverflows:
+  - crowdsecurity/seo-bots-whitelist
+  - crowdsecurity/cdn-whitelist
+  - crowdsecurity/rdns
+description: "Good actors whitelists"
+author: crowdsecurity
+tags:
+  - whitelist
+  - bots
+  - partners