christian/docker_compose_company_stack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
root
2023-08-09 14:01:28 +02:00
commit f4efbc7a63
199 changed files with 13338 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
traefik-crowdsec-stack/crowdsec/config/hub/postoverflows/s00-enrich/crowdsecurity/rdns.yaml Normal file
View File

@@ -0,0 +1,9 @@
onsuccess: next_stage
filter: "evt.Overflow.Alert.Remediation == true && evt.Overflow.Alert.GetScope() == 'Ip'"
name: crowdsecurity/rdns
description: "Lookup the DNS associated to the source IP only for overflows"
statics:
- method: reverse_dns
expression: evt.Overflow.Alert.Source.IP
- meta: reverse_dns
expression: evt.Enriched.reverse_dns

14
traefik-crowdsec-stack/crowdsec/config/hub/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml Normal file
View File

@@ -0,0 +1,14 @@
name: crowdsecurity/cdn-whitelist
description: "Whitelist CDN providers"
whitelist:
reason: "CDN provider"
expression:
- "any(File('cloudflare_ips.txt'), { IpInRange(evt.Overflow.Alert.Source.IP ,#)})"
- "any(File('cloudflare_ip6s.txt'), { IpInRange(evt.Overflow.Alert.Source.IP ,#)})"
data:
- source_url: https://www.cloudflare.com/ips-v4
dest_file: cloudflare_ips.txt
type: string
- source_url: https://www.cloudflare.com/ips-v6
dest_file: cloudflare_ip6s.txt
type: string

18
traefik-crowdsec-stack/crowdsec/config/hub/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.yaml Normal file
View File

@@ -0,0 +1,18 @@
name: crowdsecurity/seo-bots-whitelist
description: "Whitelist good search engine crawlers"
whitelist:
reason: "good bots (search engine crawlers)"
expression:
- "any(File('rdns_seo_bots.txt'), { len(#) > 0 && evt.Enriched.reverse_dns endsWith #})"
- "RegexpInFile(evt.Enriched.reverse_dns, 'rdns_seo_bots.regex')"
- "any(File('ip_seo_bots.txt'), { len(#) > 0 && IpInRange(evt.Overflow.Alert.Source.IP ,#)})"
data:
- source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/rdns_seo_bots.txt
dest_file: rdns_seo_bots.txt
type: string
- source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/rnds_seo_bots.regex
dest_file: rdns_seo_bots.regex
type: regexp
- source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/ip_seo_bots.txt
dest_file: ip_seo_bots.txt
type: string