v1.0.8

Improvements

• allow for acquisition files to be specified from a directory as well (#619) @buixor
• improve logging cscli and wizard (#643) @AlteredCoder
• add a prometheus_uri option for cscli's config (#625) @buixor

Bug Fixes

• docker: fix the perms of SQLite DB for metabase (#647) @buixor
• don't try to login with zero scenarios (#627) @buixor
• skip empty lines to avoid issue of #630 (#631) @buixor
• only set logfile dir if media is file (#615) @buixor
• fix races + significantly improve crowdsec forensic mode shutdown speed (#633) @registergoofy

Changes

• Update bouncer_machine_management.md (#614) @KINGMilo
• Doc improvements (#644) @buixor

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Upgrading installation

Take a look at the upgrade instructions or installation instructions.

v1.0.7

Changes

Improvements

• allow environment variable in configuration file (#601) @AlteredCoder
• update docker image + documentation (#602) @erenJag
• Add use_forwarded_for_headers configuration option for LAPI (#610) @blotus

Bug fixes

• Fix: typo in apic.go logs (#592) @sbs2001
• Fix: default configurations (#597) @buixor
• create crowdsec group for metabase and crowdsec.db (#606) @AlteredCoder
• fix stack trace when missing cscli in config file (#607) @AlteredCoder
• don't load lapi creds when running only api (#608) @AlteredCoder

Various

• update go.mod (#580) @AlteredCoder
• add link to exported fields in write configuration documentation (#584) @AlteredCoder
• add answer to #589 to FAQ (#590) @buixor
• add two options: configure and noop (#591) @registergoofy
• Docs: Correct link in README for installation via source (#593) @sbs2001
• Documentation update (#596) @JeanDevaux
• Update grammar of index.md for localAPI docs (#598) @KINGMilo
• remove help message backup/restore in wizard (#612) @AlteredCoder

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Upgrading installation

Take a look at the upgrade instructions or installation instructions.

v1.0.6

Changes

Improvements

• allow environment variable in configuration file (#601) @AlteredCoder
• add two options: configure and noop (#591) @registergoofy
• update go.mod (#580) @AlteredCoder

Bug fixes

• Fix: enable items when upgrading a collection (#599) @AlteredCoder
• Fix: default configurations (#597) @buixor
• Fix: typo in apic.go logs (#592) @sbs2001

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Upgrading installation

Take a look at the upgrade instructions or installation instructions.

v1.0.5

Changes

• Update grammar of index.md for localAPI docs (#598) @KINGMilo
• update go.mod (#580) @AlteredCoder
• Fix default configurations (#597) @buixor
• Documentation update (#596) @JeanDevaux
• Docs: Correct link in README for installation via source (#593) @sbs2001
• Fix typo in apic.go logs (#592) @sbs2001
• add two options: configure and noop (#591) @registergoofy
• add answer to #589 to FAQ (#590) @buixor
• add link to exported fields in write configuration documentation (#584) @AlteredCoder

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Upgrading installation

Take a look at the upgrade instructions or installation instructions.

v1.0.4

Changes

Improvements

• fix ipv6 operations & allow iner/outer range search (#567) @AlteredCoder
• wizard : enable detection of httpd (#512) @sbs2001 (centos)
• wizard : improve upgrade (#542) @erenJag

Bug fixes

• fix jwt token desynchronization between crowdsec and lapi (#572) @buixor
• wizard: don't force --binupgrade when upgrading a patch
• cscli dashboard create : drop the platform argument to avoid being compatible ONLY with API 1.41 (#582) @buixor

Various

• Sanitize id from either source (#568) @srcr (BSD support)
• MAKE is now a variable (#569) @srcr (BSD support)
• go mod tidy (#566) @buixor
• Update copyright year (#565) @registergoofy
• Fix docker library used by cscli dashboard (#563) @AlteredCoder
• jwt token generation improvement (#557) @registergoofy
• Remove usage of tachymeter (#561) @buixor
• Add doc on how to contribute bouncers (#560) @buixor
• Update docker doc for database persistence (#551) @thelittlefireman
• Tor doc : add http as well (#547) @buixor
• Add tests for wizard upgrade (#545) @AlteredCoder
• Document how to use it with tor (#546) @buixor
• Delete old/empty docs (#544) @buixor
• Update documentation for upgrade (#543) @buixor
• Fix bugs in wizard and cscli (#577) @AlteredCoder
• add useful links in the wizard (#576) @AlteredCoder
• Update db schema in documentation (#575) @AlteredCoder

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Upgrading installation

Take a look at the upgrade instructions or installation instructions.

v1.0.3

Changes

Improvements

• fix ipv6 operations & allow iner/outer range search (#567) @AlteredCoder
• wizard : enable detection of httpd (#512) @sbs2001 (centos)
• wizard : improve upgrade (#542) @erenJag

Bug fixes

• fix jwt token desynchronization between crowdsec and lapi (#572) @buixor
• wizard: don't force --binupgrade when upgrading a patch

Various

• Sanitize id from either source (#568) @srcr (BSD support)
• MAKE is now a variable (#569) @srcr (BSD support)
• go mod tidy (#566) @buixor
• Update copyright year (#565) @registergoofy
• Fix docker library used by cscli dashboard (#563) @AlteredCoder
• jwt token generation improvement (#557) @registergoofy
• Remove usage of tachymeter (#561) @buixor
• Add doc on how to contribute bouncers (#560) @buixor
• Update docker doc for database persistence (#551) @thelittlefireman
• Tor doc : add http as well (#547) @buixor
• Add tests for wizard upgrade (#545) @AlteredCoder
• Document how to use it with tor (#546) @buixor
• Delete old/empty docs (#544) @buixor
• Update documentation for upgrade (#543) @buixor

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Upgrading installation

Take a look at the upgrade instructions or installation instructions.

v1.0.2

Changes

• fix the config backup/restore feature for tainted configurations (#541) @buixor

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

v1.0.1

Changes

Bug fixes

• Handle broken pipe errors in local API (#538) @buixor
• Update systemctl env to use default LANG (#535) @AlteredCoder
• Export node logger (needed for hub CI) (#537) @registergoofy
• Avoid pushing signals from local/tainted scenarios (#536) @buixor
• Deal with LAPI down : ensure client will reauthenticate (#527) @buixor
• Fix cscli hub upgrade (#534) @AlteredCoder
• Fix --all flags for cscli [item] upgrade (#534) @AlteredCoder
• Fix localhost confusion (localhost vs 127.0.0.1) (#522) @erenJag
• Don't trash bouncer configuration on wizard.sh --upgrade (#522) @erenJag
• Early hub CI integration (#521) @registergoofy
• Fix prometheus URL used by cscli (#520) @AlteredCoder

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

v1.0.0

Changes from v0.3.X to v1.0.0

---

Local API

• Crowdsec now expose an API. Crowdsec will send Alerts (triggered scenarios) to this API, which will handle decisions (with profiles). All bouncers will have to query this API to know if an IP should be blocked or not.
• This change brings the following possibilities:
  • Multiple crowdsec can share their decisions by sending their alerts to the same API endpoint, instead of using a network database.
  • Bouncers will now have to only make a HTTP request to know if an IP is blocked or not, instead of supporting all kind of databases.
  • The pull of bad IPs from Crowdsec Central API will now be done periodically by the API in the background, instead of being done in a cronjob.
• Local & Central API documentation

Journald

• Crowdsec supports journald datasource (via journalctl_filter)

cscli

• we now follow the cscli <domain> <action> logic :

cscli install scenario crowdsecurity/ssh-bf becomes cscli scenarios install crowdsecurity/ssh-bf

• new commands have been added

  • bouncers : Manage bouncers. You will have to use this command to generate an API Token for your bouncer or list bouncers.
  • capi : To register/check status to Central Crowdsec API.
  • hub : To update the hub cache, and see installed configurations from the hub.
  • lapi : To register/check status to a crowdsec API.
  • machines : Manage machines registered to the API. Create/Delete/List machines.

• You can now see more information about an Alert with cscli alerts inspect <alert_id>:

Runtime Object changes

• SignalOccurences and ban are replaced by Alerts and Decisions :
  • Alert : An alert generated by a triggered scenario (for history)
  • Decision : A remediation (ban, captcha, mfa ...) to apply during a period defined in the profile configuration

Note: The object exposed in the profile.yaml (Sig) become Alert

Improvements

• Improve dashboard management. Now username and password are stored locally so you don't have to recreate the dashboard if you lost your password
• Improve dashboards and their graph
• Better handling of stack trace
• Usage of pagination for database interaction (create, select ...) for better performance and to avoid SQL errors
• cscli alerts list (previous cscli ban list) is now faster with big database

Bug fixes

• Parser node evaluation order, where sub node were evaluated before the root one.
• Crowdsec exited when the geoip enrichment failed
• Fix a bug in cscli inspect <scenario> where the scenario belong to multiple collections
• Fix range deletion with cscli

Changes from last release candidate

• change the hub branch for the upcoming release (#513) @buixor
• improve docs (#511) @AlteredCoder
• cscli: fix bug in restore command (#510) @erenJag
• update prometheus doc (#509) @erenJag
• Faq metabase (#508) @AlteredCoder
• Add ci docker push (#504) @erenJag
• rename username by machine (#506) @AlteredCoder
• Fix a crash (#503) @registergoofy
• allow to specify username when register to lapi (#505) @AlteredCoder
• fix cscli remove (#501) @erenJag

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Migration

Have a look at the migration tutorial !

v1.0.0-rc5

Changes

• fix & improve collections remove + improve cscli args vars (#498) @erenJag
• Fix overflows of overflows requesting for different decision scope (#499) @buixor
• Fix documentation errors (#496) @AlteredCoder
• improve error management of cscli bouncers add (#495) @buixor
• Doc fix install (#494) @buixor
• Improve create alerts input (#493) @erenJag
• add info message when there is no hub index (#492) @erenJag
• doc update (#491) @buixor

Geolite2 notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.