Skip to content

Commit

Permalink
crowdsec: add IP whitelist parser configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
saltydk committed Oct 5, 2024
1 parent 5fbad01 commit 461406f
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 0 deletions.
4 changes: 4 additions & 0 deletions roles/crowdsec/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,10 @@ crowdsec_prometheus_listen_port: "6060"

# Takes a list of exact router names to ignore when parsing Traefik access logs.
crowdsec_whitelisted_routers: []
# Takes list of specific IPs
crowdsec_whitelisted_ips: []
# Takes list of CIDR notation IP ranges
crowdsec_whitelisted_cidrs: []

################################
# Lookups
Expand Down
9 changes: 9 additions & 0 deletions roles/crowdsec/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,15 @@
group: "root"
mode: "0600"

- name: Import 'saltbox-ip-whitelist.yml'
ansible.builtin.template:
src: saltbox-ip-whitelist.yml.j2
dest: "/etc/crowdsec/parsers/s02-enrich/saltbox-ip-whitelist.yml"
owner: "root"
group: "root"
mode: "0600"
when: (crowdsec_whitelisted_ips | length > 0) or (crowdsec_whitelisted_cidrs | length > 0)

- name: Enable and restart 'crowdsec' service
ansible.builtin.systemd_service:
name: crowdsec
Expand Down
16 changes: 16 additions & 0 deletions roles/crowdsec/templates/saltbox-ip-whitelist.yml.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: saltbox/ip-whitelist
description: "Whitelist events from my ip addresses"
whitelist:
reason: "my ip ranges"
{% if crowdsec_whitelisted_ips | length > 0 %}
ip:
{% for item in crowdsec_whitelisted_ips %}
- "{{ item }}"
{% endfor %}
{% endif %}
{% if crowdsec_whitelisted_cidrs | length > 0 %}
cidr:
{% for item in crowdsec_whitelisted_cidrs %}
- "{{ item }}"
{% endfor %}
{% endif %}

0 comments on commit 461406f

Please sign in to comment.