github.com/crowdsecurity/crowdsec@v1.6.1/pkg/cwhub/doc.go

github.com/crowdsecurity/crowdsec@v1.6.1/pkg/cwhub/doc.go (about)

     1  // Package cwhub is responsible for installing and upgrading the local hub files for CrowdSec.
     2  //
     3  // # Definitions
     4  //
     5  //  - A hub ITEM is a file that defines a parser, a scenario, a collection... in the case of a collection, it has dependencies on other hub items.
     6  //  - The hub INDEX is a JSON file that contains a tree of available hub items.
     7  //  - A REMOTE HUB is an HTTP server that hosts the hub index and the hub items. It can serve from several branches, usually linked to the CrowdSec version.
     8  //  - A LOCAL HUB is a directory that contains a copy of the hub index and the downloaded hub items.
     9  //
    10  // Once downloaded, hub items can be installed by linking to them from the configuration directory.
    11  // If an item is present in the configuration directory but it's not a link to the local hub, it is
    12  // considered as a LOCAL ITEM and won't be removed or upgraded.
    13  //
    14  // # Directory Structure
    15  //
    16  // A typical directory layout is the following:
    17  //
    18  // For the local hub (HubDir = /etc/crowdsec/hub):
    19  //
    20  //  - /etc/crowdsec/hub/.index.json
    21  //  - /etc/crowdsec/hub/parsers/{stage}/{author}/{parser-name}.yaml
    22  //  - /etc/crowdsec/hub/scenarios/{author}/{scenario-name}.yaml
    23  //
    24  // For the configuration directory (InstallDir = /etc/crowdsec):
    25  //
    26  //  - /etc/crowdsec/parsers/{stage}/{parser-name.yaml} -> /etc/crowdsec/hub/parsers/{stage}/{author}/{parser-name}.yaml
    27  //  - /etc/crowdsec/scenarios/{scenario-name.yaml} -> /etc/crowdsec/hub/scenarios/{author}/{scenario-name}.yaml
    28  //  - /etc/crowdsec/scenarios/local-scenario.yaml
    29  //
    30  // Note that installed items are not grouped by author, this may change in the future if we want to
    31  // support items with the same name from different authors.
    32  //
    33  // Only parsers and postoverflows have the concept of stage.
    34  //
    35  // Additionally, an item can reference a DATA SET that is installed in a different location than
    36  // the item itself. These files are stored in the data directory (InstallDataDir = /var/lib/crowdsec/data).
    37  //
    38  //  - /var/lib/crowdsec/data/http_path_traversal.txt
    39  //  - /var/lib/crowdsec/data/jira_cve_2021-26086.txt
    40  //  - /var/lib/crowdsec/data/log4j2_cve_2021_44228.txt
    41  //  - /var/lib/crowdsec/data/sensitive_data.txt
    42  //
    43  //
    44  // # Using the package
    45  //
    46  // The main entry point is the Hub struct. You can create a new instance with NewHub().
    47  // This constructor takes three parameters, but only the LOCAL HUB configuration is required:
    48  //
    49  //	import (
    50  //		"fmt"
    51  //		"github.com/crowdsecurity/crowdsec/pkg/csconfig"
    52  //		"github.com/crowdsecurity/crowdsec/pkg/cwhub"
    53  //	)
    54  //
    55  //	localHub := csconfig.LocalHubCfg{
    56  //		HubIndexFile:	"/etc/crowdsec/hub/.index.json",
    57  //		HubDir:		"/etc/crowdsec/hub",
    58  //		InstallDir:	"/etc/crowdsec",
    59  //		InstallDataDir: "/var/lib/crowdsec/data",
    60  //	}
    61  //	hub, err := cwhub.NewHub(localHub, nil, false)
    62  //	if err != nil {
    63  //		return fmt.Errorf("unable to initialize hub: %w", err)
    64  //	}
    65  //
    66  // Now you can use the hub to access the existing items:
    67  //
    68  //	// list all the parsers
    69  //	for _, parser := range hub.GetItemMap(cwhub.PARSERS) {
    70  //		fmt.Printf("parser: %s\n", parser.Name)
    71  //	}
    72  //
    73  //	// retrieve a specific collection
    74  //	coll := hub.GetItem(cwhub.COLLECTIONS, "crowdsecurity/linux")
    75  //	if coll == nil {
    76  //		return fmt.Errorf("collection not found")
    77  //	}
    78  //
    79  // You can also install items if they have already been downloaded:
    80  //
    81  // 	// install a parser
    82  // 	force := false
    83  // 	downloadOnly := false
    84  // 	err := parser.Install(force, downloadOnly)
    85  // 	if err != nil {
    86  // 		return fmt.Errorf("unable to install parser: %w", err)
    87  // 	}
    88  //
    89  // As soon as you try to install an item that is not downloaded or is not up-to-date (meaning its computed hash
    90  // does not correspond to the latest version available in the index), a download will be attempted and you'll
    91  // get the error "remote hub configuration is not provided".
    92  //
    93  // To provide the remote hub configuration, use the second parameter of NewHub():
    94  //
    95  // 	remoteHub := cwhub.RemoteHubCfg{
    96  //		URLTemplate: "https://hub-cdn.crowdsec.net/%s/%s",
    97  //		Branch: "master",
    98  //		IndexPath: ".index.json",
    99  //	}
   100  //	updateIndex := false
   101  //	hub, err := cwhub.NewHub(localHub, remoteHub, updateIndex)
   102  //	if err != nil {
   103  //		return fmt.Errorf("unable to initialize hub: %w", err)
   104  //	}
   105  //
   106  // The URLTemplate is a string that will be used to build the URL of the remote hub. It must contain two
   107  // placeholders: the branch and the file path (it will be an index or an item).
   108  //
   109  // Setting the third parameter to true will download the latest version of the index, if available on the
   110  // specified branch.
   111  // There is no exported method to update the index once the hub struct is created.
   112  //
   113  package cwhub