cs-nginx-bouncer icon indicating copy to clipboard operation
cs-nginx-bouncer copied to clipboard

Published 20 hours ago verified publisher icon crowdsecurity

crowdsec-nginx-bouncer conflict with nginx-common

Open marcolefo opened this issue 2 years ago • 3 comments

What happened?

Hi. I have tried to install crowdsec-nginx-bouncer on debian 11 with nginx installed. APT make a conflict with nginx-common.

# apt install crowdsec-nginx-bouncer
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances... Fait
Lecture des informations d'état... Fait      
Certains paquets ne peuvent être installés. Ceci peut signifier
que vous avez demandé l'impossible, ou bien, si vous utilisez
la distribution unstable, que certains paquets n'ont pas encore
été créés ou ne sont pas sortis d'Incoming.
L'information suivante devrait vous aider à résoudre la situation : 

Les paquets suivants contiennent des dépendances non satisfaites :
 nginx : Est en conflit avec: nginx-common mais 1.18.0-6.1+deb11u2 devra être installé
E: Erreur, pkgProblem::Resolve a généré des ruptures, ce qui a pu être causé par les paquets devant être gardés en l'état

What did you expect to happen?

Nginx bouncer install with apt

How can we reproduce it (as minimally and precisely as possible)?

apt install crowdsec-nginx-bouncer on debian 11

Anything else we need to know?

nginx/stable,now 1.23.2-1~bullseye amd64 [installé] high performance web server

Crowdsec version

$ cscli version
# paste output here
2022/10/24 18:21:17 version: v1.4.1-debian-pragmatic-e1954adc325baa9e3420c324caabd50b7074dd77
2022/10/24 18:21:17 Codename: alphaga
2022/10/24 18:21:17 BuildDate: 2022-07-25_09:20:06
2022/10/24 18:21:17 GoVersion: 1.17.5
2022/10/24 18:21:17 Platform: linux
2022/10/24 18:21:17 Constraint_parser: >= 1.0, <= 2.0
2022/10/24 18:21:17 Constraint_scenario: >= 1.0, < 3.0
2022/10/24 18:21:17 Constraint_api: v1
2022/10/24 18:21:17 Constraint_acquis: >= 1.0, < 2.0

OS version

# On Linux:
$ cat /etc/os-release
# paste output here
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
$ uname -a
# paste output here
Linux priva 5.10.0-13-amd64 crowdsecurity/crowdsec#1 SMP Debian 5.10.106-1 (2022-03-17) x86_64 GNU/Linux

Enabled collections and parsers

$ cscli hub list -o raw
# paste output here
crowdsecurity/base-http-scenarios,enabled,0.6,http common : scanners detection,collections
crowdsecurity/http-cve,enabled,1.6,,collections
crowdsecurity/iptables,enabled,0.1,iptables support : logs and port-scans detection scenarios,collections
crowdsecurity/linux,enabled,0.2,core linux support : syslog+geoip+ssh,collections
crowdsecurity/nginx,enabled,0.2,nginx support : parser and generic http scenarios,collections
crowdsecurity/sshd,enabled,0.2,sshd support : parser and brute-force detection,collections
crowdsecurity/dateparse-enrich,enabled,0.2,,parsers
crowdsecurity/geoip-enrich,enabled,0.2,"Populate event with geoloc info : as, country, coords, source range.",parsers
crowdsecurity/http-logs,enabled,0.8,"Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource",parsers
crowdsecurity/iptables-logs,enabled,0.3,Parse iptables drop logs,parsers
crowdsecurity/nginx-logs,enabled,1.3,Parse nginx access and error logs,parsers
crowdsecurity/sshd-logs,enabled,2.0,Parse openSSH logs,parsers
crowdsecurity/syslog-logs,enabled,0.8,,parsers
crowdsecurity/whitelists,enabled,0.2,Whitelist events from private ipv4 addresses,parsers
crowdsecurity/CVE-2022-26134,enabled,0.1,Detect CVE-2022-26134 exploits,scenarios
crowdsecurity/CVE-2022-35914,enabled,0.1,Detect CVE-2022-35914 exploits,scenarios
crowdsecurity/CVE-2022-37042,enabled,0.1,Detect CVE-2022-37042 exploits,scenarios
crowdsecurity/CVE-2022-40684,enabled,0.2,Detect cve-2022-40684 exploitation attempts,scenarios
crowdsecurity/CVE-2022-41082,enabled,0.3,Detect CVE-2022-41082 exploits,scenarios
crowdsecurity/CVE-2022-42889,enabled,0.2,Detect CVE-2022-42889 exploits (Text4Shell),scenarios
crowdsecurity/apache_log4j2_cve-2021-44228,enabled,0.4,Detect cve-2021-44228 exploitation attemps,scenarios
crowdsecurity/f5-big-ip-cve-2020-5902,enabled,0.1,Detect cve-2020-5902 exploitation attemps,scenarios
crowdsecurity/fortinet-cve-2018-13379,enabled,0.2,Detect cve-2018-13379 exploitation attemps,scenarios
crowdsecurity/grafana-cve-2021-43798,enabled,0.1,Detect cve-2021-43798 exploitation attemps,scenarios
crowdsecurity/http-backdoors-attempts,enabled,0.2,Detect attempt to common backdoors,scenarios
crowdsecurity/http-bad-user-agent,enabled,0.7,Detect bad user-agents,scenarios
crowdsecurity/http-crawl-non_statics,enabled,0.3,Detect aggressive crawl from single ip,scenarios
crowdsecurity/http-cve-2021-41773,enabled,0.1,cve-2021-41773,scenarios
crowdsecurity/http-cve-2021-42013,enabled,0.1,cve-2021-42013,scenarios
crowdsecurity/http-generic-bf,enabled,0.2,Detect generic http brute force,scenarios
crowdsecurity/http-open-proxy,enabled,0.3,Detect scan for open proxy,scenarios
crowdsecurity/http-path-traversal-probing,enabled,0.2,Detect path traversal attempt,scenarios
crowdsecurity/http-probing,enabled,0.2,Detect site scanning/probing from a single ip,scenarios
crowdsecurity/http-sensitive-files,enabled,0.2,"Detect attempt to access to sensitive files (.log, .db ..) or folders (.git)",scenarios
crowdsecurity/http-sqli-probing,enabled,0.2,A scenario that detects SQL injection probing with minimal false positives,scenarios
crowdsecurity/http-xss-probing,enabled,0.2,A scenario that detects XSS probing with minimal false positives,scenarios
crowdsecurity/iptables-scan-multi_ports,enabled,0.1,ban IPs that are scanning us,scenarios
crowdsecurity/jira_cve-2021-26086,enabled,0.1,Detect Atlassian Jira CVE-2021-26086 exploitation attemps,scenarios
crowdsecurity/nginx-req-limit-exceeded,enabled,0.1,Detects IPs which violate nginx's user set request limit.,scenarios
crowdsecurity/pulse-secure-sslvpn-cve-2019-11510,enabled,0.2,Detect cve-2019-11510 exploitation attemps,scenarios
crowdsecurity/spring4shell_cve-2022-22965,enabled,0.2,Detect cve-2022-22965 probing,scenarios
crowdsecurity/ssh-bf,enabled,0.1,Detect ssh bruteforce,scenarios
crowdsecurity/ssh-slow-bf,enabled,0.2,Detect slow ssh bruteforce,scenarios
crowdsecurity/thinkphp-cve-2018-20062,enabled,0.3,Detect ThinkPHP CVE-2018-20062 exploitation attemps,scenarios
crowdsecurity/vmware-cve-2022-22954,enabled,0.2,Detect Vmware CVE-2022-22954 exploitation attempts,scenarios
crowdsecurity/vmware-vcenter-vmsa-2021-0027,enabled,0.1,Detect VMSA-2021-0027 exploitation attemps,scenarios
ltsich/http-w00tw00t,enabled,0.1,detect w00tw00t,scenarios

Acquisition config

```console # On Linux: $ cat /etc/crowdsec/acquis.yaml /etc/crowdsec/acquis.d/* #Generated acquisition file - wizard.sh (service: nginx) / files : /var/log/nginx/access.log /var/log/nginx/error.log filenames: - /var/log/nginx/access.log - /var/log/nginx/error.log labels: type: nginx --- #Generated acquisition file - wizard.sh (service: sshd) / files : /var/log/auth.log filenames: - /var/log/auth.log labels: type: syslog --- #Generated acquisition file - wizard.sh (service: linux) / files : /var/log/syslog /var/log/kern.log /var/log/messages filenames: - /var/log/syslog - /var/log/kern.log - /var/log/messages labels: type: syslog --- cat: '/etc/crowdsec/acquis.d/*': Aucun fichier ou dossier de ce type ```

Config show

$ cscli config show
Global:
   - Configuration Folder   : /etc/crowdsec
   - Data Folder            : /var/lib/crowdsec/data
   - Hub Folder             : /etc/crowdsec/hub
   - Simulation File        : /etc/crowdsec/simulation.yaml
   - Log Folder             : /var/log/
   - Log level              : info
   - Log Media              : file
Crowdsec:
  - Acquisition File        : /etc/crowdsec/acquis.yaml
  - Parsers routines        : 1
cscli:
  - Output                  : human
  - Hub Branch              : 
  - Hub Folder              : /etc/crowdsec/hub
Local API Server:
  - Listen URL              : 127.0.0.1:8080
  - Profile File            : /etc/crowdsec/profiles.yaml
  - Trusted IPs: 
      - 127.0.0.1
      - ::1
  - Database:
      - Type                : sqlite
      - Path                : /var/lib/crowdsec/data/crowdsec.db
      - Flush age           : 7d
      - Flush size          : 5000

Prometheus metrics

$ cscli metrics
INFO[24-10-2022 06:25:34 PM] Acquisition Metrics:                         
+--------------------------------+------------+--------------+----------------+------------------------+
|             SOURCE             | LINES READ | LINES PARSED | LINES UNPARSED | LINES POURED TO BUCKET |
+--------------------------------+------------+--------------+----------------+------------------------+
| file:/var/log/auth.log         | 47         | -            | 47             | -                      |
| file:/var/log/nginx/access.log | 100        | -            | 100            | -                      |
| file:/var/log/nginx/error.log  | 8          | 1            | 7              | -                      |
| file:/var/log/syslog           | 220        | -            | 220            | -                      |
+--------------------------------+------------+--------------+----------------+------------------------+
INFO[24-10-2022 06:25:34 PM] Parser Metrics:                              
+---------------------------------+------+--------+----------+
|             PARSERS             | HITS | PARSED | UNPARSED |
+---------------------------------+------+--------+----------+
| child-crowdsecurity/http-logs   | 3    | 2      | 1        |
| child-crowdsecurity/nginx-logs  | 216  | 1      | 215      |
| child-crowdsecurity/syslog-logs | 267  | 267    | -        |
| crowdsecurity/dateparse-enrich  | 1    | 1      | -        |
| crowdsecurity/geoip-enrich      | 1    | 1      | -        |
| crowdsecurity/http-logs         | 1    | 1      | -        |
| crowdsecurity/nginx-logs        | 108  | 1      | 107      |
| crowdsecurity/non-syslog        | 108  | 108    | -        |
| crowdsecurity/syslog-logs       | 267  | 267    | -        |
| crowdsecurity/whitelists        | 1    | 1      | -        |
+---------------------------------+------+--------+----------+
INFO[24-10-2022 06:25:34 PM] Local Api Metrics:                           
+----------------------+--------+------+
|        ROUTE         | METHOD | HITS |
+----------------------+--------+------+
| /v1/decisions/stream | GET    | 147  |
| /v1/heartbeat        | GET    | 24   |
| /v1/watchers/login   | POST   | 2    |
+----------------------+--------+------+
INFO[24-10-2022 06:25:34 PM] Local Api Machines Metrics:                  
+--------------------------------------------------+---------------+--------+------+
|                     MACHINE                      |     ROUTE     | METHOD | HITS |
+--------------------------------------------------+---------------+--------+------+
| 12682ae530ad484b8b75a4e8530006f3OMI9GtafOS2NgYFi | /v1/heartbeat | GET    | 24   |
+--------------------------------------------------+---------------+--------+------+
INFO[24-10-2022 06:25:34 PM] Local Api Bouncers Metrics:                  
+----------------------------+----------------------+--------+------+
|          BOUNCER           |        ROUTE         | METHOD | HITS |
+----------------------------+----------------------+--------+------+
| FirewallBouncer-1666627267 | /v1/decisions/stream | GET    | 147  |
+----------------------------+----------------------+--------+------+

Related custom configs versions (if applicable) : notification plugins, custom scenarios, parsers etc.

marcolefo avatar Oct 24 '22 16:10 marcolefo

Transferring to cs-nginx-bouncer repository

LaurenceJJones avatar Oct 25 '22 07:10 LaurenceJJones

I'm running into the same issue.

nginx 1.22.1 from the official Nginx repo.

image

vmstan avatar Feb 01 '23 01:02 vmstan

Same problem here, still no nginx-common=1.24 on debian 11

Ashitaka57 avatar Oct 04 '23 09:10 Ashitaka57