#!/bin/bash # Category : Security # Description : CrowdSec - Intrusion Prevention (c/u/s/r/i): # # Host-installed agent (apt + systemd) — no Docker container. Host install # logic lives in scripts/crowdsec_install_host.sh (installCrowdsecHost) beside # this file; install registration uses the shared hostAppInstall helper # (scripts/install/host_app.sh). uninstall/stop/restartCrowdsec (below) are the # host-side hooks dockerUninstallApp / dockerStopApp / dockerRestartApp invoke. installCrowdsec() { local config_variables="$1" if [[ "$crowdsec" == *[cCtTuUsSrRiI]* ]]; then dockerConfigSetupToContainer silent crowdsec; initializeAppVariables "$CFG_CROWDSEC_APP_NAME"; fi local app_name=$CFG_CROWDSEC_APP_NAME if [[ "$crowdsec" == *[cC]* ]]; then editAppConfig $app_name; fi # Uninstall / stop / restart are NOT dispatched here — the CLI and menu call # dockerUninstallApp / dockerStopApp / dockerRestartApp directly. Those run # the generic docker teardown (a no-op for a host app) and then invoke the # uninstall/stop/restartCrowdsec hooks (bottom of this file) for the # host-side work. if [[ "$crowdsec" == *[iI]* ]]; then installCrowdsecHost; if command -v cscli >/dev/null 2>&1; then # Register crowdsec as an installed host app — apps DB row + WebUI regen. hostAppInstall "$app_name"; # Monitoring: gather crowdsec's scrape fragment + Grafana dashboards # into Prometheus/Grafana. Run unconditionally — the refresh is # self-correcting (adds when CFG_CROWDSEC_MONITORING=true, removes # crowdsec's entry when it's been toggled off). No-ops with a notice # when Prometheus/Grafana aren't installed. monitoringRefreshAll; else isNotice "cscli missing — crowdsec host install did not complete. Skipping registration." fi fi } # Host-side uninstall, invoked by dockerUninstallApp's uninstall hook. # dockerUninstallApp already handles the generic teardown (data dir, DB rows, # WebUI regen) — this does what the generic path can't: stopping + purging the # apt packages and detaching the log bind-mounts. uninstallCrowdsec() { ((menu_number++)) echo "" echo "---- $menu_number. Stopping CrowdSec host services." echo "" local result; result=$(runSystem systemctl disable --now crowdsec-firewall-bouncer 2>&1) checkSuccess "Disabling firewall bouncer" local result; result=$(runSystem systemctl disable --now crowdsec 2>&1) checkSuccess "Disabling agent" ((menu_number++)) echo "" echo "---- $menu_number. Removing CrowdSec packages." echo "" local result; result=$(runSystem DEBIAN_FRONTEND=noninteractive apt-get purge -y -q crowdsec crowdsec-firewall-bouncer-nftables &1) checkSuccess "Purged packages" local result; result=$(runSystem DEBIAN_FRONTEND=noninteractive apt-get autoremove -y -q &1) checkSuccess "Removed orphaned dependencies" crowdsecToggleLibrePortalLogMounts off } # Host-side stop, invoked by dockerStopApp's stop hook. crowdsec ships no # docker container, so dockerStopApp is a no-op — this stops the host agent + # bouncer. The package stays installed; only Uninstall removes it. stopCrowdsec() { isNotice "Stopping CrowdSec host services..." local result; result=$(runSystem systemctl stop crowdsec-firewall-bouncer 2>&1) checkSuccess "Stopped firewall bouncer" local result; result=$(runSystem systemctl stop crowdsec 2>&1) checkSuccess "Stopped agent" } # Host-side restart, invoked by dockerRestartApp's restart hook. crowdsec # ships no docker container, so dockerRestartApp is a no-op — this restarts the # host agent + bouncer. restartCrowdsec() { isNotice "Restarting CrowdSec host services..." local result; result=$(runSystem systemctl restart crowdsec 2>&1) checkSuccess "Restarted agent" local result; result=$(runSystem systemctl restart crowdsec-firewall-bouncer 2>&1) checkSuccess "Restarted firewall bouncer" }