Ns8-crowdsec - limited domain levels in allow list

dnutan · April 8, 2024, 7:23pm

ns8-crowdsec v1.0.7-dev.4

It doesn’t affect me but just a small issue I noticed last weekend (unless the intention is just to allow main domains).
FQDN validation is limited to three levels.

imatge

LayLow · April 8, 2024, 7:49pm

Interesting, made me read this Fully qualified domain name - Wikipedia

So it seems we have a FQDN in DNS and in Human readable terms?

stephdl · April 9, 2024, 6:51am

hello

could you test

add-module ghcr.io/nethserver/crowdsec:validatetextarea

github.com/NethServer/ns8-crowdsec

Validate textarea against FQDN

NethServer:main ← NethServer:ValidateTextarea

opened 06:48AM - 09 Apr 24 UTC

stephdl

+36 -75

see https://community.nethserver.org/t/ns8-crowdsec-limited-domain-levels-in-all…ow-list/23301 the regex seems to validate at least 3 strings for a fqdn, we need to validate more than `foo.joe.com`. Furthermore @DavidePrincipi asked to validate everything in the json schema rather in the UI Refs https://github.com/NethServer/dev/issues/6900 what I learn: - idn-email json schema accepts really fun email address : https://en.wikipedia.org/wiki/Email_address#Internationalization - hostname accepts 1.2.3.450 as a valid hostname, hard to validate ipv4, I needed to make a regex to validate hostname - format ipv4 does not validate cidr ipv4 (I did a regex to validate a cidr ipv4) - format ipv6 does not validate cidr ipv6 (I did a regex to validate both) - empty array must be validated to :p now we have a full json schema validation, nothing more in UI ![Capture d’écran du 2024-04-09 13-01-29](https://github.com/NethServer/ns8-crowdsec/assets/3164851/528d9741-7f36-43c3-a506-e955f56047f9) ![Capture d’écran du 2024-04-09 13-01-44](https://github.com/NethServer/ns8-crowdsec/assets/3164851/052df608-0672-464f-9657-e65c6087b418) ![Capture d’écran du 2024-04-09 13-01-58](https://github.com/NethServer/ns8-crowdsec/assets/3164851/6108e3b5-84fb-4aa5-b8a9-49da66a8c45e) ![image](https://github.com/NethServer/ns8-crowdsec/assets/3164851/e65eb58f-2058-4a9b-81ba-2263714e7c8e) the test data ``` 10.10.10.0/24 2002::1234:abcd:ffff:c0a8:101/64 2002:0000:0000:1234:ffff:ffff:ffff:ffff 1.2.3.44 foo.org foo.foo.org 12123564.org ```

dnutan · April 9, 2024, 12:16pm

Tested and the fix is working!

stephdl · April 9, 2024, 12:18pm

thank, @davidep asked me to do differently, I will ping you asap if you could verify it

davidep · April 9, 2024, 4:14pm

The module version for testing is 1.0.7-dev.5. Install it with

add-module ghcr.io/nethserver/crowdsec:1.0.7-dev.5 1

Replace the trailing 1 with the preferred node ID.

Update existing installations with

api-cli run update-module --data '{"module_url":"ghcr.io/nethserver/crowdsec:1.0.7-dev.5","instances":["crowdsec1"]}'

Replace crowdsec1 with the relevant module ID.

Frontend validation was replaced by the API validator, implemented with JSON schema.

there is an open issue with the container implementation: if restarted frequently it might hit a GeoIP DB download limit

dnutan · April 9, 2024, 6:41pm

Tested and works.

stephdl · April 10, 2024, 2:04pm

the geo_ip downloaded is done just one time a the installation, it might happen every 15 days when we trigger a hub update

Maybe I played too much with the crowdsec installation, however it is a dev and tester issue, be aware

davidep · April 10, 2024, 2:07pm

Thank you all, version 1.0.7 is now publicly available!

BTW it seems there’s an ongoing upstream issue. Installation fails

Running: cscli  parsers install "crowdsecurity/docker-logs" 
time="2024-04-10T14:08:28Z" level=fatal msg="error while installing 'crowdsecurity/docker-logs': while downloading crowdsecurity/docker-logs: Get \"https://hub-cdn.crowdsec.net/master/parsers/s00-raw/crowdsecurity/docker-logs.yaml\": read tcp [2a03:b0c0:3:d0::1a24:9001]:59728->[2600:9000:223c:da00:16:30f4:d640:93a1]:443: read: connection reset by peer"

connection reset by peer

In similar cases

remove the module
try to reinstall