crowdsec: add profiles/profiles.yaml

caddy/Caddyfile

@@ -53,12 +53,10 @@
 {$GITEA_DOMAIN} {
     import access-log
     request_body {
-        max_size 2048MB
+        max_size 512MB
     }
-    @not_registry not path /v2/*
     route {
-        crowdsec
+        import security
-        appsec @not_registry
         reverse_proxy http://gitea:3000 {
             header_up Host {http.request.host}
         }

crowdsec/.env.example

@@ -4,7 +4,6 @@
 # and in caddy/.env (CADDY) and the host firewall bouncer config (FW).
 CROWDSEC_BOUNCER_KEY_CADDY=
 CROWDSEC_BOUNCER_KEY_FW=
-CROWDSEC_BOUNCER_KEY_EXPORTER=
 
 ############# Console enrollment #############
 # Enroll key from https://app.crowdsec.net (free).

crowdsec/docker-compose.yaml

@@ -26,7 +26,6 @@ services:
         Dominic-Wagner/vaultwarden
       BOUNCER_KEY_caddy: "${CROWDSEC_BOUNCER_KEY_CADDY}"
       BOUNCER_KEY_firewall: "${CROWDSEC_BOUNCER_KEY_FW}"
-      BOUNCER_KEY_exporter: "${CROWDSEC_BOUNCER_KEY_EXPORTER}"
       ENROLL_KEY: "${CROWDSEC_ENROLL_KEY:-}"
       ENROLL_INSTANCE_NAME: "${CROWDSEC_ENROLL_INSTANCE_NAME:-aykhans-prod}"
     ports:
@@ -62,7 +61,7 @@ services:
       - caddy
     environment:
       CROWDSEC_LAPI_URL: "http://crowdsec:8080"
-      CROWDSEC_API_KEY: "${CROWDSEC_BOUNCER_KEY_EXPORTER}"
+      CROWDSEC_API_KEY: "${CROWDSEC_BOUNCER_KEY_CADDY}"
       POLL_INTERVAL_SECS: "30"
       LISTEN_PORT: "9100"
       GEOIP_CITY_DB: "/geoip/GeoLite2-City.mmdb"

crowdsec/profiles/profiles.yaml

@@ -1,18 +1,18 @@
 name: default_ip_remediation
 filters:
   - Alert.Remediation == true && Alert.GetScope() == "Ip"
-duration_expr: Sprintf('%dh', min(730, (GetDecisionsCount(Alert.GetValue())+1)*4))
 decisions:
   - type: ban
     duration: 4h
+    duration_expr: Sprintf('%dh', min(168, (GetDecisionsCount(Alert.GetValue())+1)*4))
 on_success: break
 
 ---
 name: default_range_remediation
 filters:
   - Alert.Remediation == true && Alert.GetScope() == "Range"
-duration_expr: Sprintf('%dh', min(730, (GetDecisionsCount(Alert.GetValue())+1)*4))
 decisions:
   - type: ban
     duration: 4h
+    duration_expr: Sprintf('%dh', min(168, (GetDecisionsCount(Alert.GetValue())+1)*4))
 on_success: break

memos/docker-compose.yaml

@@ -6,7 +6,7 @@ networks:
 
 services:
   memos:
-    image: neosmemo/memos:0.29
+    image: neosmemo/memos:0.27
     restart: unless-stopped
     container_name: memos
     labels:

watchtower/docker-compose.yaml

@@ -10,7 +10,7 @@ services:
       - "--label-enable"
       - "--cleanup"
       - "--interval"
-      - "28800" # 8 hours
+      - "600" # 10 minutes
     logging:
       driver: "json-file"
       options: