git: 18a4c3574d8f - main - security/crowdsec*: update to their latest releases
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 15 Jan 2022 13:16:34 UTC
The branch main has been updated by rene:
URL: https://cgit.FreeBSD.org/ports/commit/?id=18a4c3574d8faad5936830be46ca5c14faaa7cc3
commit 18a4c3574d8faad5936830be46ca5c14faaa7cc3
Author: Rene Ladan <rene@FreeBSD.org>
AuthorDate: 2022-01-15 13:15:52 +0000
Commit: Rene Ladan <rene@FreeBSD.org>
CommitDate: 2022-01-15 13:15:52 +0000
security/crowdsec*: update to their latest releases
security/crowdsec:
- update to version 1.2.3
security/crowdsec-firewall-bouncer:
- update to version 0.0.20
- update pkg-message
Add log rotation to both ports, and other small improvements.
PR: 260262
---
security/crowdsec-firewall-bouncer/Makefile | 16 ++++++----
security/crowdsec-firewall-bouncer/distinfo | 6 ++--
.../files/crowdsec-firewall-bouncer.conf-newsyslog | 2 ++
.../files/crowdsec_firewall.in | 11 ++++++-
.../crowdsec-firewall-bouncer/files/patch-Makefile | 12 ++++----
.../crowdsec-firewall-bouncer/files/pkg-message.in | 34 +++++++++++++---------
security/crowdsec-firewall-bouncer/pkg-plist | 3 ++
security/crowdsec/Makefile | 21 +++++++++----
security/crowdsec/distinfo | 6 ++--
security/crowdsec/files/crowdsec.conf-newsyslog | 3 ++
security/crowdsec/files/crowdsec.in | 15 +++++-----
security/crowdsec/files/patch-Makefile | 29 +++++++++++++-----
security/crowdsec/files/patch-config_acquis.yaml | 12 ++++++++
security/crowdsec/pkg-plist | 7 +++++
14 files changed, 126 insertions(+), 51 deletions(-)
diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile
index 36a868801a50..6f9b4c3b9649 100644
--- a/security/crowdsec-firewall-bouncer/Makefile
+++ b/security/crowdsec-firewall-bouncer/Makefile
@@ -1,5 +1,5 @@
PORTNAME= crowdsec-firewall-bouncer
-PORTVERSION= 0.0.17 # NOTE: change BUILD_VERSION and BUILD_TAG as well
+PORTVERSION= 0.0.20 # NOTE: change BUILD_VERSION and BUILD_TAG as well
DISTVERSIONPREFIX= v
CATEGORIES= security
@@ -19,6 +19,7 @@ RUN_DEPENDS= crowdsec>0:security/crowdsec
USE_GITHUB= yes
GH_ACCOUNT= crowdsecurity
GH_PROJECT= cs-firewall-bouncer
+GH_TAGNAME= v0.0.20-freebsd
#GH_TAGNAME is automatically set from DISTVERSION
USE_RC_SUBR= crowdsec_firewall
@@ -28,14 +29,11 @@ SUB_FILES= pkg-message \
# BUILD_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1))
# BUILD_TAG=$(git rev-parse HEAD)
-MAKE_ENV= BUILD_VERSION="v0.0.17" \
- BUILD_TAG="b330209afcdefd0046fd6790999bbb342c02f1b3"
+MAKE_ENV= BUILD_VERSION="v0.0.20" \
+ BUILD_TAG="a456a4debdf3d3551c89b8490bb942f626027310"
ETCDIR= ${PREFIX}/etc/crowdsec/bouncers
-do-patch:
- cd ${WRKSRC} && go mod download github.com/mattn/go-sqlite3
-
post-patch:
${REINPLACE_CMD} 's,$${BACKEND},pf,g' \
${WRKSRC}/config/crowdsec-firewall-bouncer.yaml
@@ -56,4 +54,10 @@ do-install:
${INSTALL_DATA} ${WRKSRC}/config/crowdsec-firewall-bouncer.yaml \
${STAGEDIR}${ETCDIR}/crowdsec-firewall-bouncer.yaml.sample
+ #
+ # Log rotation
+ #
+
+ ${INSTALL_DATA} ${FILESDIR}/crowdsec-firewall-bouncer.conf-newsyslog ${STAGEDIR}${PREFIX}/etc/newsyslog.conf.d/crowdsec-firewall-bouncer.conf.sample
+
.include <bsd.port.mk>
diff --git a/security/crowdsec-firewall-bouncer/distinfo b/security/crowdsec-firewall-bouncer/distinfo
index 001ca177529b..1548b93d6c60 100644
--- a/security/crowdsec-firewall-bouncer/distinfo
+++ b/security/crowdsec-firewall-bouncer/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1637702397
-SHA256 (crowdsecurity-cs-firewall-bouncer-v0.0.17_GH0.tar.gz) = 53af239b86c6b554da3711e3686d7d3036d33b2e561bfb00e195b6c8a06918c8
-SIZE (crowdsecurity-cs-firewall-bouncer-v0.0.17_GH0.tar.gz) = 143037
+TIMESTAMP = 1640213523
+SHA256 (crowdsecurity-cs-firewall-bouncer-v0.0.20-v0.0.20-freebsd_GH0.tar.gz) = 95f8abf5f44e700e7f0a41edf5367715ce06918cb0de7a5d084bdca277563171
+SIZE (crowdsecurity-cs-firewall-bouncer-v0.0.20-v0.0.20-freebsd_GH0.tar.gz) = 3018717
diff --git a/security/crowdsec-firewall-bouncer/files/crowdsec-firewall-bouncer.conf-newsyslog b/security/crowdsec-firewall-bouncer/files/crowdsec-firewall-bouncer.conf-newsyslog
new file mode 100644
index 000000000000..b26fae25b5ce
--- /dev/null
+++ b/security/crowdsec-firewall-bouncer/files/crowdsec-firewall-bouncer.conf-newsyslog
@@ -0,0 +1,2 @@
+# logfilename [owner:group] mode count size(kb) when flags [/pid_file] [sig_num]
+/var/log/crowdsec-firewall-bouncer.log root:wheel 644 10 5120 * JC /var/run/crowdsec_firewall.pid
diff --git a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in
index ee3dcc9f7325..6a0f96f26f8f 100755
--- a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in
+++ b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in
@@ -1,7 +1,7 @@
#!/bin/sh
#
# PROVIDE: crowdsec_firewall
-# REQUIRE: LOGIN DAEMON NETWORKING
+# REQUIRE: LOGIN DAEMON NETWORKING crowdsec
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
@@ -41,6 +41,15 @@ crowdsec_firewall_precmd() {
fi
fi
fi
+
+ # needs real tabs
+ cat <<-EOT | /sbin/pfctl -f /dev/fd/0
+ table <crowdsec-blacklists> persist
+ table <crowdsec6-blacklists> persist
+ block drop in quick from <crowdsec-blacklists> to any
+ block drop in quick from <crowdsec6-blacklists> to any
+ EOT
+
}
crowdsec_firewall_start() {
diff --git a/security/crowdsec-firewall-bouncer/files/patch-Makefile b/security/crowdsec-firewall-bouncer/files/patch-Makefile
index 6d9e9a2e2f42..df450e5e1b27 100644
--- a/security/crowdsec-firewall-bouncer/files/patch-Makefile
+++ b/security/crowdsec-firewall-bouncer/files/patch-Makefile
@@ -1,11 +1,11 @@
---- Makefile.orig 2021-12-07 09:00:17 UTC
+--- Makefile.orig 2021-12-22 22:57:23 UTC
+++ Makefile
-@@ -11,7 +11,7 @@ GOGET=$(GOCMD) get
- BUILD_VERSION?="$(shell git describe --tags `git rev-list --tags --max-count=1`)"
+@@ -11,7 +11,7 @@ BUILD_VERSION?="$(shell git describe --tags `git rev-l
BUILD_GOVERSION="$(shell go version | cut -d " " -f3 | sed -r 's/[go]+//g')"
BUILD_TIMESTAMP=$(shell date +%F"_"%T)
--BUILD_TAG="$(shell git rev-parse HEAD)"
-+BUILD_TAG?="$(shell git rev-parse HEAD)"
- export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=$(BUILD_VERSION) \
+ BUILD_TAG?="$(shell git rev-parse HEAD)"
+-export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=$(BUILD_VERSION) \
++export LD_OPTS=-mod vendor -modcacherw --ldflags "-s -w -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=$(BUILD_VERSION) \
-X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.BuildDate=$(BUILD_TIMESTAMP) \
-X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Tag=$(BUILD_TAG) \
+ -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.GoVersion=$(BUILD_GOVERSION)"
diff --git a/security/crowdsec-firewall-bouncer/files/pkg-message.in b/security/crowdsec-firewall-bouncer/files/pkg-message.in
index 3929d468efd0..8bcdc8d1d9d6 100644
--- a/security/crowdsec-firewall-bouncer/files/pkg-message.in
+++ b/security/crowdsec-firewall-bouncer/files/pkg-message.in
@@ -11,27 +11,35 @@ configuration file, which is now in %%ETCDIR%%/crowdsec-firewall-bouncer.yaml
In previous versions, the configuration was in /usr/local/etc/crowdsec-firewall-bouncer, you may need
to check if you made any changes there.
-If it's the first time, you need to edit your Packet Filter configuration.
-Add the following in /etc/pf.conf to create the tables:
+This package depends on the Packet Filter service.
+To make sure it's active:
----------
-# create crowdsec ipv4 table
-table <crowdsec-blacklists> persist
+# sysrc pf_enable=YES
+pf_enable: NO -> YES
+# service pf start
+Enabling pf.
+----------
-# create crowdsec ipv6 table
-table <crowdsec6-blacklists> persist
+Then activate the bouncer via sysrc:
-block drop in quick from <crowdsec-blacklists> to any
-block drop in quick from <crowdsec6-blacklists> to any
+----------
+# sysrc crowdsec_firewall_enable="YES"
+crowdsec_firewall_enable: NO -> YES
+# service crowdsec_firewall start
----------
-To apply the file:
-
-# pfctl -f /etc/pf.conf
+After a few seconds, the bouncer should have created the tables and rules:
-Then activate the bouncer via sysrc:
+----------
+# pfctl -s Tables
+crowdsec-blacklists
+crowdsec6-blacklists
+# pfctl -s Tables -s rules
+block drop in quick from <crowdsec-blacklists> to any
+block drop in quick from <crowdsec6-blacklists> to any
+----------
-# sysrc crowdsec_firewall_enable="YES"
EOM
}
]
diff --git a/security/crowdsec-firewall-bouncer/pkg-plist b/security/crowdsec-firewall-bouncer/pkg-plist
index 6a41287c1e57..ecbf8e901981 100644
--- a/security/crowdsec-firewall-bouncer/pkg-plist
+++ b/security/crowdsec-firewall-bouncer/pkg-plist
@@ -1,4 +1,7 @@
@mode 0755
bin/crowdsec-firewall-bouncer
+@dir etc/newsyslog.conf.d
@mode 0600
@sample %%ETCDIR%%/crowdsec-firewall-bouncer.yaml.sample
+@mode 0644
+@sample etc/newsyslog.conf.d/crowdsec-firewall-bouncer.conf.sample
diff --git a/security/crowdsec/Makefile b/security/crowdsec/Makefile
index f3683aee9c30..dbc74172642a 100644
--- a/security/crowdsec/Makefile
+++ b/security/crowdsec/Makefile
@@ -1,5 +1,5 @@
PORTNAME= crowdsec
-PORTVERSION= 1.2.1 # NOTE: change BUILD_VERSION and BUILD_TAG as well
+PORTVERSION= 1.2.3 # NOTE: change BUILD_VERSION and BUILD_TAG as well
DISTVERSIONPREFIX= v
CATEGORIES= security
@@ -18,19 +18,18 @@ USES= gmake
USE_GITHUB= yes
GH_ACCOUNT= crowdsecurity
GH_PROJECT= crowdsec
+GH_TAGNAME= v1.2.3-freebsd
#GH_TAGNAME is automatically set from DISTVERSION
USE_RC_SUBR= crowdsec
-USE_RC_SUBR= crowdsec
-
SUB_FILES= pkg-message \
pkg-deinstall
# BUILD_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1))
# BUILD_TAG=$(git rev-parse HEAD)
-MAKE_ENV= BUILD_VERSION="v1.2.1" \
- BUILD_TAG="dd03d073558e380c283afe66942f537c3da647ff"
+MAKE_ENV= BUILD_VERSION="v1.2.3" \
+ BUILD_TAG="fc4be1e0ffc5888f2824358464cb2426cd4472e1"
PLUGIN_DIR= ${PREFIX}/lib/crowdsec/plugins
STAGE_PLUGINS= ${STAGEDIR}${PLUGIN_DIR}
@@ -62,6 +61,7 @@ do-install:
${LN} -s cscli ${STAGE_BIN}/crowdsec-cli
@${MKDIR} ${STAGE_PLUGINS}
+ ${INSTALL_PROGRAM} ${WRKSRC}/plugins/notifications/email/notification-email ${STAGE_PLUGINS}/
${INSTALL_PROGRAM} ${WRKSRC}/plugins/notifications/http/notification-http ${STAGE_PLUGINS}/
${INSTALL_PROGRAM} ${WRKSRC}/plugins/notifications/slack/notification-slack ${STAGE_PLUGINS}/
${INSTALL_PROGRAM} ${WRKSRC}/plugins/notifications/splunk/notification-splunk ${STAGE_PLUGINS}/
@@ -92,6 +92,10 @@ do-install:
@${MKDIR} ${STAGEDIR}${ETCDIR}/notifications
+ @${MKDIR} ${STAGEDIR}${ETCDIR}/notifications/email
+ @${MV} ${WRKSRC}/plugins/notifications/email/email.yaml \
+ ${STAGEDIR}${ETCDIR}/notifications/email/email.yaml.sample
+
@${MKDIR} ${STAGEDIR}${ETCDIR}/notifications/http
@${MV} ${WRKSRC}/plugins/notifications/http/http.yaml \
${STAGEDIR}${ETCDIR}/notifications/http/http.yaml.sample
@@ -119,4 +123,11 @@ do-install:
@${MKDIR} ${STAGEDIR}${ETCDIR}/hub
@${MKDIR} ${STAGEDIR}/var/db/crowdsec/data
+ #
+ # Log rotation
+ #
+
+ @${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
+ ${INSTALL_DATA} ${FILESDIR}/crowdsec.conf-newsyslog ${STAGEDIR}${PREFIX}/etc/newsyslog.conf.d/crowdsec.conf.sample
+
.include <bsd.port.mk>
diff --git a/security/crowdsec/distinfo b/security/crowdsec/distinfo
index 1eecdf198266..a87959633114 100644
--- a/security/crowdsec/distinfo
+++ b/security/crowdsec/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1637702390
-SHA256 (crowdsecurity-crowdsec-v1.2.1_GH0.tar.gz) = e3a9bbb70b1995a83c5001d06dbbcb5f59d43e4d7c18b60548f305a62d2dd6a3
-SIZE (crowdsecurity-crowdsec-v1.2.1_GH0.tar.gz) = 659398
+TIMESTAMP = 1642022158
+SHA256 (crowdsecurity-crowdsec-v1.2.3-v1.2.3-freebsd_GH0.tar.gz) = 9b3dd5fcc7b67cf89a1a661009a215b9a7f7a0efeb598456480e57fbd6e9bb4b
+SIZE (crowdsecurity-crowdsec-v1.2.3-v1.2.3-freebsd_GH0.tar.gz) = 19122216
diff --git a/security/crowdsec/files/crowdsec.conf-newsyslog b/security/crowdsec/files/crowdsec.conf-newsyslog
new file mode 100644
index 000000000000..a32cf4d567d7
--- /dev/null
+++ b/security/crowdsec/files/crowdsec.conf-newsyslog
@@ -0,0 +1,3 @@
+# logfilename [owner:group] mode count size(kb) when flags [/pid_file] [sig_num]
+/var/log/crowdsec.log root:wheel 644 10 5120 * JC /var/run/crowdsec.pid
+/var/log/crowdsec_api.log root:wheel 644 10 5120 * JC /var/run/crowdsec.pid
diff --git a/security/crowdsec/files/crowdsec.in b/security/crowdsec/files/crowdsec.in
index 04b7c02130f9..ac0f384a9572 100644
--- a/security/crowdsec/files/crowdsec.in
+++ b/security/crowdsec/files/crowdsec.in
@@ -43,12 +43,12 @@ crowdsec_precmd() {
}
HUB_DIR=$(Config ConfigPaths.HubDir)
- if ! ls -1qA "$HUB_DIR/*" >/dev/null 2>&1; then
+ if ! ls -1qA "$HUB_DIR"/* >/dev/null 2>&1; then
echo "Fetching hub inventory"
cs_cli hub update || :
fi
- if [ -z "$(cs_cli machines list -o raw)" ]; then
+ if [ "$(cs_cli machines list -o json)" = "[]" ]; then
echo "Registering LAPI"
cs_cli machines add --auto || :
fi
@@ -59,12 +59,13 @@ crowdsec_precmd() {
cs_cli capi register || :
fi
- cs_cli collections inspect crowdsecurity/linux >/dev/null || cs_cli collections install crowdsecurity/linux || :
+ # This would work but takes 30secs to timeout while reading the metrics, because crowdsec is not running yet.
+ # cs_cli collections inspect crowdsecurity/freebsd 2>/dev/null | grep ^installed | grep -q true || \
+ # cs_cli collections install crowdsecurity/freebsd || :
- DATA_DIR=$(Config ConfigPaths.DataDir)
- if [ ! -f "${DATA_DIR}/GeoLite2-City.mmdb" ]; then
- echo "Installing GeoIP enricher"
- cs_cli parsers install crowdsecurity/geoip-enrich || :
+ # So we just check for the file
+ if [ ! -e "${CONFIG_DIR}/collections/freebsd.yaml" ]; then
+ cs_cli collections install crowdsecurity/freebsd || :
fi
}
diff --git a/security/crowdsec/files/patch-Makefile b/security/crowdsec/files/patch-Makefile
index 909dceada263..840e31a44477 100644
--- a/security/crowdsec/files/patch-Makefile
+++ b/security/crowdsec/files/patch-Makefile
@@ -1,11 +1,26 @@
---- Makefile.orig 2021-11-17 09:15:38 UTC
+--- Makefile.orig 2021-12-21 21:18:22 UTC
+++ Makefile
-@@ -42,7 +42,7 @@ BUILD_VERSION?="$(shell git describe --tags `git rev-l
- BUILD_GOVERSION="$(shell go version | cut -d " " -f3 | sed -E 's/[go]+//g')"
- BUILD_CODENAME=$(shell cat RELEASE.json | jq -r .CodeName)
+@@ -44,14 +44,14 @@ BUILD_CODENAME=$(shell cat RELEASE.json | jq -r .CodeN
BUILD_TIMESTAMP=$(shell date +%F"_"%T)
--BUILD_TAG="$(shell git rev-parse HEAD)"
-+BUILD_TAG?="$(shell git rev-parse HEAD)"
+ BUILD_TAG?="$(shell git rev-parse HEAD)"
- export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=$(BUILD_VERSION) \
+-export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=$(BUILD_VERSION) \
++export LD_OPTS=-mod vendor -modcacherw -ldflags "-s -w -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=$(BUILD_VERSION) \
-X github.com/crowdsecurity/crowdsec/pkg/cwversion.System=$(SYSTEM) \
+ -X github.com/crowdsecurity/crowdsec/pkg/cwversion.BuildDate=$(BUILD_TIMESTAMP) \
+ -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Codename=$(BUILD_CODENAME) \
+ -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Tag=$(BUILD_TAG) \
+ -X github.com/crowdsecurity/crowdsec/pkg/cwversion.GoVersion=$(BUILD_GOVERSION)"
+
+-export LD_OPTS_STATIC=-ldflags "-s -w -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=$(BUILD_VERSION) \
++export LD_OPTS_STATIC=-mod vendor -modcacherw -ldflags "-s -w -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=$(BUILD_VERSION) \
+ -X github.com/crowdsecurity/crowdsec/pkg/cwversion.BuildDate=$(BUILD_TIMESTAMP) \
+ -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Codename=$(BUILD_CODENAME) \
+ -X github.com/crowdsecurity/crowdsec/pkg/cwversion.Tag=$(BUILD_TAG) \
+@@ -176,4 +176,4 @@ check_release:
+ release: check_release build package
+
+ .PHONY:
+-release_static: check_release static package_static
+\ No newline at end of file
++release_static: check_release static package_static
diff --git a/security/crowdsec/files/patch-config_acquis.yaml b/security/crowdsec/files/patch-config_acquis.yaml
new file mode 100644
index 000000000000..67b4ef3c693b
--- /dev/null
+++ b/security/crowdsec/files/patch-config_acquis.yaml
@@ -0,0 +1,12 @@
+--- config/acquis.yaml.orig 2021-12-15 10:39:37 UTC
++++ config/acquis.yaml
+@@ -11,6 +11,8 @@ filenames:
+ labels:
+ type: syslog
+ ---
+-filename: /var/log/apache2/*.log
++filenames:
++ - /var/log/httpd-access.log
++ - /var/log/httpd-error.log
+ labels:
+ type: apache2
diff --git a/security/crowdsec/pkg-plist b/security/crowdsec/pkg-plist
index 5a02566e9cf2..a8e54a73df13 100644
--- a/security/crowdsec/pkg-plist
+++ b/security/crowdsec/pkg-plist
@@ -10,9 +10,13 @@ bin/crowdsec-cli
@sample %%ETCDIR%%/config.yaml.sample
@sample %%ETCDIR%%/profiles.yaml.sample
@sample %%ETCDIR%%/simulation.yaml.sample
+@sample %%ETCDIR%%/notifications/email/email.yaml.sample
@sample %%ETCDIR%%/notifications/http/http.yaml.sample
@sample %%ETCDIR%%/notifications/slack/slack.yaml.sample
@sample %%ETCDIR%%/notifications/splunk/splunk.yaml.sample
+%%ETCDIR%%/dev.yaml
+%%ETCDIR%%/user.yaml
+%%ETCDIR%%/crowdsec.service
%%ETCDIR%%/patterns/aws
%%ETCDIR%%/patterns/bacula
%%ETCDIR%%/patterns/bro
@@ -37,10 +41,13 @@ bin/crowdsec-cli
%%ETCDIR%%/patterns/smb
%%ETCDIR%%/patterns/ssh
%%ETCDIR%%/patterns/tcpdump
+@sample etc/newsyslog.conf.d/crowdsec.conf.sample
@mode 0755
+lib/crowdsec/plugins/notification-email
lib/crowdsec/plugins/notification-http
lib/crowdsec/plugins/notification-slack
lib/crowdsec/plugins/notification-splunk
@dir %%ETCDIR%%/hub
@dir /var/db/crowdsec/data
@dir /var/db/crowdsec
+@dir etc/newsyslog.conf.d