Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crowdsec with Appsec enabled crash on 24.7.12 and 25.1 #4521

Open
3 tasks done
Eisaichen opened this issue Feb 3, 2025 · 0 comments
Open
3 tasks done

Crowdsec with Appsec enabled crash on 24.7.12 and 25.1 #4521

Eisaichen opened this issue Feb 3, 2025 · 0 comments

Comments

@Eisaichen
Copy link

Eisaichen commented Feb 3, 2025
edited
Loading

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

Describe the bug
As reported on the opnsense forum here:
https://forum.opnsense.org/index.php?topic=45226.0

Crowdsec started to crash on 24.7.12 when appsec was enabled. (Opnsense 24.7.12 ship with Crowdsec 1.6.4)
Revert the package to 24.7.11 (Crowdsec 1.6.3) or remove collection crowdsecurity/appsec-virtual-patching are able to fix the problem.
Standalone Crowdsec 1.6.4 doesn't have the same issue.

To Reproduce
Steps to reproduce the behavior:

  1. Enable appsec by following the official document.
  2. Upgrade to version 24.7.12 or afterward. (Crowdsec 1.6.4)
  3. Start the service
  4. See error

Expected behavior
Work as designed.

Relevant log files

Backend Logs 
2025-02-03T00:04:20-06:00	Error	configd.py	 [22fe8388-b27c-4a89-bda1-7c71363e750b] returned exit status 1
2025-02-02T23:57:01-06:00	Error	configd.py	 [a71d5155-3406-4d12-9c30-fdb438510eee] Script action failed with Command '/usr/local/bin/cscli decisions list -l 0 -o json' returned non-zero exit status 1. at Traceback (most recent call last):   File "/usr/local/opnsense/service/modules/actions/script_output.py", line 78, in execute     subprocess.check_call(script_command, env=self.config_environment, shell=True,   File "/usr/local/lib/python3.11/subprocess.py", line 413, in check_call     raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/bin/cscli decisions list -l 0 -o json' returned non-zero exit status 1.
2025-02-02T23:56:58-06:00	Error	configd.py	 [9d2068f2-013a-4ff1-afce-1e71b44d1980] Script action failed with Command '/usr/local/bin/cscli alerts list -l 0 -o json' returned non-zero exit status 1. at Traceback (most recent call last):   File "/usr/local/opnsense/service/modules/actions/script_output.py", line 78, in execute     subprocess.check_call(script_command, env=self.config_environment, shell=True,   File "/usr/local/lib/python3.11/subprocess.py", line 413, in check_call     raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/bin/cscli alerts list -l 0 -o json' returned non-zero exit status 1.
2025-02-02T23:56:11-06:00	Error	configd.py	 Timeout (120) executing : crowdsec alerts-list
2025-02-02T23:56:09-06:00	Error	configd.py	 Timeout (120) executing : crowdsec decisions-list
Crowdsec Logs 
root@opnsense:~ # service crowdsec reload
Performing sanity check on crowdsec configuration.
time="2025-02-03T00:09:18-06:00" level=fatal msg="crowdsec init: while loading scenarios: scenario loading failed: unable to load alert context: compilation of 'match.method != nil ? match.method : ''' context value failed: unknown name match (1:1)\n | match.method != nil ? match.method : ''\n | ^"

Environment
OPNsense 24.7.12
Crowdsec 1.6.4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Eisaichen