diff --git a/README.md b/README.md index 4191fc101..ddc5544bc 100644 --- a/README.md +++ b/README.md @@ -519,3 +519,10 @@ when a privileged user will login, they must enable their TFA. Otherwise, on a s login, they will already be blocked. A site admin may reset their validation tries under the `/admin/people` page. The TFA method that is enabled is one that uses Google authenticator (or similar). + +## WAF - Crowdsec + +It is recommended to use a proper WAF, either from Cloudflare, or from another vendor, but +for smaller sites, it is not always possible. [Crowdsec](https://www.crowdsec.net/) is integrated +to protect the client sites from known malicious visitors. If used in conjuction with Cloudflare or with other type of gateway that hides the originating address, +you need to make sure Drupal is aware of the real IP of the visitors. diff --git a/composer.json b/composer.json index 9b1a3d241..134c45e7e 100644 --- a/composer.json +++ b/composer.json @@ -38,6 +38,7 @@ "drupal/core-composer-scaffold": "^10", "drupal/core-project-message": "^10", "drupal/core-recommended": "^10.0", + "drupal/crowdsec": "^1.1", "drupal/default_content": "^2.0@alpha", "drupal/emptyparagraphkiller": "^2.0", "drupal/entity_browser": "^2.9", diff --git a/composer.lock b/composer.lock index 31d558fcc..e9b543f1b 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "ab02dbd624e44c5a9609f139707c1f89", + "content-hash": "42705499ba797a0ba40fd9e9ed194cfd", "packages": [ { "name": "asm89/stack-cors", @@ -346,6 +346,82 @@ }, "time": "2021-02-23T20:13:30+00:00" }, + { + "name": "composer/ca-bundle", + "version": "1.5.2", + "source": { + "type": "git", + "url": "https://github.com/composer/ca-bundle.git", + "reference": "48a792895a2b7a6ee65dd5442c299d7b835b6137" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/composer/ca-bundle/zipball/48a792895a2b7a6ee65dd5442c299d7b835b6137", + "reference": "48a792895a2b7a6ee65dd5442c299d7b835b6137", + "shasum": "" + }, + "require": { + "ext-openssl": "*", + "ext-pcre": "*", + "php": "^7.2 || ^8.0" + }, + "require-dev": { + "phpstan/phpstan": "^1.10", + "phpunit/phpunit": "^8 || ^9", + "psr/log": "^1.0 || ^2.0 || ^3.0", + "symfony/process": "^4.0 || ^5.0 || ^6.0 || ^7.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-main": "1.x-dev" + } + }, + "autoload": { + "psr-4": { + "Composer\\CaBundle\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Jordi Boggiano", + "email": "j.boggiano@seld.be", + "homepage": "http://seld.be" + } + ], + "description": "Lets you find a path to the system CA bundle, and includes a fallback to the Mozilla CA bundle.", + "keywords": [ + "cabundle", + "cacert", + "certificate", + "ssl", + "tls" + ], + "support": { + "irc": "irc://irc.freenode.org/composer", + "issues": "https://github.com/composer/ca-bundle/issues", + "source": "https://github.com/composer/ca-bundle/tree/1.5.2" + }, + "funding": [ + { + "url": "https://packagist.com", + "type": "custom" + }, + { + "url": "https://github.com/composer", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/composer/composer", + "type": "tidelift" + } + ], + "time": "2024-09-25T07:49:53+00:00" + }, { "name": "composer/installers", "version": "v1.12.0", @@ -1094,6 +1170,287 @@ }, "time": "2024-04-06T00:00:28+00:00" }, + { + "name": "crowdsec/capi-client", + "version": "v3.2.0", + "source": { + "type": "git", + "url": "https://github.com/crowdsecurity/php-capi-client.git", + "reference": "e43eb8f1e5ab74119f550a30d77fd85f0058090f" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/crowdsecurity/php-capi-client/zipball/e43eb8f1e5ab74119f550a30d77fd85f0058090f", + "reference": "e43eb8f1e5ab74119f550a30d77fd85f0058090f", + "shasum": "" + }, + "require": { + "crowdsec/common": "^2.2.0", + "ext-json": "*", + "monolog/monolog": "^1.17 || ^2.1", + "php": "^7.2.5 || ^8.0", + "symfony/config": "^4.4.44 || ^5.4.11 || ^6.0.11", + "symfony/uid": "^5.4.19 || ^6.2.5" + }, + "require-dev": { + "ext-curl": "*", + "mikey179/vfsstream": "^1.6.11", + "phpunit/phpunit": "^8.5.30 || ^9.3" + }, + "suggest": { + "ext-curl": "*" + }, + "type": "library", + "autoload": { + "psr-4": { + "CrowdSec\\CapiClient\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "CrowdSec", + "email": "info@crowdsec.net" + }, + { + "name": "Julien Loizelet", + "homepage": "https://github.com/julienloizelet/", + "role": "Developer" + } + ], + "description": "The official PHP client for the CrowdSec Central API (CAPI)", + "keywords": [ + "capi", + "client", + "crowdsec", + "curl", + "rest", + "security", + "watcher" + ], + "support": { + "issues": "https://github.com/crowdsecurity/php-capi-client/issues", + "source": "https://github.com/crowdsecurity/php-capi-client/tree/v3.2.0" + }, + "time": "2024-09-12T03:24:06+00:00" + }, + { + "name": "crowdsec/common", + "version": "v2.3.0", + "source": { + "type": "git", + "url": "https://github.com/crowdsecurity/php-common.git", + "reference": "536bb855f0d55148e4e2f902be4f69903ae1ec54" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/crowdsecurity/php-common/zipball/536bb855f0d55148e4e2f902be4f69903ae1ec54", + "reference": "536bb855f0d55148e4e2f902be4f69903ae1ec54", + "shasum": "" + }, + "require": { + "ext-json": "*", + "monolog/monolog": "^1.17 || ^2.1", + "php": "^7.2.5 || ^8.0", + "symfony/config": "^4.4.44 || ^5.4.11 || ^6.0.11" + }, + "require-dev": { + "ext-curl": "*", + "mikey179/vfsstream": "^1.6.11", + "phpunit/phpunit": "^8.5.30 || ^9.3" + }, + "suggest": { + "ext-curl": "*" + }, + "type": "library", + "autoload": { + "psr-4": { + "CrowdSec\\Common\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "CrowdSec", + "email": "info@crowdsec.net" + }, + { + "name": "Julien Loizelet", + "homepage": "https://github.com/julienloizelet/", + "role": "Developer" + } + ], + "description": "Common PHP code used by other php libs from CrowdSec SDK", + "keywords": [ + "bouncer", + "capi", + "client", + "crowdsec", + "curl", + "lapi", + "rest", + "security", + "watcher" + ], + "support": { + "issues": "https://github.com/crowdsecurity/php-common/issues", + "source": "https://github.com/crowdsecurity/php-common/tree/v2.3.0" + }, + "time": "2024-10-04T01:48:01+00:00" + }, + { + "name": "crowdsec/lapi-client", + "version": "v3.3.1", + "source": { + "type": "git", + "url": "https://github.com/crowdsecurity/php-lapi-client.git", + "reference": "d2a27f4eab5d82ca8c75684881c8c0a3d9c4ea39" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/crowdsecurity/php-lapi-client/zipball/d2a27f4eab5d82ca8c75684881c8c0a3d9c4ea39", + "reference": "d2a27f4eab5d82ca8c75684881c8c0a3d9c4ea39", + "shasum": "" + }, + "require": { + "crowdsec/common": "^2.3.0", + "ext-json": "*", + "monolog/monolog": "^1.17 || ^2.1", + "php": "^7.2.5 || ^8.0", + "symfony/config": "^4.4.44 || ^5.4.11 || ^6.0.11" + }, + "require-dev": { + "ext-curl": "*", + "mikey179/vfsstream": "^1.6.11", + "phpunit/phpunit": "^8.5.30 || ^9.3" + }, + "suggest": { + "ext-curl": "*" + }, + "type": "library", + "autoload": { + "psr-4": { + "CrowdSec\\LapiClient\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "CrowdSec", + "email": "info@crowdsec.net" + }, + { + "name": "Julien Loizelet", + "homepage": "https://github.com/julienloizelet/", + "role": "Developer" + } + ], + "description": "The official PHP client for the CrowdSec Local API (LAPI)", + "keywords": [ + "appsec", + "bouncer", + "client", + "crowdsec", + "curl", + "lapi", + "rest", + "security" + ], + "support": { + "issues": "https://github.com/crowdsecurity/php-lapi-client/issues", + "source": "https://github.com/crowdsecurity/php-lapi-client/tree/v3.3.1" + }, + "time": "2024-10-10T09:56:15+00:00" + }, + { + "name": "crowdsec/remediation-engine", + "version": "v3.4.0", + "source": { + "type": "git", + "url": "https://github.com/crowdsecurity/php-remediation-engine.git", + "reference": "ea92f7a86b51b91938768e64293187979dbab438" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/crowdsecurity/php-remediation-engine/zipball/ea92f7a86b51b91938768e64293187979dbab438", + "reference": "ea92f7a86b51b91938768e64293187979dbab438", + "shasum": "" + }, + "require": { + "crowdsec/capi-client": "^3.2.0", + "crowdsec/common": "^2.3.0", + "crowdsec/lapi-client": "^3.3.0", + "ext-json": "*", + "geoip2/geoip2": "^2.13.0", + "mlocati/ip-lib": "^1.18", + "monolog/monolog": "^1.17 || ^2.1", + "php": "^7.2.5 || ^8.0", + "symfony/cache": "^5.4.11|| ^6.0.11", + "symfony/config": "^4.4.27 || ^5.2 || ^6.0" + }, + "conflict": { + "symfony/cache": "6.2.3 || 6.1.9 || 6.0.17 || 5.4.17" + }, + "require-dev": { + "ext-curl": "*", + "mikey179/vfsstream": "^1.6.11", + "phpunit/phpunit": "^8.5.30 || ^9.3" + }, + "suggest": { + "ext-curl": "*" + }, + "type": "library", + "autoload": { + "psr-4": { + "CrowdSec\\RemediationEngine\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "CrowdSec", + "email": "info@crowdsec.net" + }, + { + "name": "Julien Loizelet", + "homepage": "https://github.com/julienloizelet/", + "role": "Developer" + } + ], + "description": "The official PHP remediation engine for CrowdSec", + "keywords": [ + "ban", + "bouncer", + "capi", + "captcha", + "client", + "crowdsec", + "curl", + "decision", + "lapi", + "remediation", + "rest", + "security", + "watcher" + ], + "support": { + "issues": "https://github.com/crowdsecurity/php-remediation-engine/issues", + "source": "https://github.com/crowdsecurity/php-remediation-engine/tree/v3.4.0" + }, + "time": "2024-10-04T02:46:52+00:00" + }, { "name": "cweagans/composer-patches", "version": "1.7.3", @@ -2305,55 +2662,109 @@ } }, { - "name": "drupal/default_content", - "version": "2.0.0-alpha3", + "name": "drupal/crowdsec", + "version": "1.1.4", "source": { "type": "git", - "url": "https://git.drupalcode.org/project/default_content.git", - "reference": "2.0.0-alpha3" + "url": "https://git.drupalcode.org/project/crowdsec.git", + "reference": "1.1.4" }, "dist": { "type": "zip", - "url": "https://ftp.drupal.org/files/projects/default_content-2.0.0-alpha3.zip", - "reference": "2.0.0-alpha3", - "shasum": "fdd90c70bd91896835f6ba5ec42c260c1a144a2b" + "url": "https://ftp.drupal.org/files/projects/crowdsec-1.1.4.zip", + "reference": "1.1.4", + "shasum": "ffeb1d3e0e3295b45665a5bad9aabe303107f0cf" }, "require": { - "drupal/core": "^9.1 || ^10 || ^11" + "crowdsec/remediation-engine": "^3.0", + "drupal/core": "^10 || ^11", + "php": ">=8.1" }, "require-dev": { - "drupal/hal": "^1 || ^2", - "drupal/paragraphs": "^1" + "drupal/eca": "^2.0" }, "type": "drupal-module", "extra": { "drupal": { - "version": "2.0.0-alpha3", - "datestamp": "1724492420", + "version": "1.1.4", + "datestamp": "1728660695", "security-coverage": { - "status": "not-covered", - "message": "Alpha releases are not covered by Drupal security advisories." - } - }, - "drush": { - "services": { - "drush.services.yml": "^9 || ^10 || ^11 || ^12" + "status": "covered", + "message": "Covered by Drupal's security advisory policy" } } }, "notification-url": "https://packages.drupal.org/8/downloads", "license": [ - "GPL-2.0+" + "GPL-2.0-or-later" ], "authors": [ { - "name": "andypost", - "homepage": "https://www.drupal.org/user/118908" + "name": "danielspeicher", + "homepage": "https://www.drupal.org/user/3621778" }, { - "name": "benjy", - "homepage": "https://www.drupal.org/user/1852732" - }, + "name": "jurgenhaas", + "homepage": "https://www.drupal.org/user/168924" + } + ], + "description": "CrowdSec integration.", + "homepage": "https://www.drupal.org/project/crowdsec", + "support": { + "source": "https://git.drupalcode.org/project/crowdsec", + "issues": "https://www.drupal.org/project/issues/crowdsec" + } + }, + { + "name": "drupal/default_content", + "version": "2.0.0-alpha3", + "source": { + "type": "git", + "url": "https://git.drupalcode.org/project/default_content.git", + "reference": "2.0.0-alpha3" + }, + "dist": { + "type": "zip", + "url": "https://ftp.drupal.org/files/projects/default_content-2.0.0-alpha3.zip", + "reference": "2.0.0-alpha3", + "shasum": "fdd90c70bd91896835f6ba5ec42c260c1a144a2b" + }, + "require": { + "drupal/core": "^9.1 || ^10 || ^11" + }, + "require-dev": { + "drupal/hal": "^1 || ^2", + "drupal/paragraphs": "^1" + }, + "type": "drupal-module", + "extra": { + "drupal": { + "version": "2.0.0-alpha3", + "datestamp": "1724492420", + "security-coverage": { + "status": "not-covered", + "message": "Alpha releases are not covered by Drupal security advisories." + } + }, + "drush": { + "services": { + "drush.services.yml": "^9 || ^10 || ^11 || ^12" + } + } + }, + "notification-url": "https://packages.drupal.org/8/downloads", + "license": [ + "GPL-2.0+" + ], + "authors": [ + { + "name": "andypost", + "homepage": "https://www.drupal.org/user/118908" + }, + { + "name": "benjy", + "homepage": "https://www.drupal.org/user/1852732" + }, { "name": "berdir", "homepage": "https://www.drupal.org/user/214652" @@ -2633,7 +3044,7 @@ "homepage": "https://www.drupal.org/user/53892" }, { - "name": "Devin Carlson", + "name": "devin carlson", "homepage": "https://www.drupal.org/user/290182" }, { @@ -2649,7 +3060,7 @@ "homepage": "https://www.drupal.org/user/471638" }, { - "name": "Primsi", + "name": "primsi", "homepage": "https://www.drupal.org/user/282629" }, { @@ -5774,6 +6185,64 @@ ], "time": "2023-10-06T06:47:41+00:00" }, + { + "name": "geoip2/geoip2", + "version": "v2.13.0", + "source": { + "type": "git", + "url": "https://github.com/maxmind/GeoIP2-php.git", + "reference": "6a41d8fbd6b90052bc34dff3b4252d0f88067b23" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/maxmind/GeoIP2-php/zipball/6a41d8fbd6b90052bc34dff3b4252d0f88067b23", + "reference": "6a41d8fbd6b90052bc34dff3b4252d0f88067b23", + "shasum": "" + }, + "require": { + "ext-json": "*", + "maxmind-db/reader": "~1.8", + "maxmind/web-service-common": "~0.8", + "php": ">=7.2" + }, + "require-dev": { + "friendsofphp/php-cs-fixer": "3.*", + "phpstan/phpstan": "*", + "phpunit/phpunit": "^8.0 || ^9.0", + "squizlabs/php_codesniffer": "3.*" + }, + "type": "library", + "autoload": { + "psr-4": { + "GeoIp2\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "Apache-2.0" + ], + "authors": [ + { + "name": "Gregory J. Oschwald", + "email": "goschwald@maxmind.com", + "homepage": "https://www.maxmind.com/" + } + ], + "description": "MaxMind GeoIP2 PHP API", + "homepage": "https://github.com/maxmind/GeoIP2-php", + "keywords": [ + "IP", + "geoip", + "geoip2", + "geolocation", + "maxmind" + ], + "support": { + "issues": "https://github.com/maxmind/GeoIP2-php/issues", + "source": "https://github.com/maxmind/GeoIP2-php/tree/v2.13.0" + }, + "time": "2022-08-05T20:32:58+00:00" + }, { "name": "grasmash/expander", "version": "3.0.0", @@ -6735,6 +7204,122 @@ }, "time": "2024-03-31T07:05:07+00:00" }, + { + "name": "maxmind-db/reader", + "version": "v1.11.1", + "source": { + "type": "git", + "url": "https://github.com/maxmind/MaxMind-DB-Reader-php.git", + "reference": "1e66f73ffcf25e17c7a910a1317e9720a95497c7" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/maxmind/MaxMind-DB-Reader-php/zipball/1e66f73ffcf25e17c7a910a1317e9720a95497c7", + "reference": "1e66f73ffcf25e17c7a910a1317e9720a95497c7", + "shasum": "" + }, + "require": { + "php": ">=7.2" + }, + "conflict": { + "ext-maxminddb": "<1.11.1,>=2.0.0" + }, + "require-dev": { + "friendsofphp/php-cs-fixer": "3.*", + "php-coveralls/php-coveralls": "^2.1", + "phpstan/phpstan": "*", + "phpunit/phpcov": ">=6.0.0", + "phpunit/phpunit": ">=8.0.0,<10.0.0", + "squizlabs/php_codesniffer": "3.*" + }, + "suggest": { + "ext-bcmath": "bcmath or gmp is required for decoding larger integers with the pure PHP decoder", + "ext-gmp": "bcmath or gmp is required for decoding larger integers with the pure PHP decoder", + "ext-maxminddb": "A C-based database decoder that provides significantly faster lookups" + }, + "type": "library", + "autoload": { + "psr-4": { + "MaxMind\\Db\\": "src/MaxMind/Db" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "Apache-2.0" + ], + "authors": [ + { + "name": "Gregory J. Oschwald", + "email": "goschwald@maxmind.com", + "homepage": "https://www.maxmind.com/" + } + ], + "description": "MaxMind DB Reader API", + "homepage": "https://github.com/maxmind/MaxMind-DB-Reader-php", + "keywords": [ + "database", + "geoip", + "geoip2", + "geolocation", + "maxmind" + ], + "support": { + "issues": "https://github.com/maxmind/MaxMind-DB-Reader-php/issues", + "source": "https://github.com/maxmind/MaxMind-DB-Reader-php/tree/v1.11.1" + }, + "time": "2023-12-02T00:09:23+00:00" + }, + { + "name": "maxmind/web-service-common", + "version": "v0.9.0", + "source": { + "type": "git", + "url": "https://github.com/maxmind/web-service-common-php.git", + "reference": "4dc5a3e8df38aea4ca3b1096cee3a038094e9b53" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/maxmind/web-service-common-php/zipball/4dc5a3e8df38aea4ca3b1096cee3a038094e9b53", + "reference": "4dc5a3e8df38aea4ca3b1096cee3a038094e9b53", + "shasum": "" + }, + "require": { + "composer/ca-bundle": "^1.0.3", + "ext-curl": "*", + "ext-json": "*", + "php": ">=7.2" + }, + "require-dev": { + "friendsofphp/php-cs-fixer": "3.*", + "phpstan/phpstan": "*", + "phpunit/phpunit": "^8.0 || ^9.0", + "squizlabs/php_codesniffer": "3.*" + }, + "type": "library", + "autoload": { + "psr-4": { + "MaxMind\\Exception\\": "src/Exception", + "MaxMind\\WebService\\": "src/WebService" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "Apache-2.0" + ], + "authors": [ + { + "name": "Gregory Oschwald", + "email": "goschwald@maxmind.com" + } + ], + "description": "Internal MaxMind Web Service API", + "homepage": "https://github.com/maxmind/web-service-common-php", + "support": { + "issues": "https://github.com/maxmind/web-service-common-php/issues", + "source": "https://github.com/maxmind/web-service-common-php/tree/v0.9.0" + }, + "time": "2022-03-28T17:43:20+00:00" + }, { "name": "mck89/peast", "version": "v1.16.3", @@ -6888,6 +7473,179 @@ ], "time": "2024-04-02T17:27:29+00:00" }, + { + "name": "mlocati/ip-lib", + "version": "1.18.0", + "source": { + "type": "git", + "url": "https://github.com/mlocati/ip-lib.git", + "reference": "c77bd0b1f3e3956c7e9661e75cb1f54ed67d95d2" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/mlocati/ip-lib/zipball/c77bd0b1f3e3956c7e9661e75cb1f54ed67d95d2", + "reference": "c77bd0b1f3e3956c7e9661e75cb1f54ed67d95d2", + "shasum": "" + }, + "require": { + "php": ">=5.3.3" + }, + "require-dev": { + "ext-pdo_sqlite": "*", + "phpunit/phpunit": "^4.8 || ^5.7 || ^6.5 || ^7.5 || ^8.5 || ^9.5" + }, + "type": "library", + "autoload": { + "psr-4": { + "IPLib\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Michele Locati", + "email": "mlocati@gmail.com", + "homepage": "https://github.com/mlocati", + "role": "Author" + } + ], + "description": "Handle IPv4, IPv6 addresses and ranges", + "homepage": "https://github.com/mlocati/ip-lib", + "keywords": [ + "IP", + "address", + "addresses", + "ipv4", + "ipv6", + "manage", + "managing", + "matching", + "network", + "networking", + "range", + "subnet" + ], + "support": { + "issues": "https://github.com/mlocati/ip-lib/issues", + "source": "https://github.com/mlocati/ip-lib/tree/1.18.0" + }, + "funding": [ + { + "url": "https://github.com/sponsors/mlocati", + "type": "github" + }, + { + "url": "https://paypal.me/mlocati", + "type": "other" + } + ], + "time": "2022-01-13T18:05:33+00:00" + }, + { + "name": "monolog/monolog", + "version": "2.9.3", + "source": { + "type": "git", + "url": "https://github.com/Seldaek/monolog.git", + "reference": "a30bfe2e142720dfa990d0a7e573997f5d884215" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/Seldaek/monolog/zipball/a30bfe2e142720dfa990d0a7e573997f5d884215", + "reference": "a30bfe2e142720dfa990d0a7e573997f5d884215", + "shasum": "" + }, + "require": { + "php": ">=7.2", + "psr/log": "^1.0.1 || ^2.0 || ^3.0" + }, + "provide": { + "psr/log-implementation": "1.0.0 || 2.0.0 || 3.0.0" + }, + "require-dev": { + "aws/aws-sdk-php": "^2.4.9 || ^3.0", + "doctrine/couchdb": "~1.0@dev", + "elasticsearch/elasticsearch": "^7 || ^8", + "ext-json": "*", + "graylog2/gelf-php": "^1.4.2 || ^2@dev", + "guzzlehttp/guzzle": "^7.4", + "guzzlehttp/psr7": "^2.2", + "mongodb/mongodb": "^1.8", + "php-amqplib/php-amqplib": "~2.4 || ^3", + "phpspec/prophecy": "^1.15", + "phpstan/phpstan": "^1.10", + "phpunit/phpunit": "^8.5.38 || ^9.6.19", + "predis/predis": "^1.1 || ^2.0", + "rollbar/rollbar": "^1.3 || ^2 || ^3", + "ruflin/elastica": "^7", + "swiftmailer/swiftmailer": "^5.3|^6.0", + "symfony/mailer": "^5.4 || ^6", + "symfony/mime": "^5.4 || ^6" + }, + "suggest": { + "aws/aws-sdk-php": "Allow sending log messages to AWS services like DynamoDB", + "doctrine/couchdb": "Allow sending log messages to a CouchDB server", + "elasticsearch/elasticsearch": "Allow sending log messages to an Elasticsearch server via official client", + "ext-amqp": "Allow sending log messages to an AMQP server (1.0+ required)", + "ext-curl": "Required to send log messages using the IFTTTHandler, the LogglyHandler, the SendGridHandler, the SlackWebhookHandler or the TelegramBotHandler", + "ext-mbstring": "Allow to work properly with unicode symbols", + "ext-mongodb": "Allow sending log messages to a MongoDB server (via driver)", + "ext-openssl": "Required to send log messages using SSL", + "ext-sockets": "Allow sending log messages to a Syslog server (via UDP driver)", + "graylog2/gelf-php": "Allow sending log messages to a GrayLog2 server", + "mongodb/mongodb": "Allow sending log messages to a MongoDB server (via library)", + "php-amqplib/php-amqplib": "Allow sending log messages to an AMQP server using php-amqplib", + "rollbar/rollbar": "Allow sending log messages to Rollbar", + "ruflin/elastica": "Allow sending log messages to an Elastic Search server" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-main": "2.x-dev" + } + }, + "autoload": { + "psr-4": { + "Monolog\\": "src/Monolog" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Jordi Boggiano", + "email": "j.boggiano@seld.be", + "homepage": "https://seld.be" + } + ], + "description": "Sends your logs to files, sockets, inboxes, databases and various web services", + "homepage": "https://github.com/Seldaek/monolog", + "keywords": [ + "log", + "logging", + "psr-3" + ], + "support": { + "issues": "https://github.com/Seldaek/monolog/issues", + "source": "https://github.com/Seldaek/monolog/tree/2.9.3" + }, + "funding": [ + { + "url": "https://github.com/Seldaek", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/monolog/monolog", + "type": "tidelift" + } + ], + "time": "2024-04-12T20:52:51+00:00" + }, { "name": "nikic/php-parser", "version": "v5.3.1", @@ -8159,111 +8917,358 @@ } }, "autoload": { - "classmap": [ - "src/" - ] + "classmap": [ + "src/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Sebastian Bergmann", + "email": "sebastian@phpunit.de" + }, + { + "name": "Kore Nordmann", + "email": "mail@kore-nordmann.de" + } + ], + "description": "Diff implementation", + "homepage": "https://github.com/sebastianbergmann/diff", + "keywords": [ + "diff", + "udiff", + "unidiff", + "unified diff" + ], + "support": { + "issues": "https://github.com/sebastianbergmann/diff/issues", + "source": "https://github.com/sebastianbergmann/diff/tree/4.0.6" + }, + "funding": [ + { + "url": "https://github.com/sebastianbergmann", + "type": "github" + } + ], + "time": "2024-03-02T06:30:58+00:00" + }, + { + "name": "solarium/solarium", + "version": "6.3.5", + "source": { + "type": "git", + "url": "https://github.com/solariumphp/solarium.git", + "reference": "ae4ea592dc92d2be4dfd0a329f1ffbe3cbd01cf3" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/solariumphp/solarium/zipball/ae4ea592dc92d2be4dfd0a329f1ffbe3cbd01cf3", + "reference": "ae4ea592dc92d2be4dfd0a329f1ffbe3cbd01cf3", + "shasum": "" + }, + "require": { + "composer-runtime-api": ">=2.0", + "ext-json": "*", + "halaxa/json-machine": "^1.1", + "php": "^8.0", + "psr/event-dispatcher": "^1.0", + "psr/http-client": "^1.0", + "psr/http-factory": "^1.0", + "symfony/event-dispatcher-contracts": "^2.0 || ^3.0" + }, + "require-dev": { + "escapestudios/symfony2-coding-standard": "^3.11", + "ext-curl": "*", + "ext-iconv": "*", + "nyholm/psr7": "^1.8", + "php-http/guzzle7-adapter": "^1.0", + "phpstan/extension-installer": "^1.0", + "phpstan/phpstan": "^1.0", + "phpstan/phpstan-deprecation-rules": "^1.0", + "phpstan/phpstan-phpunit": "^1.0", + "phpunit/phpunit": "^9.6", + "rawr/phpunit-data-provider": "^3.3", + "roave/security-advisories": "dev-master", + "symfony/event-dispatcher": "^5.0 || ^6.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Solarium\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "See GitHub contributors", + "homepage": "https://github.com/solariumphp/solarium/contributors" + } + ], + "description": "PHP Solr client", + "homepage": "http://www.solarium-project.org", + "keywords": [ + "php", + "search", + "solr" + ], + "support": { + "issues": "https://github.com/solariumphp/solarium/issues", + "source": "https://github.com/solariumphp/solarium/tree/6.3.5" + }, + "time": "2024-01-10T08:36:53+00:00" + }, + { + "name": "symfony/cache", + "version": "v6.4.12", + "source": { + "type": "git", + "url": "https://github.com/symfony/cache.git", + "reference": "a463451b7f6ac4a47b98dbfc78ec2d3560c759d8" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/cache/zipball/a463451b7f6ac4a47b98dbfc78ec2d3560c759d8", + "reference": "a463451b7f6ac4a47b98dbfc78ec2d3560c759d8", + "shasum": "" + }, + "require": { + "php": ">=8.1", + "psr/cache": "^2.0|^3.0", + "psr/log": "^1.1|^2|^3", + "symfony/cache-contracts": "^2.5|^3", + "symfony/service-contracts": "^2.5|^3", + "symfony/var-exporter": "^6.3.6|^7.0" + }, + "conflict": { + "doctrine/dbal": "<2.13.1", + "symfony/dependency-injection": "<5.4", + "symfony/http-kernel": "<5.4", + "symfony/var-dumper": "<5.4" + }, + "provide": { + "psr/cache-implementation": "2.0|3.0", + "psr/simple-cache-implementation": "1.0|2.0|3.0", + "symfony/cache-implementation": "1.1|2.0|3.0" + }, + "require-dev": { + "cache/integration-tests": "dev-master", + "doctrine/dbal": "^2.13.1|^3|^4", + "predis/predis": "^1.1|^2.0", + "psr/simple-cache": "^1.0|^2.0|^3.0", + "symfony/config": "^5.4|^6.0|^7.0", + "symfony/dependency-injection": "^5.4|^6.0|^7.0", + "symfony/filesystem": "^5.4|^6.0|^7.0", + "symfony/http-kernel": "^5.4|^6.0|^7.0", + "symfony/messenger": "^5.4|^6.0|^7.0", + "symfony/var-dumper": "^5.4|^6.0|^7.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Symfony\\Component\\Cache\\": "" + }, + "classmap": [ + "Traits/ValueWrapper.php" + ], + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Provides extended PSR-6, PSR-16 (and tags) implementations", + "homepage": "https://symfony.com", + "keywords": [ + "caching", + "psr6" + ], + "support": { + "source": "https://github.com/symfony/cache/tree/v6.4.12" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-09-16T16:01:33+00:00" + }, + { + "name": "symfony/cache-contracts", + "version": "v3.5.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/cache-contracts.git", + "reference": "df6a1a44c890faded49a5fca33c2d5c5fd3c2197" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/cache-contracts/zipball/df6a1a44c890faded49a5fca33c2d5c5fd3c2197", + "reference": "df6a1a44c890faded49a5fca33c2d5c5fd3c2197", + "shasum": "" + }, + "require": { + "php": ">=8.1", + "psr/cache": "^3.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-main": "3.5-dev" + }, + "thanks": { + "name": "symfony/contracts", + "url": "https://github.com/symfony/contracts" + } + }, + "autoload": { + "psr-4": { + "Symfony\\Contracts\\Cache\\": "" + } }, "notification-url": "https://packagist.org/downloads/", "license": [ - "BSD-3-Clause" + "MIT" ], "authors": [ { - "name": "Sebastian Bergmann", - "email": "sebastian@phpunit.de" + "name": "Nicolas Grekas", + "email": "p@tchwork.com" }, { - "name": "Kore Nordmann", - "email": "mail@kore-nordmann.de" + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" } ], - "description": "Diff implementation", - "homepage": "https://github.com/sebastianbergmann/diff", + "description": "Generic abstractions related to caching", + "homepage": "https://symfony.com", "keywords": [ - "diff", - "udiff", - "unidiff", - "unified diff" + "abstractions", + "contracts", + "decoupling", + "interfaces", + "interoperability", + "standards" ], "support": { - "issues": "https://github.com/sebastianbergmann/diff/issues", - "source": "https://github.com/sebastianbergmann/diff/tree/4.0.6" + "source": "https://github.com/symfony/cache-contracts/tree/v3.5.0" }, "funding": [ { - "url": "https://github.com/sebastianbergmann", + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" } ], - "time": "2024-03-02T06:30:58+00:00" + "time": "2024-04-18T09:32:20+00:00" }, { - "name": "solarium/solarium", - "version": "6.3.5", + "name": "symfony/config", + "version": "v6.4.8", "source": { "type": "git", - "url": "https://github.com/solariumphp/solarium.git", - "reference": "ae4ea592dc92d2be4dfd0a329f1ffbe3cbd01cf3" + "url": "https://github.com/symfony/config.git", + "reference": "12e7e52515ce37191b193cf3365903c4f3951e35" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/solariumphp/solarium/zipball/ae4ea592dc92d2be4dfd0a329f1ffbe3cbd01cf3", - "reference": "ae4ea592dc92d2be4dfd0a329f1ffbe3cbd01cf3", + "url": "https://api.github.com/repos/symfony/config/zipball/12e7e52515ce37191b193cf3365903c4f3951e35", + "reference": "12e7e52515ce37191b193cf3365903c4f3951e35", "shasum": "" }, "require": { - "composer-runtime-api": ">=2.0", - "ext-json": "*", - "halaxa/json-machine": "^1.1", - "php": "^8.0", - "psr/event-dispatcher": "^1.0", - "psr/http-client": "^1.0", - "psr/http-factory": "^1.0", - "symfony/event-dispatcher-contracts": "^2.0 || ^3.0" + "php": ">=8.1", + "symfony/deprecation-contracts": "^2.5|^3", + "symfony/filesystem": "^5.4|^6.0|^7.0", + "symfony/polyfill-ctype": "~1.8" + }, + "conflict": { + "symfony/finder": "<5.4", + "symfony/service-contracts": "<2.5" }, "require-dev": { - "escapestudios/symfony2-coding-standard": "^3.11", - "ext-curl": "*", - "ext-iconv": "*", - "nyholm/psr7": "^1.8", - "php-http/guzzle7-adapter": "^1.0", - "phpstan/extension-installer": "^1.0", - "phpstan/phpstan": "^1.0", - "phpstan/phpstan-deprecation-rules": "^1.0", - "phpstan/phpstan-phpunit": "^1.0", - "phpunit/phpunit": "^9.6", - "rawr/phpunit-data-provider": "^3.3", - "roave/security-advisories": "dev-master", - "symfony/event-dispatcher": "^5.0 || ^6.0" + "symfony/event-dispatcher": "^5.4|^6.0|^7.0", + "symfony/finder": "^5.4|^6.0|^7.0", + "symfony/messenger": "^5.4|^6.0|^7.0", + "symfony/service-contracts": "^2.5|^3", + "symfony/yaml": "^5.4|^6.0|^7.0" }, "type": "library", "autoload": { "psr-4": { - "Solarium\\": "src/" - } + "Symfony\\Component\\Config\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] }, "notification-url": "https://packagist.org/downloads/", "license": [ - "BSD-3-Clause" + "MIT" ], "authors": [ { - "name": "See GitHub contributors", - "homepage": "https://github.com/solariumphp/solarium/contributors" + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" } ], - "description": "PHP Solr client", - "homepage": "http://www.solarium-project.org", - "keywords": [ - "php", - "search", - "solr" - ], + "description": "Helps you find, load, combine, autofill and validate configuration values of any kind", + "homepage": "https://symfony.com", "support": { - "issues": "https://github.com/solariumphp/solarium/issues", - "source": "https://github.com/solariumphp/solarium/tree/6.3.5" + "source": "https://github.com/symfony/config/tree/v6.4.8" }, - "time": "2024-01-10T08:36:53+00:00" + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-05-31T14:49:08+00:00" }, { "name": "symfony/console", @@ -10072,6 +11077,85 @@ ], "time": "2024-01-29T20:11:03+00:00" }, + { + "name": "symfony/polyfill-uuid", + "version": "v1.31.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-uuid.git", + "reference": "21533be36c24be3f4b1669c4725c7d1d2bab4ae2" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-uuid/zipball/21533be36c24be3f4b1669c4725c7d1d2bab4ae2", + "reference": "21533be36c24be3f4b1669c4725c7d1d2bab4ae2", + "shasum": "" + }, + "require": { + "php": ">=7.2" + }, + "provide": { + "ext-uuid": "*" + }, + "suggest": { + "ext-uuid": "For best performance" + }, + "type": "library", + "extra": { + "thanks": { + "name": "symfony/polyfill", + "url": "https://github.com/symfony/polyfill" + } + }, + "autoload": { + "files": [ + "bootstrap.php" + ], + "psr-4": { + "Symfony\\Polyfill\\Uuid\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Grégoire Pineau", + "email": "lyrixx@lyrixx.info" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill for uuid functions", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "polyfill", + "portable", + "uuid" + ], + "support": { + "source": "https://github.com/symfony/polyfill-uuid/tree/v1.31.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-09-09T11:45:10+00:00" + }, { "name": "symfony/process", "version": "v6.4.12", @@ -10644,6 +11728,80 @@ ], "time": "2024-04-18T09:32:20+00:00" }, + { + "name": "symfony/uid", + "version": "v6.4.12", + "source": { + "type": "git", + "url": "https://github.com/symfony/uid.git", + "reference": "2f16054e0a9b194b8ca581d4a64eee3f7d4a9d4d" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/uid/zipball/2f16054e0a9b194b8ca581d4a64eee3f7d4a9d4d", + "reference": "2f16054e0a9b194b8ca581d4a64eee3f7d4a9d4d", + "shasum": "" + }, + "require": { + "php": ">=8.1", + "symfony/polyfill-uuid": "^1.15" + }, + "require-dev": { + "symfony/console": "^5.4|^6.0|^7.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Symfony\\Component\\Uid\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Grégoire Pineau", + "email": "lyrixx@lyrixx.info" + }, + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Provides an object-oriented API to generate and represent UIDs", + "homepage": "https://symfony.com", + "keywords": [ + "UID", + "ulid", + "uuid" + ], + "support": { + "source": "https://github.com/symfony/uid/tree/v6.4.12" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-09-20T08:32:26+00:00" + }, { "name": "symfony/validator", "version": "v6.4.12", diff --git a/config/sync/core.extension.yml b/config/sync/core.extension.yml index f0e534322..258c9e7c7 100644 --- a/config/sync/core.extension.yml +++ b/config/sync/core.extension.yml @@ -1,6 +1,7 @@ _core: default_config_hash: R4IF-ClDHXxblLcG0L7MgsLvfBIMAvi_skumNFQwkDc module: + ban: 0 big_pipe: 0 block: 0 block_content: 0 @@ -15,6 +16,7 @@ module: content_moderation: 0 contextual: 0 crop: 0 + crowdsec: 0 datetime: 0 dblog: 0 dynamic_page_cache: 0 diff --git a/config/sync/crowdsec.settings.yml b/config/sync/crowdsec.settings.yml new file mode 100644 index 000000000..900658b70 --- /dev/null +++ b/config/sync/crowdsec.settings.yml @@ -0,0 +1,29 @@ +_core: + default_config_hash: HUXhJzgWiujd9gs4ATeqsfufuPTpEEdH9uvEe89a41s +log_level: 6 +env: dev +api_timeout: 120 +signal_scenarios: + - drupal/core-ban + - drupal/auth-bruteforce + - drupal/4xx-scan +scenarios: + - drupal/core-ban + - drupal/auth-bruteforce + - drupal/4xx-scan + - crowdsecurity/http-backdoors-attempts + - crowdsecurity/http-bad-user-agent + - crowdsecurity/http-crawl-non_statics + - crowdsecurity/http-probing + - crowdsecurity/http-path-traversal-probing + - crowdsecurity/http-sensitive-files + - crowdsecurity/http-sqli-probing + - crowdsecurity/http-xss-probing + - crowdsecurity/http-w00tw00t + - crowdsecurity/http-generic-bf + - crowdsecurity/http-open-proxy +whisper: + enable: 1 + leak_speed: 10 + bucket_capacity: 10 + ban_duration: 3600 diff --git a/config/sync/ultimate_cron.job.crowdsec_cron.yml b/config/sync/ultimate_cron.job.crowdsec_cron.yml new file mode 100644 index 000000000..253899d6f --- /dev/null +++ b/config/sync/ultimate_cron.job.crowdsec_cron.yml @@ -0,0 +1,17 @@ +uuid: f3fbc19e-792d-4a54-951e-2377006f88b0 +langcode: en +status: true +dependencies: + module: + - crowdsec +title: 'Default cron handler' +id: crowdsec_cron +weight: 0 +module: crowdsec +callback: crowdsec_cron +scheduler: + id: simple +launcher: + id: serial +logger: + id: database diff --git a/web/sites/default/settings.pantheon.php b/web/sites/default/settings.pantheon.php index 1af3622ef..9f07289eb 100644 --- a/web/sites/default/settings.pantheon.php +++ b/web/sites/default/settings.pantheon.php @@ -92,6 +92,8 @@ $config['environment_indicator.indicator']['fg_color'] = '#ffffff'; $config['tfa.settings']['enabled'] = TRUE; + + $config['crowdsec.settings']['env'] = 'prod'; break; default: