Requirements Website: https://picoclaw.io/ GitHub: https://github.com/sipeed/picoclaw Usage, skills and context Installation Headless with an incus VM (Debian) Headless with an incus VM (NetBSD) Full right on VM with Gemini and Gemma LLM. All buildin skills. Third party Skills ntfy-notification security-audit Usage sysadmin security audit monitoring
Scénario filtrant les user agents type: trigger name: eck/http-ua-old-403-404 description: "Bloque les User-Agent Chrome < 100 qui génèrent des 403 ou 404" debug: false filter: | evt.Meta.log_type in ["http_access-log"] && evt.Meta.http_status in ["403", "404","499", "500", "502", "200", "206", "503"] && ( evt.Meta.http_user_agent matches '(Chrome|Firefox|CriOS)/([1-9]|[1-9][0-9])\\.' || evt.Meta.http_user_agent matches 'Opera/([1-9]|[1-6][0-9])\\.' || evt.Meta.http_user_agent matches 'MSIE/[1-9]\\.' || evt.Meta.http_user_agent matches 'Trident/[1-5]\\.[0-1]' ) groupby: evt.Meta.source_ip labels: confidence: 3 spoofable: 0 classification: "attack.T1595" behavior: "http:scan" label: "Old Chrome/Firefox UA 403/404 Scan" service: nginx type: nginx remediation: true
Nouveau kimsufi On passe d’un atom à 4 Go de RAM à un Xeon de 8 Threads et 32 Go On change un peu la stack technique avec incus et/ou podman en fonction des services. Les arborescences sont identiques et on déplace tout les services : mail (postfix, dovecot, rspamd, opendkim) xmpp (prosody) web (rss,static,tooling) db (postgresql) ci/cd (gitea, drone) backup (restic, minio) wordpress/woocommerce pour une copine