Este post também está disponível em:
CrowdSec is a new security project designed to protect virtual servers(VPS, CLOUD), dedicated servers, exposed on the Internet. CrowdSec installs an agent on the server that analyzes the logs of various applications looking for intrusion attempts. Depending on the configuration these IPs are blocked by the bounce on the server and sent to the Crowdsec network that analyzes and redistributes these IPs creating an increasingly secure and updated network. Crowdsec was inspired by Fail2Ban and aims to be a collaborative and modernized version of this intrusion prevention framework.
In Hub we found
Collections: they are packages of analyzers, scenarios, post-overflows that form a coherent set.
Configurations: are the settings that will detect the types of threats.
Bouncers: are plugins that block ips according to crowdsec “decisions” (BAN, CAPTCHA…) There are several types of integration such as iptables (default), cloudflare firewall, wordpress plugin, magento, windows server firewall and many others.
In this post we will install Crowdsec with “crowdsec-firewall-bouncer-iptables” bouncer.
install the agent
Debian / Ubuntu
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash apt-get install crowdsec systemctl enable crowdsec systemctl start crowdsec
RHEL / CentOS / Amazon Linux
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash yum install crowdsec systemctl enable crowdsec systemctl start crowdsec
Install Bouncer
Debian / Ubuntu
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash apt install crowdsec-firewall-bouncer-iptables systemctl enable crowdsec-firewall-bouncer systemctl start crowdsec-firewall-bouncer
RHEL / CentOS / Amazon Linux
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash yum install crowdsec-firewall-bouncer-iptables systemctl enable crowdsec-firewall-bouncer systemctl start crowdsec-firewall-bouncer
When installing crowdsec, “collections” of some systems that you have on your server are already pre-configured.
Run the following command and see which collections have been installed
cscli collections list
You will see something similar:
You will be able to install new collections, configurations or bouncers according to your needs through the website Hub do Crowdsec
This is one of the tools we use on our customers’ servers. Server management.
Any questions? leave it in the comments…