crowdsec_setup
Packages
apt-get install bash gettext whiptail curl wget
Install
curl -s https://api.github.com/repos/crowdsecurity/crowdsec/releases/latest | grep browser_download_url| cut -d '"' -f 4 | wget -i - tar xvzf crowdsec-release.tgz cd crowdsec-v* ./wizard.sh -i
Basic packages you may wanna install/enable
https://hub.crowdsec.net/author/crowdsecurity/collections/sshd
https://hub.crowdsec.net/author/crowdsecurity/collections/iptables
Basic Bouncer you may wanna install
https://hub.crowdsec.net/author/crowdsecurity/bouncers/cs-netfilter-blocker
wget https://github.com/crowdsecurity/cs-netfilter-blocker/releases/download/v0.1.0/cs-netfilter-blocker.tgz tar xzvf cs-netfilter-blocker.tgz cd cs-netfilter-blocker-v* ./install.sh systemctl status netfilter-blocker
Optional scenarios
Bans a range if more than 5 ips from said range are banned.
https://hub.crowdsec.net/author/crowdsecurity/configurations/ban-defcon-drop_range
cscli install scenario crowdsecurity/ban-defcon-drop_range
Count the number of unique ips that performed ssh_bruteforces
https://hub.crowdsec.net/author/crowdsecurity/configurations/ban-report-ssh_bf_report
cscli install scenario crowdsecurity/ban-report-ssh_bf_report
Check Ban's
cscli ban list #or cat /var/log/netfilter-blocker.log
Dashboard
Needs Docker
cscli dashboard setup
Dashboard Reset Password
cscli dashboard setup -f
Dashboard Removal
cscli dashboard stop docker ps -a docker rm CONTAINER ID
crowdsec_setup.txt · Last modified: 2021/11/25 22:42 by 127.0.0.1