User Tools

Site Tools


crowdsec_setup

Packages

apt-get install bash gettext whiptail curl wget

Install

curl -s https://api.github.com/repos/crowdsecurity/crowdsec/releases/latest | grep browser_download_url|    cut -d '"' -f 4  | wget -i -
tar xvzf crowdsec-release.tgz
cd crowdsec-v*
./wizard.sh -i

Basic packages you may wanna install/enable
https://hub.crowdsec.net/author/crowdsecurity/collections/sshd
https://hub.crowdsec.net/author/crowdsecurity/collections/iptables

Basic Bouncer you may wanna install
https://hub.crowdsec.net/author/crowdsecurity/bouncers/cs-netfilter-blocker

wget https://github.com/crowdsecurity/cs-netfilter-blocker/releases/download/v0.1.0/cs-netfilter-blocker.tgz
tar xzvf cs-netfilter-blocker.tgz
cd cs-netfilter-blocker-v*
./install.sh
systemctl status netfilter-blocker

Optional scenarios
Bans a range if more than 5 ips from said range are banned.
https://hub.crowdsec.net/author/crowdsecurity/configurations/ban-defcon-drop_range

cscli install scenario crowdsecurity/ban-defcon-drop_range

Count the number of unique ips that performed ssh_bruteforces
https://hub.crowdsec.net/author/crowdsecurity/configurations/ban-report-ssh_bf_report

cscli install scenario crowdsecurity/ban-report-ssh_bf_report

Check Ban's

cscli ban list 
#or
cat /var/log/netfilter-blocker.log

Dashboard
Needs Docker

cscli dashboard setup

Dashboard Reset Password

cscli dashboard setup -f

Dashboard Removal

cscli dashboard stop
docker ps -a
docker rm CONTAINER ID
crowdsec_setup.txt · Last modified: 2020/11/16 10:43 by neoon