app-store/apps/crowdsec/metadata/description.md

105 lines
2.9 KiB
Markdown
Raw Normal View History

2024-04-30 08:41:32 +00:00
# Crowdsec
CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI
CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), it uses Grok patterns to parse logs and YAML scenarios to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM-based infrastructures (by decoupling detection and remediation). Once detected you can remedy threats with various bouncers (firewall block, nginx http 403, Captchas, etc.) while the aggressive IP can be sent to CrowdSec for curation before being shared among all users to further improve everyone's security. See FAQ or read below for more.
## App Links
<https://www.crowdsec.net/>
<https://github.com/crowdsecurity/crowdsec>
<https://hub.docker.com/r/crowdsecurity/crowdsec>
## Bouncer API Key
The app stack contains the crowdsec service and a bouncer. The bouncer needs an API Key to connect to the service.
Since the API Key needs to be generated after the initial start, you must provide a temporary dummy Bouncer API Key for the stack to run.
2024-04-30 09:23:13 +00:00
After you started the app, head to a console and use
2024-04-30 10:32:11 +00:00
```bash
docker exec -t crowdsec cscli bouncers add crowdsec-bouncer-traefik
```
2024-04-30 09:23:13 +00:00
```bash
# docker exec -t crowdsec cscli bouncers add crowdsec-bouncer-traefik
API key for 'crowdsec-bouncer-traefik':
djC0YxRO3xzKG1mctemSzaUfs2yj4vG7cQ7fliTOJR0
Please keep this key since you will not be able to retrieve it!
```
to get the Bouncer API Key. Use this Key in the settings of the app instead of dummy Bouncer API Key and restart the app.
2024-04-30 08:41:32 +00:00
2024-04-30 12:21:45 +00:00
check for metrics with:
## Check Metrics
```bash
docker exec crowdsec cscli metrics
```
## Integrate in crowdsec Console
https://app.crowdsec.net/security-engines
2024-04-30 12:42:53 +00:00
With the key from the command line in the section `Enroll your CrowdSec Security Engine`execute:
2024-04-30 12:21:45 +00:00
```bash
2024-04-30 12:42:53 +00:00
docker exec crowdsec cscli console enroll {{ KEY }}
2024-04-30 12:21:45 +00:00
```
2024-04-30 12:42:53 +00:00
## Dashboard
The dashboard comes with a preconfigured user:
Email address: crowdsec@crowdsec.net
Password: !!Cr0wdS3c_M3t4b4s3??
2024-04-30 08:41:32 +00:00
## Traefik Integration
add the following files and / or settings:
- tipi-compose.yml
```yml
services:
runtipi-reverse-proxy:
volumes:
- /var/log/traefik/:/var/log/
```
- traefik.yml
```yml
entryPoints:
websecure:
http:
middlewares:
- crowdsec-bouncer@file
2024-04-30 12:21:45 +00:00
log:
filePath: "/var/log/traefik.log"
level: INFO
accessLog:
filePath: "/var/log/access.log"
bufferingSize: 100
2024-04-30 08:41:32 +00:00
```
- dynamic.yml
```yml
http:
middlewares:
crowdsec-bouncer:
forwardauth:
address: http://crowdsec-bouncer-traefik:8080/api/v1/forwardAuth
trustForwardHeader: true
```
restart runtipi to apply the settings.