tipi/app-store
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c997cde18f
app-store/apps/crowdsec/metadata/description.md
falkheiland c997cde18f
Update apps/crowdsec/metadata/description.md 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
2024-05-02 10:31:45 +02:00

3.0 KiB
Raw Blame History

CrowdSec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI

CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), it uses Grok patterns to parse logs and YAML scenarios to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM-based infrastructures (by decoupling detection and remediation). Once detected you can remedy threats with various bouncers (firewall block, nginx http 403, Captchas, etc.) while the aggressive IP can be sent to CrowdSec for curation before being shared among all users to further improve everyone's security. See FAQ or read below for more.

App Links

https://www.crowdsec.net/

https://github.com/crowdsecurity/crowdsec

https://hub.docker.com/r/crowdsecurity/crowdsec

Bouncer API Key

The app stack contains the crowdsec service and a bouncer. The bouncer needs an API Key to connect to the service. Since the API Key needs to be generated after the initial start, you must provide a temporary dummy Bouncer API Key for the stack to run.

After you started the app, head to a console and use

docker exec -t crowdsec cscli bouncers add crowdsec-bouncer-traefik

# docker exec -t crowdsec cscli bouncers add crowdsec-bouncer-traefik
API key for 'crowdsec-bouncer-traefik':

   djC0YxRO3xzKG1mctemSzaUfs2yj4vG7cQ7fliTOJR0

Please keep this key since you will not be able to retrieve it!

To get the Bouncer API Key, use this Key in the settings of the app instead of the dummy Bouncer API Key and restart the app. to get the Bouncer API Key. Use this Key in the settings of the app instead of dummy Bouncer API Key and restart the app.

Check Metrics

docker exec crowdsec cscli metrics

Integrate in crowdsec Console

https://app.crowdsec.net/security-engines

With the key from the command line in the section Enroll your CrowdSec Security Engineexecute:

docker exec crowdsec cscli console enroll {{ KEY }}

Dashboard

The dashboard comes with a preconfigured user:

Email address: crowdsec@crowdsec.net

Password: !!Cr0wdS3c_M3t4b4s3??

Traefik Integration

add the following files and / or settings:

  • tipi-compose.yml

    services:
  runtipi-reverse-proxy:
    volumes:
      - /var/log/traefik/:/var/log/

  • traefik.yml

    entryPoints:
  websecure:
    http:
      middlewares:
        - crowdsec-bouncer@file
log:
  filePath: "/var/log/traefik.log"
  level: INFO

accessLog:
  filePath: "/var/log/access.log"
  bufferingSize: 100

  • dynamic.yml

    http:
  middlewares:
    crowdsec-bouncer:
      forwardauth:
        address: http://crowdsec-bouncer-traefik:8080/api/v1/forwardAuth
        trustForwardHeader: true

restart runtipi to apply the settings.