iconBjarne Verschorre

../guide-to-crowdsec.md

What is Crowdsec?

Crowdsec is an open-source, lightweight software, detecting peers with aggressive behaviors to prevent them from accessing your systems. Its user-friendly design and assistance offer a low technical barrier of entry and nevertheless a high security gain.

Crowdsec

In short, Crowdsec is a tool that looks for aggressive behavior in logs and blocks the IP addresses of the offending peers. It then shares this information with other Crowdsec users automatically in order to improve the detection of aggressive behavior.

You can add Remediation Components to Crowdsec to block the offending IP addresses.

Installation

I’ll assume you’re using Ubuntu 24.04. If you’re using a different distribution, you can find the installation instructions here.

This will install the repository and the Crowdsec application.

curl -s https://install.crowdsec.net | sudo sh
sudo apt install crowdsec

Remediating Components

Since Ubuntu 24.04 still uses iptables, we can use the iptables(8) bouncer. You can install it with the following command:

sudo apt install crowdsec-firewall-bouncer-iptables

For more information, check out the documentation.

Crowdsec CLI

Run the following command for more information on the Crowdsec CLI:

sudo cscli

To check if anyone is currently blocked, run:

sudo cscli decisions list

To unblock an IP address, run:

sudo cscli decisions delete --id <id>

Console

Crowdsec does allow you to view your setup through a dashboard on their website free of charge.

  1. Create an account on https://app.crowdsec.net/.
  2. Add your server by going to https://app.crowdsec.net/security-engines
  3. Run the following command to link your server to your account:
sudo cscli console enroll -e context <token>
sudo systemctl restart crowdsec

References

← Creating a Vanity Onion Url Port Forwarding Proton VPN Script →