Installing Crowdsec on my hacking rig. How to block unwanted connections. Like bruteforce attacks on ssh. @Crowd_Security @DanielMiessler #hacker #bruteforce #ssh #cybersecurity #Security

I was reading on Daniel Miessler website and got really excited about his article about replacement to fail2ban. https://danielmiessler.com/study/crowdsec/?mc_cid=970356fcef&mc_eid=fa6207cba8 ).

Please subscribe to his newsletter, really nice reading. Daniel explains this application in detail and I want to show how I did the installation on my machines. Some difference are there. I wont say it will replace fail2ban but it looks really nice. I have not done any deep tests here just install the application and configure a webinterface for crowdsec.

Here are the manual from crowdsec
https://doc.crowdsec.net/

Lets start deploy this!

First we download the installation

curl -s https://api.github.com/repos/crowdsecurity/crowdsec/releases/latest | grep browser_download_url| cut -d '"' -f 4  | wget -i -

Then we unpack the application

tar xvzf crowdsec-release.tgz

Then we start the installation

cd crowdsec-v*
sudo ./wizard.sh -i

The first screen, we want to monitor active services.

Then we choose what log files to look for ssh

Where to look for linux log files.

Then we choose our collection

Then the installation are done

Now we have some cli commands that we can run for example

cscli metrics

We also want a webpage that we access instead of cli. For that we need docker. So if you have that installed already skip the docker installation

Command to run

apt-get install docker.io

Then we install metabase with cscli command. If you want to access this webpage outside 127.0.0.1 you need to specify -l 0.0.0.0 else this will only be accessible on localhost.

cscli dashboard setup -l 0.0.0.0 -p 3000

Login in and change login name and password!

Click on the Account settings

Change First name and last name and email to your choosing. Then click password and change that also.

Go back to Crowdsec page

No traffic to this machine, closed environment….

Try this for yourself to see if it is anything for you!

Have a nice day!

2 Comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.