I was reading on Daniel Miessler website and got really excited about his article about replacement to fail2ban. https://danielmiessler.com/study/crowdsec/?mc_cid=970356fcef&mc_eid=fa6207cba8 ).
Please subscribe to his newsletter, really nice reading. Daniel explains this application in detail and I want to show how I did the installation on my machines. Some difference are there. I wont say it will replace fail2ban but it looks really nice. I have not done any deep tests here just install the application and configure a webinterface for crowdsec.
Here are the manual from crowdsec
Lets start deploy this!
First we download the installation
curl -s https://api.github.com/repos/crowdsecurity/crowdsec/releases/latest | grep browser_download_url| cut -d '"' -f 4 | wget -i -
Then we unpack the application
tar xvzf crowdsec-release.tgz
Then we start the installation
cd crowdsec-v* sudo ./wizard.sh -i
The first screen, we want to monitor active services.
Then we choose what log files to look for ssh
Where to look for linux log files.
Then we choose our collection
Then the installation are done
Now we have some cli commands that we can run for example
We also want a webpage that we access instead of cli. For that we need docker. So if you have that installed already skip the docker installation
Command to run
apt-get install docker.io
Then we install metabase with cscli command. If you want to access this webpage outside 127.0.0.1 you need to specify -l 0.0.0.0 else this will only be accessible on localhost.
cscli dashboard setup -l 0.0.0.0 -p 3000
Login in and change login name and password!
Click on the Account settings
Change First name and last name and email to your choosing. Then click password and change that also.
Go back to Crowdsec page
No traffic to this machine, closed environment….
Try this for yourself to see if it is anything for you!
Have a nice day!