CrowdSec is an open-source and lightweight software that allows you to detect peers with malevolent behaviors and block them from accessing your systems at various levels (infrastructural, system, applicative). CrowdSec bouncers are standalone software pieces in charge of acting upon a decision taken by crowdsec : block an IP, present a captcha, enforce MFA on a given user, etc.
Install theAUR packages, and CrowdSec firewall bouncer AUR.
Enroll your CrowdSec instance to Crowdsec console:
# cscli console enroll your_enroll_key
You can get your key from here.
Lists installed parsers, scenarios and collections:
# cscli hub list
Parsers parse string from logs or previous parsers.
# cscli parsers install crowdsecurity/sshd-logs
Scenarios receive events and can detect attacks and produce alerts.
# cscli scenarios install crowdsecurity/ssh-slow-bf
Collections are bundle of parsers, scenarios, postoverflows. Install
# cscli collections install crowdsecurity/whitelist-good-actors
Update installed parsers, scenarios and collections:
# cscli hub update # cscli hub upgrade
List active decisions:
# cscli decisions list
Manually add a decision (ban):
# cscli decisions add --ip 126.96.36.199 --duration 24h --reason "web bruteforce"
Remove a decision:
# cscli decisions delete --ip 188.8.131.52
List past alerts:
# cscli alerts list --since 1h
Alerts will include expired or deleted decisions.