« Previous 1 2
CrowdSec crowd security service
Strength in Numbers
Instances and Bouncers
Once the local CrowdSec instance is configured, you can connect it to the service by typing something like:
cscli console enroll cl5zgf4qs00 030wjqmvrt7s30
The web console must be running on the computer, and you need to be authenticated. After that, you will see that instance under Instances in the web interface. Clicking Accept adds it to the interface. From this moment on you can see the status of the server. Security information about the connected server can be obtained with Alerts , and Activity shows the last actions you have performed (e.g., to which servers you connected).
Bouncers block the attacks detected by CrowedSec. You must install these on the server. With Windows, for example, the bouncer for Windows Firewall manages and automatically updates rules for blocking suspicious IP addresses. Windows also requires the .NET6 framework. The full installation files are on the GitHub page [3]. The bouncer configuration is described in more detail online [4].
Conclusions
Cybercriminals often act as a group. One way of combating attackers is to join a community yourself and leverage the information gathered by all of its members. Systems such as CrowdSec support most Linux distributions and Windows. As shown here, however, some manual reconfiguration work is required.
Infos
- CrowdSec: https://www.crowdsec.net
- CrowdSec agents on GitHub: https://github.com/crowdsecurity/crowdsec
- Windows Firewall bouncer: https://github.com/crowdsecurity/cs-windows-firewall-bouncer/releases
- CrowdSec on Windows: https://docs.crowdsec.net/docs/getting_started/install_windows/
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.