r/CrowdSec

Acquisition from database tables

I thought this was going to be something reasonable I could do out-of-the-box but there doesn't seem to be any direct way for parsers to use databases as their data sources which has taken me into a rabbit hole of "how do I get database tables into files so that they can be monitored by crowdsec?" I considered scheduled exports to file but this seems to have too high a latency for security monitoring for comfort. I'm now toying with triggers but it looks messy as well, so well, community, how would you approach this?

Scenario is we have a product that logs useful things like failed login attempts to a database table (stored in MariaDB) and we want to monitor that with crowdsec.

reddit.com
u/Careful_Turnip1432 — 5 days ago

CrowdSec Installed but Showing No Decisions? Here's Why That's Normal

CrowdSec Installed but Showing No Decisions? Here's Why That's Normal

When I first fired up CrowdSec, I thought to myself, "Amazing! Job's done! No script kiddies or scanners are gettin' in here now".... I spent an hour last week staring at an empty log file, convinced I had broken my server somehow while working on something else!

Like me, if you installed CrowdSec, and ran:

cscli decisions list …and got: No active decisions

Naturally, your first thought is: Did CrowdSec fail? In most cases, no. This usually means CrowdSec is working exactly as intended!

>📡 If you haven’t installed CrowdSec yet, start with my complete CrowdSec deployment guide inside the Digital Castle stack.

As you probably know, unlike Fail2Ban, CrowdSec blocks many attackers preemptively using community intelligence, so your local decision list may stay empty even while your server is actively protected.

In this guide, you'll learn how to verify CrowdSec is functioning correctly by checking:

  • downloaded community decisions
  • active metrics
  • blocked attack attempts
  • alert history
  • whitelist configuration

All via CLI and also with CrowdSec WebGui!

Head on over to my CrowdSec deep-dive walk-through to begin your verification.

Disclaimer: Written, screen-shotted and tested/used by me. There are NO ads of any kind on this page nor affiliate links. Just sharing info & love for CrowdSec!

Edit: Title got mangled by Reddit some how upon posting? I slapped it above.

corelab.tech
u/corelabjoe — 5 days ago

Looking for Feedback on CrowdSec Integration in Jabali Panel

Hey everyone,

I’m working on Jabali Panel, a GPL open-source web hosting control panel, and CrowdSec is one of the main security layers behind it.

CrowdSec integration is a big part of the project, so I’d really love feedback from people here.

Please take a look at the images and tell me what do you think a good GUI around CrowdSec should add/change?

The project is still in development, but it’s already being used, and the community is slowly growing. I’m now looking for testers and early users who want to try it, give feedback, report bugs, and help shape the direction.

Jabali also supports Docker now, so it can be used not only as a normal web hosting panel, but also as a Docker proxy server, stand alone mail server or DDNS & DNS server and more.

Check it out:

GitHub: https://github.com/shukiv/jabali-panel
Demo: https://demo.jabali-panel.com

Thanks!

u/apunker — 7 days ago

Implementing into my homelab

Hi all... Ive been reading up on crowdsec recently as I am starting to think about opening up more of my internally hosted services to the outside world to allow me to access them whilst on the move.

My understanding is that you have a main box (LAPI) for the controlling all the bouncers that are on the machines that make up my lab.

So in my instance, I have the following boxes...

  • Proxmox
    • NAS (LXC)
    • DHCP/DNS (LXC)
    • NVR (LXC)
    • Media host (VM)
    • Home Automation (VM)
    • HTTP Reverse Proxy (VM)
    • Infrastructure Monitor (VM)

The way I see it, is I install crowdsec on all these machines, and set it up as a bouncer, and then create a new VM or LXC that can run as the main box for CrowdSec, the LAPI.

Is this the right kind of setup for this?

reddit.com
u/I-left-and-came-back — 12 days ago