CrowdSec replacing Fail2ban

Discussion in 'Feature Requests' started by IzFazt, Dec 11, 2020.

  1. IzFazt

    IzFazt Member HowtoForge Supporter

    much better resource usage
    Code:
    https://crowdsec.net/
     
    Jesse Norell likes this.
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    So your request is to use this in the Perfect Server tutorials? Include the logs in the panel? Or?
     
  3. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    I haven't heard of crowdsec before, but have wanted to write something that does exactly that for some time. Will definitely look into this more. I really hope they have open sourced the collection server/database piece, so that anyone can run their own (because the public service gets DoS'd or shuts down, etc.). If you can use multiple public collection services, I'd suggest we set one up for the ispconfig community, preconfigured for use (both for security incidents and spamming).
     
    IzFazt likes this.
  4. IzFazt

    IzFazt Member HowtoForge Supporter

    Yes sir, we've had resource problems with fail2ban, currently using crowdsec.
     
  5. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Do you have measurement data on resource usage for fail2ban and crowdsec you can share here?
     
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Also somewhat germane to your question, do you have any custom configuration, or just using the collections/configuration/bouncers right from crowdsec hub? What all did you envision or hope an ISPConfig integration would configure and do? It seems like a Perfect Server tutorial that had a few commands to run the crowdsec install wizard and get it pointed at the control panel node, which itself runs the web interface, would be sufficient?

    Also to answer my earlier wandering, they do not make the "consensus engine" available to the public currently, and it sounds like probably no plans to do so any time soon.
     
  7. IzFazt

    IzFazt Member HowtoForge Supporter

    Hi Jesse, holidays so sorry for my late reply, Happy New Year!

    That would be sufficient indeed. There is currently one issue which I had to resolve in my personal setup, I had to turn this report off as it crashed crowdsec after the first attempt on port 22

    Code:
    cscli scenarios remove crowdsecurity/ban-report-ssh_bf_report
    all other stuff on their hub I currently have activated.
     

Share This Page