crowdsec
debian
ids
security
tutos
CrowdSec sur Debian 12
Installation de CrowdSec sur Debian 12 Bookworm.
Composant
Version
Debian
12 Bookworm
CrowdSec
1.5+
Durée estimée : 25 minutes
1. Installation
-s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | bash
install -y crowdsec
version
2. Démarrer
enable --now crowdsec
metrics
3. Collections
# SSH
collections install crowdsecurity/sshd
# Nginx
collections install crowdsecurity/nginx
# Linux
collections install crowdsecurity/linux
# Vérifier
collections list
4. Acquisition
/etc/crowdsec/acquis.yaml
filenames :
- /var/log/auth.log
labels :
type : syslog
---
filenames :
- /var/log/nginx/access.log
- /var/log/nginx/error.log
labels :
type : nginx
reload crowdsec
5. Bouncer Firewall
install -y crowdsec-firewall-bouncer-iptables
bouncers add firewall-bouncer
/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
mode : iptables
api_url : http://127.0.0.1:8080
api_key : <API_KEY>
deny_action : DROP
enable --now crowdsec-firewall-bouncer
6. Gestion
# Décisions actives
decisions list
# Bannir
decisions add --ip 1 .2.3.4 --duration 24h --reason "attack"
# Débannir
decisions delete --ip 1 .2.3.4
7. Whitelist
/etc/crowdsec/parsers/s02-enrich/whitelist.yaml
name : crowdsecurity/whitelist
description : "Whitelist"
whitelist :
reason : "Private"
ip :
- "192.168.1.0/24"
8. Console Cloud
# https://app.crowdsec.net
console enroll <ENROLLMENT_KEY>
restart crowdsec
9. Métriques
metrics
alerts list
bouncers list
Comparatif Rocky vs Debian
Aspect
Rocky 9
Debian 12
Package
script.rpm.sh
script.deb.sh
Logs SSH
/var/log/secure
/var/log/auth.log
Bouncer
iptables/nftables
iptables/nftables
Commandes
metrics # Métriques
alerts list # Alertes
decisions list # Décisions
collections list # Collections
hub update # Mise à jour hub
hub upgrade # Upgrade composants
Changelog
Date
Modification
2024-12
Création initiale