Create files to mount property the volumes
touch ./crowdsec/data/crowdsec.db touch ./crowdsec/config/local_api_credentials.yaml
Create a docker-compose.yml
crowdsec: container_name: crowdsec restart: always image: crowdsecurity/crowdsec:latest ports: - "8080:8080" volumes: - ./crowdsec/config/acquis.yaml:/etc/crowdsec/acquis.yaml - ./crowdsec/config/local_api_credentials.yaml:/etc/crowdsec/local_api_credentials.yaml - ./crowdsec/data:/var/lib/crowdsec/data - /var/log/auth.log:/logs/auth.log:ro - /var/log/syslog:/logs/syslog:ro environment: - "COLLECTIONS=crowdsecurity/sshd"
Crowdsec starts getting a list of bad ips and insert it into "decisions"
https://doc.crowdsec.net/Crowdsec/v1/localAPI/howto/ docker exec -ti crowdsec cscli bouncers list docker exec -ti crowdsec cscli bouncers add MyTestClient curl -H "X-Api-Key: xxxxxxxxxx" -I localhost:8080/v1/decisions curl -s -H "X-Api-Key: xxxxxxxxxx" http://localhost:8080/v1/decisions/stream\?startup\=true | jq .