Create files to mount property the volumes
touch ./crowdsec/data/crowdsec.db
touch ./crowdsec/config/local_api_credentials.yaml
Create a docker-compose.yml
crowdsec:
container_name: crowdsec
restart: always
image: crowdsecurity/crowdsec:latest
ports:
- "8080:8080"
volumes:
- ./crowdsec/config/acquis.yaml:/etc/crowdsec/acquis.yaml
- ./crowdsec/config/local_api_credentials.yaml:/etc/crowdsec/local_api_credentials.yaml
- ./crowdsec/data:/var/lib/crowdsec/data
- /var/log/auth.log:/logs/auth.log:ro
- /var/log/syslog:/logs/syslog:ro
environment:
- "COLLECTIONS=crowdsecurity/sshd"
Crowdsec starts getting a list of bad ips and insert it into "decisions"
https://doc.crowdsec.net/Crowdsec/v1/localAPI/howto/
docker exec -ti crowdsec cscli bouncers list
docker exec -ti crowdsec cscli bouncers add MyTestClient
curl -H "X-Api-Key: xxxxxxxxxx" -I localhost:8080/v1/decisions
curl -s -H "X-Api-Key: xxxxxxxxxx" http://localhost:8080/v1/decisions/stream\?startup\=true | jq .