crowdsec

23/03/2021

Create files to mount property the volumes

touch ./crowdsec/data/crowdsec.db
touch ./crowdsec/config/local_api_credentials.yaml

Create a docker-compose.yml

crowdsec:
    container_name: crowdsec
    restart: always
    image: crowdsecurity/crowdsec:latest
    ports:
        - "8080:8080"
    volumes:
        - ./crowdsec/config/acquis.yaml:/etc/crowdsec/acquis.yaml
        - ./crowdsec/config/local_api_credentials.yaml:/etc/crowdsec/local_api_credentials.yaml
        - ./crowdsec/data:/var/lib/crowdsec/data
        - /var/log/auth.log:/logs/auth.log:ro
        - /var/log/syslog:/logs/syslog:ro
    environment:
        - "COLLECTIONS=crowdsecurity/sshd"

Crowdsec starts getting a list of bad ips and insert it into "decisions"

get ip stream

https://doc.crowdsec.net/Crowdsec/v1/localAPI/howto/
docker exec -ti crowdsec cscli bouncers list
docker exec -ti crowdsec cscli bouncers add MyTestClient
curl  -H "X-Api-Key: xxxxxxxxxx" -I localhost:8080/v1/decisions  
curl  -s -H "X-Api-Key: xxxxxxxxxx"  http://localhost:8080/v1/decisions/stream\?startup\=true | jq .

Raccourcis