init
This commit is contained in:
Stewart Pidasso
commit
c021228161
24 changed files with 1509 additions and 0 deletions
115
CROWDSEC_SETUP.md
Normal file
115
CROWDSEC_SETUP.md
Normal file
|
|
@ -0,0 +1,115 @@
|
|||
# CrowdSec Setup Instructions
|
||||
|
||||
This document provides instructions for setting up CrowdSec with Traefik in your environment.
|
||||
|
||||
## Initial Setup
|
||||
|
||||
1. First, start the services with a temporary API key:
|
||||
|
||||
```bash
|
||||
# Set CROWDSEC_BOUNCER_API_KEY to a temporary value in .env
|
||||
docker-compose up -d
|
||||
```
|
||||
|
||||
2. Generate a bouncer API key:
|
||||
|
||||
```bash
|
||||
docker exec -it crowdsec cscli bouncers add traefik-bouncer
|
||||
```
|
||||
|
||||
3. Copy the generated API key and add it to your `.env` file:
|
||||
|
||||
```
|
||||
CROWDSEC_BOUNCER_API_KEY=your_generated_key_here
|
||||
```
|
||||
|
||||
4. Restart the services to apply the API key:
|
||||
|
||||
```bash
|
||||
docker-compose down
|
||||
docker-compose up -d
|
||||
```
|
||||
|
||||
## Verify CrowdSec Installation
|
||||
|
||||
1. Check if CrowdSec is running properly:
|
||||
|
||||
```bash
|
||||
docker exec -it crowdsec cscli metrics
|
||||
```
|
||||
|
||||
2. List installed collections:
|
||||
|
||||
```bash
|
||||
docker exec -it crowdsec cscli collections list
|
||||
```
|
||||
|
||||
3. Test the CrowdSec setup:
|
||||
|
||||
```bash
|
||||
# Check if CrowdSec is properly connected to Traefik
|
||||
docker logs traefik | grep -i crowdsec
|
||||
|
||||
# Check if there are any decisions (blocks) in CrowdSec
|
||||
docker exec -it crowdsec cscli decisions list
|
||||
```
|
||||
|
||||
## Additional Security Configurations
|
||||
|
||||
### Install Additional Collections
|
||||
|
||||
You can install additional security collections for better protection:
|
||||
|
||||
```bash
|
||||
docker exec -it crowdsec cscli collections install crowdsecurity/http-cve
|
||||
docker exec -it crowdsec cscli collections install crowdsecurity/nginx
|
||||
docker exec -it crowdsec cscli collections install crowdsecurity/wordpress
|
||||
```
|
||||
|
||||
### Configure Custom Rules - Untested and from LLM
|
||||
|
||||
If you need custom security rules, you can create them in the CrowdSec configuration:
|
||||
|
||||
1. Create a custom rule file:
|
||||
|
||||
```bash
|
||||
docker exec -it crowdsec touch /etc/crowdsec/parsers/s00-custom/custom-rules.yaml
|
||||
```
|
||||
|
||||
2. Edit the file with your custom rules.
|
||||
|
||||
3. Restart CrowdSec:
|
||||
|
||||
```bash
|
||||
docker restart crowdsec
|
||||
```
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Check Logs
|
||||
|
||||
If you encounter issues, check the logs:
|
||||
|
||||
```bash
|
||||
# CrowdSec logs
|
||||
docker logs crowdsec
|
||||
|
||||
# Traefik logs (includes bouncer plugin logs)
|
||||
docker logs traefik
|
||||
```
|
||||
|
||||
### Common Issues
|
||||
|
||||
1. **API Key Issues**: If the bouncer can't connect to CrowdSec, verify the API key is correct.
|
||||
|
||||
2. **No Decisions**: If CrowdSec isn't blocking anything, check if it's receiving logs:
|
||||
|
||||
```bash
|
||||
docker exec -it crowdsec cscli metrics
|
||||
```
|
||||
|
||||
3. **False Positives**: If legitimate traffic is being blocked, you can add exceptions:
|
||||
|
||||
```bash
|
||||
docker exec -it crowdsec cscli decisions delete --ip 192.168.1.100
|
||||
```
|
||||
Loading…
Add table
Add a link
Reference in a new issue