stu/motherfuckingblog
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
motherfuckingblog/CROWDSEC_SETUP.md
Stewart Pidasso c021228161 init
2025-07-07 02:07:58 +00:00

2.4 KiB
Raw Permalink Blame History

CrowdSec Setup Instructions

This document provides instructions for setting up CrowdSec with Traefik in your environment.

Initial Setup

  1. First, start the services with a temporary API key:
# Set CROWDSEC_BOUNCER_API_KEY to a temporary value in .env
docker-compose up -d
  1. Generate a bouncer API key:
docker exec -it crowdsec cscli bouncers add traefik-bouncer
  1. Copy the generated API key and add it to your .env file:
CROWDSEC_BOUNCER_API_KEY=your_generated_key_here
  1. Restart the services to apply the API key:
docker-compose down
docker-compose up -d

Verify CrowdSec Installation

  1. Check if CrowdSec is running properly:
docker exec -it crowdsec cscli metrics
  1. List installed collections:
docker exec -it crowdsec cscli collections list
  1. Test the CrowdSec setup:
# Check if CrowdSec is properly connected to Traefik
docker logs traefik | grep -i crowdsec

# Check if there are any decisions (blocks) in CrowdSec
docker exec -it crowdsec cscli decisions list

Additional Security Configurations

Install Additional Collections

You can install additional security collections for better protection:

docker exec -it crowdsec cscli collections install crowdsecurity/http-cve
docker exec -it crowdsec cscli collections install crowdsecurity/nginx
docker exec -it crowdsec cscli collections install crowdsecurity/wordpress

Configure Custom Rules - Untested and from LLM

If you need custom security rules, you can create them in the CrowdSec configuration:

  1. Create a custom rule file:
docker exec -it crowdsec touch /etc/crowdsec/parsers/s00-custom/custom-rules.yaml

  1. Edit the file with your custom rules.

  2. Restart CrowdSec:

docker restart crowdsec

Troubleshooting

Check Logs

If you encounter issues, check the logs:

# CrowdSec logs
docker logs crowdsec

# Traefik logs (includes bouncer plugin logs)
docker logs traefik

Common Issues

  1. API Key Issues: If the bouncer can't connect to CrowdSec, verify the API key is correct.

  2. No Decisions: If CrowdSec isn't blocking anything, check if it's receiving logs:

docker exec -it crowdsec cscli metrics
  1. False Positives: If legitimate traffic is being blocked, you can add exceptions:
docker exec -it crowdsec cscli decisions delete --ip 192.168.1.100