Open joglomedia opened 2 years ago
Sample installation:
Enable SQLite WAL
insert the following line in /etc/crowdsec/config.yaml, section db_config:
use_wal: true
Then restart Crowdsec using systemctl restart crowdsec.
Exclude / whitelist known ISP (ex Indihome)
sudo cscli collections install crowdsecurity/whitelist-good-actors
sudo cscli parsers install crowdsecurity/geoip-enrich
sudo cscli postoverflows install crowdsecurity/rdns
Create new config file
sudo nano /etc/crowdsec/postoverflows/s01-whitelist/isp_indihome_whitelists.yaml
Add below
name: lemper/isp_indihome_whitelists
description: "Whitelist events from known ISP ipv4 addresses"
whitelist:
reason: "Known ISP ipv4 ranges AS7713 (PT Telekomunikasi Indonesia)"
expression:
- evt.Enriched.ASNNumber == "7713"
- evt.Enriched.ASNNumber == "AS7713"
evt.Enriched.ASNNumber evt.Enriched.ASNOrg
Describe the Issue / Bug Add CrowdSec as replacement alternative to Fail2ban for intrusion detection system
https://crowdsec.net/
Installing CrowdSec
https://doc.crowdsec.net/docs/getting_started/install_crowdsec