Then you’re allowed
I’m a mouse and I do mouse things. I like cheese.
- 0 Posts
- 6 Comments
Joined 2 years ago
Cake day: July 4th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Says the guy with stoned in his name
The details look great!
3·2 years agoHi,
Reading the thread I decided to give it a go, I went ahead and configured crowdsec. I have a few questions, if I may, here’s the setup:
- I have set up the basic collections/parsers (mainly nginx/linux/sshd/base-http-scenarios/http-cve)
- I only have two services open on the firewall, https and ssh (no root login, ssh key only)
- I have set up the firewall bouncer.
If I understand correctly, any attack detected will result in the ip being banned via iptables rule (for a configured duration, by default 4 hours).
- Is there any added value to run the nginx bouncer on top of that, or any other?
- cscli hub update/upgrade will fetch new definitions for collections if I undestand correctly. Is there any need to run this regularly, scheduled with let’s say a cron job, or does crowdsec do that automatically in the background?
sometimes I grab popcorn and “tail -f /var/log/secure”
2·2 years agoDo you have a link to a documentation concerning retention/cleanup for instances?
deleted by creator