Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. Implement Crowdsec, a docker and sever level crowd sourced security guard

Implement Crowdsec, a docker and sever level crowd sourced security guard

Scheduled Pinned Locked Moved Feature Requests
28 Posts 9 Posters 8.4k Views 11 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P Offline
    P Offline
    privsec
    wrote on last edited by privsec
    #1

    I would like to suggest implemententing Crowdsec as a built-in feature to a cloudron install. Assuming most of our installs (speaking on the community behalf) are internet facing, something like this, could become very powerful and beneficial as a security feature.

    necrevistonnezrN jdaviescoatesJ M K 5 Replies Last reply
    8
    • P privsec

      I would like to suggest implemententing Crowdsec as a built-in feature to a cloudron install. Assuming most of our installs (speaking on the community behalf) are internet facing, something like this, could become very powerful and beneficial as a security feature.

      necrevistonnezrN Offline
      necrevistonnezrN Offline
      necrevistonnezr
      wrote on last edited by
      #2

      @privsec Looks quite interesting. French company. Built in Go.

      https://danielmiessler.com/study/crowdsec/

      So the system doesn’t just detect attacks using its view into your logs, it can also trigger various actions once something is detected, such as:

      • Blocking people in Cloudflare
      • Running your own arbitrary scripts
      • Executing a block in netfilter/iptables
      • Denying an IP in Nginx
      • Blocking in WordPress
      • Etc.
        This tells me they’re thinking big and long-term with this thing, and not just as a replacement for a local banning tool.
      1 Reply Last reply
      3
      • girishG girish moved this topic from Support on
      • P privsec

        I would like to suggest implemententing Crowdsec as a built-in feature to a cloudron install. Assuming most of our installs (speaking on the community behalf) are internet facing, something like this, could become very powerful and beneficial as a security feature.

        jdaviescoatesJ Offline
        jdaviescoatesJ Offline
        jdaviescoates
        wrote on last edited by
        #3

        @privsec nice find. I think Akismet kinda works like this for WordPress (and there was another Drupal one too) but I've always wondered why there wasn't something more generic.

        I use Cloudron with Gandi & Hetzner

        P 1 Reply Last reply
        3
        • jdaviescoatesJ jdaviescoates

          @privsec nice find. I think Akismet kinda works like this for WordPress (and there was another Drupal one too) but I've always wondered why there wasn't something more generic.

          P Offline
          P Offline
          privsec
          wrote on last edited by
          #4

          @jdaviescoates
          Thanks! It looks very interesting.

          And from what I have read, it will also anonymize your logs.

          1 Reply Last reply
          0
          • P privsec

            I would like to suggest implemententing Crowdsec as a built-in feature to a cloudron install. Assuming most of our installs (speaking on the community behalf) are internet facing, something like this, could become very powerful and beneficial as a security feature.

            M Offline
            M Offline
            Mastadamus
            wrote on last edited by
            #5

            @privsec huge fan of this idea.

            1 Reply Last reply
            1
            • P Offline
              P Offline
              privsec
              wrote on last edited by
              #6

              To add to how awesome this software is

              https://crowdsec.net/faq/

              Server-side treatments involve the following:
              
                  Collecting information (IP / Timestamp / Scenario) sent by the network members accepting to share them
                  Distributing curated IP block list (tailor-made for each, according to their choices in the back office (coming soon))
              
              The reputation system (feeding your local daemon with IPs to block), can be deactivated and/or replaced by another source of reputation in the configuration, making the software 100% able to function in a standalone manner if you want absolutely no dependency on any online service. With the local API (LAPI, as of v1.0) agents can be deployed & configured 100% offline if you want to. 
              
              1 Reply Last reply
              2
              • P Offline
                P Offline
                privsec
                wrote on last edited by
                #7

                To unban yourself, if you do
                https://crowdsec.net/unban-my-ip/

                1 Reply Last reply
                2
                • JOduMonTJ Offline
                  JOduMonTJ Offline
                  JOduMonT
                  wrote on last edited by JOduMonT
                  #8

                  For me, the nicer part of that project is they have "crowdsec client" which it is able to listen inside the docker habitat and with the bouncer apply rules at the host level.

                  @privsec you should change the title since in that case it would replace more than just Fail2Ban and protect more than just SSH.

                  1 Reply Last reply
                  2
                  • JOduMonTJ JOduMonT referenced this topic on
                  • P privsec

                    I would like to suggest implemententing Crowdsec as a built-in feature to a cloudron install. Assuming most of our installs (speaking on the community behalf) are internet facing, something like this, could become very powerful and beneficial as a security feature.

                    M Offline
                    M Offline
                    Mastadamus
                    wrote on last edited by
                    #9

                    @privsec Have you installed this with your cloudron?

                    1 Reply Last reply
                    1
                    • T Offline
                      T Offline
                      teamcrw
                      wrote on last edited by
                      #10

                      Did anyone install it on a cloudron instance? We are using it on various Ubuntu rootservers and it works.

                      T 1 Reply Last reply
                      1
                      • T teamcrw

                        Did anyone install it on a cloudron instance? We are using it on various Ubuntu rootservers and it works.

                        T Offline
                        T Offline
                        teamcrw
                        wrote on last edited by
                        #11

                        @teamcrw i just installed it now and will get back if i encounter any problems

                        M 1 Reply Last reply
                        3
                        • T teamcrw

                          @teamcrw i just installed it now and will get back if i encounter any problems

                          M Offline
                          M Offline
                          Mastadamus
                          wrote on last edited by
                          #12

                          @teamcrw are you installing an nginx bouncer with it?

                          M T 2 Replies Last reply
                          1
                          • M Mastadamus

                            @teamcrw are you installing an nginx bouncer with it?

                            M Offline
                            M Offline
                            Mastadamus
                            wrote on last edited by
                            #13

                            @mastadamus I'd like to give an update. I installed the NGINX bouncer and it took down cloudron's NGINX service. During the install it prompted me if i wanted to change several config files or leave the current file in place and I left my current config file in place yet it still crashed and refused to come back up. More investigation is necessary to make this work.

                            M 1 Reply Last reply
                            1
                            • M Mastadamus

                              @mastadamus I'd like to give an update. I installed the NGINX bouncer and it took down cloudron's NGINX service. During the install it prompted me if i wanted to change several config files or leave the current file in place and I left my current config file in place yet it still crashed and refused to come back up. More investigation is necessary to make this work.

                              M Offline
                              M Offline
                              Mastadamus
                              wrote on last edited by
                              #14

                              @mastadamus The IP TABLE bouncer seems to be working fine. Also I installed the metabase Docker container running on 8181 with success.

                              1 Reply Last reply
                              2
                              • M Mastadamus

                                @teamcrw are you installing an nginx bouncer with it?

                                T Offline
                                T Offline
                                teamcrw
                                wrote on last edited by
                                #15

                                @mastadamus no didn't install nginx bouncer with it. i didn't encounter any problems since i installed it with default settings.

                                M 1 Reply Last reply
                                1
                                • JOduMonTJ JOduMonT referenced this topic on
                                • JOduMonTJ JOduMonT referenced this topic on
                                • T teamcrw

                                  @mastadamus no didn't install nginx bouncer with it. i didn't encounter any problems since i installed it with default settings.

                                  M Offline
                                  M Offline
                                  Mastadamus
                                  wrote on last edited by
                                  #16

                                  @teamcrw I realized crowdsec isn't succesfully parsing the NGINX logs generated by cloudron because Cloudron uses a non standard /non default log format for NGINX. Working on that now.

                                  M 1 Reply Last reply
                                  2
                                  • P privsec

                                    I would like to suggest implemententing Crowdsec as a built-in feature to a cloudron install. Assuming most of our installs (speaking on the community behalf) are internet facing, something like this, could become very powerful and beneficial as a security feature.

                                    K Offline
                                    K Offline
                                    klausagnoletti
                                    wrote on last edited by
                                    #17

                                    Hi!

                                    Just to let you good people know: I am head of community at CrowdSec and I think it's a great idea if Cloudron has build-in support for CrowdSec.

                                    I would be happy to help anyone here out in installing it - and of course to facilitate Cloudron the help they would need to implement it.

                                    Just DM me or write me at klaus (at) crowdsec (dot) net.

                                    1 Reply Last reply
                                    8
                                    • M Mastadamus

                                      @teamcrw I realized crowdsec isn't succesfully parsing the NGINX logs generated by cloudron because Cloudron uses a non standard /non default log format for NGINX. Working on that now.

                                      M Offline
                                      M Offline
                                      Mastadamus
                                      wrote on last edited by
                                      #18

                                      @mastadamus I've since got the logs to be parsed by taking out the custom "combined2" log format for nginx.conf. If this is to be shipped with cloudron it would either require to have custom parsers written OR the nginx.conf for cloudron would need to use default combined log format. ddba26c0-91de-425e-a9f3-12852c5122df-image.png

                                      I am using an iptable bouncer and i'm not sure if it will perform block actions on the iptables based of something triggerd by nginx. I will dig further into that. That being said, it is fullfulling the role fail2ban would normally play and is working appropriately.

                                      P 1 Reply Last reply
                                      2
                                      • M Mastadamus

                                        @mastadamus I've since got the logs to be parsed by taking out the custom "combined2" log format for nginx.conf. If this is to be shipped with cloudron it would either require to have custom parsers written OR the nginx.conf for cloudron would need to use default combined log format. ddba26c0-91de-425e-a9f3-12852c5122df-image.png

                                        I am using an iptable bouncer and i'm not sure if it will perform block actions on the iptables based of something triggerd by nginx. I will dig further into that. That being said, it is fullfulling the role fail2ban would normally play and is working appropriately.

                                        P Offline
                                        P Offline
                                        privsec
                                        wrote on last edited by
                                        #19

                                        @mastadamus said in Implement Crowdsec, a docker and sever level crowd sourced security guard:

                                        @mastadamus I've since got the logs to be parsed by taking out the custom "combined2" log format for nginx.conf. If this is to be shipped with cloudron it would either require to have custom parsers written OR the nginx.conf for cloudron would need to use default combined log format. ddba26c0-91de-425e-a9f3-12852c5122df-image.png

                                        I am using an iptable bouncer and i'm not sure if it will perform block actions on the iptables based of something triggerd by nginx. I will dig further into that. That being said, it is fullfulling the role fail2ban would normally play and is working appropriately.

                                        @klausagnoletti is this something that could be done by your team?

                                        M K 2 Replies Last reply
                                        0
                                        • P privsec

                                          @mastadamus said in Implement Crowdsec, a docker and sever level crowd sourced security guard:

                                          @mastadamus I've since got the logs to be parsed by taking out the custom "combined2" log format for nginx.conf. If this is to be shipped with cloudron it would either require to have custom parsers written OR the nginx.conf for cloudron would need to use default combined log format. ddba26c0-91de-425e-a9f3-12852c5122df-image.png

                                          I am using an iptable bouncer and i'm not sure if it will perform block actions on the iptables based of something triggerd by nginx. I will dig further into that. That being said, it is fullfulling the role fail2ban would normally play and is working appropriately.

                                          @klausagnoletti is this something that could be done by your team?

                                          M Offline
                                          M Offline
                                          Mastadamus
                                          wrote on last edited by
                                          #20

                                          @privsec The other thing to consider is, when i installed the nginx bouncer, even though i left configs default, it crashed the nginx service and i couldn't restart it. Even after I uninstalled the bouncer, I couldn't get nginx back so i had reverted to a snapshot. The iptable bouncer works decent though. Will have to do further testing to figure out why installing the nginx bouncer crashes nginx for cloudron.

                                          M 1 Reply Last reply
                                          4
                                          Reply
                                          • Reply as topic
                                          Log in to reply
                                          • Oldest to Newest
                                          • Newest to Oldest
                                          • Most Votes


                                          • Login

                                          • Don't have an account? Register

                                          • Login or register to search.
                                          • First post
                                            Last post
                                          0
                                          • Categories
                                          • Recent
                                          • Tags
                                          • Popular
                                          • Bookmarks
                                          • Search