CrowdSec support


Recommended Posts

I am head of community at CrowdSec (https://crowdsec.net) and although a bit biased (but also based on users requesting this on our Discord) I'll suggest support for CrowdSec on Unraid. In practice it would mean making Unraid-containers out of the existing ones. 

For those unfamilar to CrowdSec it consists of two parts: an agent who does log parsing and attack detection and manages the local stack and the bouncer which is the IPS part that does the actual threat mitigation. The simplest bouncer to use is the iptables/nftables bouncer (we have both) but there's no Docker container of that (not entirely true, we have a home assistant add-on (which is also Docker) but I don't know how much can be reused.

 

Here's the link to our Docker repo. As you can see there's also a bunch of other bouncers available as docker containers that could probably be converted easy is my guess.

 

Regarding the firewall bouncer it obviously needs to be running as root on the Unraid host which is in itself not a big deal and pretty easy to do so I don't think there's too much work in this. We'll be happy to collaborate and do what we can to help out. Please join our Discord at https://discord.gg/crowdsec and ping me there if you're interested. I'll be happy to convey contact with our dev team.

 

Let me know what you think

  • Upvote 4
Link to comment
4 hours ago, klausagnoletti said:

Here's the link to our Docker repo. As you can see there's also a bunch of other bouncers available as docker containers that could probably be converted easy is my guess.

IBRACORP already made a template for Unraid, see here:

https://docs.ibracorp.io/crowdsec/crowdsec/unraid

 

@Sycotix I mark you here too.

 

I would also recommend that you reach out to the developers via the contact form over here: Click

  • Like 1
Link to comment

I've been using CrowdSec as a docker container and can see this only being a plus. While large companies around the world are being owned left and right, I have been on the lookout hard for ways to make sure that anything that has availability to the internet is protected.

IBRACORP security repository implemented docker containers for CrowdSec and the traefik bouncer. I've been running CrowdSec, and the Cloudflare bouncer for a few weeks now, and have noticed a lot of activity. I would definitely love to see native support for this built into Unraid. +1 here

Link to comment

What we really need integrated is just the firewall bouncer, the rest can be done via docker containers. So either we need native support within unRAID or Crowdsec needs to release a docker container with their firewall bouncer so that it can update iptables.

 

This software has blocked way more than anything else I have implemented so it would be great to ban at the iptable level instead of ngnix level

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.