Saltbox icon indicating copy to clipboard operation
Saltbox copied to clipboard

Published 20 hours ago verified publisher icon saltyorg

App Request: cowdsec

Open Nanefouad opened this issue 1 year ago • 5 comments

hello everyone, I would like to submit the following proposal to you, it concerns Crowdsec. I would have liked to find it on the depo. thanks for making the necessary

Nanefouad avatar Feb 12 '24 18:02 Nanefouad

https://github.com/saltyorg/Sandpit/tree/main/roles/crowdsec

keldian avatar Feb 12 '24 18:02 keldian

That sandpit role doesn't do anything though.

saltydk avatar Feb 13 '24 01:02 saltydk

for the record, I didn't create that it was jigsaw. :p

I just noticed that he'd started a role for it and thought it would be nice to have around. It does have his name in the info code block.

RaneyDazed avatar Feb 14 '24 16:02 RaneyDazed

Id probably be more inclined to do something like this guide: Crowdsec - Enhance Docker Compose Security Integrate it with Traefik than have it standalone

Looking at the documentation it would require a similar set up to the 1 that plex utilises where it prompts the user for a token

Please can you update the title to state "App Request - Crowdsec" so people can see from the issues tab what this is for

Barrow1990 avatar Feb 28 '24 20:02 Barrow1990

I'll move this to Saltbox since it makes sense to have it there if Traefik integration is required, which it is.

saltydk avatar Mar 09 '24 23:03 saltydk

Is anyone actively working on this? Id love to have this integrated

Barrow1990 avatar Sep 17 '24 19:09 Barrow1990

Crowdsec

CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), it uses Grok patterns to parse logs and YAML scenarios to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM-based infrastructures (by decoupling detection and remediation). Once detected you can remedy threats with various bouncers (firewall block, nginx http 403, Captchas, etc.) while the aggressive IP can be sent to CrowdSec for curation before being shared among all users to further improve everyone's security. See FAQ or read below for more.

Links to further information

What are you willing to do to help?

  • [X] I will you help with making docs if this gets picked up.
  • [x] I will you help with testing.
  • [X] Other things:- Help With Implementation Code

Anything else you would like to add.

Not sure how this would be implemented due to requiring the following steps: This is based on Example

  • How to automate the enrolling part
  • How to automate the adding of the bouncer
  • Modify the traefik container to depend on crowdsec as well as add the additional labels
  • add additional labels to all other applications

They may be more steps but seems like a very heavy integration

Barrow1990 avatar Sep 17 '24 19:09 Barrow1990

It is on my to do list.

saltydk avatar Sep 17 '24 19:09 saltydk