CrowdSec#
CrowdSec è un tool di rilevamento attività sospette. Cerca pattern conosciuti, come tentativi di login malevoli, nei log delle applicazioni e blocca l’indirizzo IP dell’attaccante.
È possibile installare solo un’istanza CrowdSec per ogni nodo.
Configurazione#
Una volta installato, CrowdSec è già completamente funzionale e protegge molte applicazioni NS8.
Dall’interfaccia web è possibile configurare:
mail notification by adding one address per line inside
Email notifications
field: notifications will work only if Email notifications has been configuredIP e rete che non saranno mai bloccati
tempo di divieto dinamico e statico
As default, CrowdSec will send some telemetry to remote CrowdSec-owned servers.
The servers use such data to compose a community blocklist which is sent back to your installation.
If you do not want to share such data and disable the community blocklist, you can do it by
disabling the Enable central API
option under the Advanced
section.
You can also connect your instance to CrowdSec console
by filling the Enroll the CrowdSec instance
field.
Command-line interface#
The cscli
command is a powerful command-line interface to access
advanced Crowdsec functions. To run cscli
, you have to enter the
application environment first. Type in a root shell the following command
runagent -m crowdsec1 bash
Then the cscli
command becomes available. For instance, print the help
message with
cscli --help