Installing CrowdSec: A Fail2Ban Alternative for Your Server
In this blog post, I’m going to show you how to install and use CrowdSec as a great alternative to Fail2Ban for protecting your server. I’ve found CrowdSec to be an excellent solution and I’m excited to share it with you!
CrowdSec is an open-source security solution that helps protect your server from potential threats, just like Fail2Ban. However, there are some key advantages to using CrowdSec:
- Collaborative Defense: CrowdSec leverages a global community of users who share threat intelligence. When one user encounters an attack, the information is shared with the entire community, providing everyone with better protection.
- Ease of Use: CrowdSec has a user-friendly dashboard and an extensive set of plugins and integrations, making it easy to monitor and manage your security.
- Scalability: CrowdSec is designed to handle high traffic volumes, making it ideal for growing websites.
With these benefits in mind, let’s dive into the installation process!
To install CrowdSec, simply follow the steps below. Please note that this tutorial assumes you’re using a Linux-based server.
First, let’s make sure your system is up to date. Open your terminal and run the following commands:
1 2 sudo apt-get update sudo apt-get upgrade
Now, let’s install CrowdSec using the following command:
1 2 curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash sudo apt-get install crowdsec
After installation, you’ll need to configure CrowdSec. Run the following command to launch the configuration wizard:
1 sudo cscli -c /etc/crowdsec/config.yaml config setup
Follow the prompts to set up your account and choose the appropriate plugins for your needs.
Finally, enable and start the CrowdSec service using these commands:
1 2 sudo systemctl enable crowdsec sudo systemctl start crowdsec
CrowdSec bouncers are a crucial part of the system, as they enforce the security decisions made by CrowdSec. Bouncers can be thought of as agents that interact with various systems (like firewalls or web servers) to block malicious traffic based on the decisions made by CrowdSec.
To install a bouncer, you’ll first need to choose the right one for your needs. There are various bouncers available for different systems. In this tutorial, we’ll use the
crowdsec-firewall-bouncer as an example, which works with both
Install the bouncer by running the following commands:
1 2 curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec-firewall-bouncer/script.deb.sh | sudo bash sudo apt-get install crowdsec-firewall-bouncer
After installing the bouncer, you’ll need to configure it. Edit the
/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml configuration file using your preferred text editor:
1 sudo nano /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
In the configuration file, update the
api_key with the correct values. You can find your API key by running the following command:
1 sudo cscli bouncers list
Your API key will be displayed in the
Key column of the output.
Make sure to also configure the
mode parameter according to your system’s firewall. Set the value to
nftables, depending on your setup.
Once you have configured the bouncer, enable and start the service with the following commands:
1 2 sudo systemctl enable crowdsec-firewall-bouncer sudo systemctl start crowdsec-firewall-bouncer
Congratulations! You’ve successfully installed CrowdSec and a bouncer as a Fail2Ban alternative for your server. With CrowdSec and its bouncers in place, you can enjoy better security, ease of use, and scalability for your Server.
I hope you found this tutorial helpful, and if you have any questions or run into any issues, feel free to email me or drop me a message on Discord.