CrowdSec - I have it installed, anyone else use it?

Has anyone had experience with running CrowdSec IDS on their virtualmin instance? I have it installed and appears to be running but not getting any hits from spam bots or anything… so assuming there is another process at play that is interfering with it. Yes… yes i know crowdsec isn’t supported. My experience on other vps’s that it works better than fail2ban. … would like to know if any others have tried to get it to work.

I do, works great - but hope you read (most of the) documentation, CrowdSec is a hydra in disguise :slight_smile: I trust you already choose the collections, installed them, enabled them, and the same for a proper bouncer?

Piece of advice do not mess with the particular config files, you will only get errors because they were modified.

BTW even if I supported fail2ban for years it is time to move on, at least for me. Virtualmin should have some basic support for CrowdSec, it is more than a banning tool, also a honeypot with a insanely accurate, curated blacklist.

I would love to see some basic support for it in Virtualmin. I know there have been others who’ve had issues integrating it into virtualmin on here. There is a definate demand for it.

Well it works as any other piece of software, alongside Virtualmin, so about “support”… we shouldn’t expect much though, I would say:

  • basic option to install and activate, deactivate, stop & start;
  • options with what to collections to install/enable;
  • a screen to show latest decisions and also alerts for updates.

Can’t think of anything else really…?

on the wishlist would be an option to re reg/refresh instance on app.crowdsec.net in the event the instance is dropped from the crowdsec app/website for troubleshooting purposes. and maybe some option to show it has connectivity to the panel.

Thanks for the interet in CrowdSec. I am head of community there.
We started to focus more on supporting similar products/projects so it would be great if you or someone else from the virtualmin community joined our Discord at CrowdSec so we get a better understanding of how we can support virtualmin as we don’t know it very well. Please ping me there so I can set up a chat with our devs.

Thanks!

the current setup install comes with firewalld and fail2ban, it would be great if crowdsec could be an option as an alternative

We would need an option in the initial config to choose crowdsec and a compatible firewall bouncer.

also support for rocky9/rh9/alma9 not just 8. Debian/Ubuntu seems to be ready.

Thanks for the comments. For the last part of your post regarding support for other distros please create an issue at Issues · crowdsecurity/crowdsec · GitHub so we can schedule and prioritize it. And if someone wants to work on supporting virtualmin please join our Discord linked above and ping me there so I can set up some sort of collaboration efforts.

1 Like