I installed crowdsec in my ubuntu virtual machine with nginx and ssh .
. In another private network i have a kali Linux and i made thé scan to crowdsec machine with nikto and hydra for ssh. I see all in my log auth.log for ssh and accès.log for nginx but the crowdsec do nothing.
When i made cscli alerts list i see nothing.
Question . Crowdsec détect and alert if the attaque comming from a private network?
Thanks for reaching out. Could you elaborate on what you have installed? Did you follow the install instructions? And did you install both the CrowdSec agent and a bouncer? If so, which bouncer and did you verify that the bouncer is properly registered with the agent?
If you run
cscli parsers list , does the parser
crowdsecurity/whitelists is installed ?
If yes, this parser whitelist private IP address. So for your tests, you might want to delete it by running
sudo cscli parsers remove crowdsecurity/whitelists (and reload crowdsec).
Firstly thanks for thé reply
I made thé changé with thé parser whitelist and thé issue is solved.