Hi all,
I am new to CrowdSec and I want to use it to replace fail2ban on my different servers, but I have some mail with the customization of the configurations.
In particular on how to customize the configurations on the number of attempts, duration and duration of the ban? I noticed that when I modify the configuration (yaml), the configuration is then in warning, is this normal behavior?
The second thing is how to add a rule simply? I have a lot of SNMP scan and I want to ban the IPs for 30m with after 5 attempts based on the firewall rules (iptables)
Jun 2 14:46:59 localhost kernel: [1570756.275089] FINAL_REJECT: IN=ens3 OUT= MAC=fa:16:3e:fa:20:b8:a6:3c:9a:3d:77:04:08:00 SRC=168.194.15.38 DST=*.*.*.* LEN=62 TOS=0x00 PREC=0x00 TTL=97 ID=10820 PROTO=UDP SPT=56721 DPT=161 LEN=42
Jun 2 14:46:59 localhost kernel: [1570756.277475] FINAL_REJECT: IN=ens3 OUT= MAC=fa:16:3e:fa:20:b8:a6:3c:9a:3d:77:04:08:00 SRC=168.194.15.38 DST=*.*.*.* LEN=62 TOS=0x00 PREC=0x00 TTL=97 ID=10820 PROTO=UDP SPT=56721 DPT=161 LEN=42
Jun 2 14:46:59 localhost kernel: [1570756.283114] FINAL_REJECT: IN=ens3 OUT= MAC=fa:16:3e:fa:20:b8:a6:3c:9a:3d:77:04:08:00 SRC=168.194.15.40 DST=*.*.*.* LEN=62 TOS=0x00 PREC=0x00 TTL=152 ID=31040 PROTO=UDP SPT=10983 DPT=161 LEN=42
Jun 2 14:46:59 localhost kernel: [1570756.301960] FINAL_REJECT: IN=ens3 OUT= MAC=fa:16:3e:fa:20:b8:a6:3c:9a:3d:77:04:08:00 SRC=168.194.14.19 DST=*.*.*.* LEN=62 TOS=0x00 PREC=0x00 TTL=172 ID=36410 PROTO=UDP SPT=39755 DPT=161 LEN=42
Jun 2 14:46:59 localhost kernel: [1570756.303354] FINAL_REJECT: IN=ens3 OUT= MAC=fa:16:3e:fa:20:b8:a6:3c:9a:3d:77:04:08:00 SRC=168.194.15.40 DST=*.*.*.* LEN=62 TOS=0x00 PREC=0x00 TTL=126 ID=27449 PROTO=UDP SPT=19815 DPT=161 LEN=42
Jun 2 14:46:59 localhost kernel: [1570756.323062] FINAL_REJECT: IN=ens3 OUT= MAC=fa:16:3e:fa:20:b8:a6:3c:9a:3d:77:04:08:00 SRC=168.194.14.19 DST=*.*.*.* LEN=62 TOS=0x00 PREC=0x00 TTL=172 ID=36410 PROTO=UDP SPT=39755 DPT=161 LEN=42
Jun 2 14:46:59 localhost kernel: [1570756.328768] FINAL_REJECT: IN=ens3 OUT= MAC=fa:16:3e:fa:20:b8:a6:3c:9a:3d:77:04:08:00 SRC=168.194.14.19 DST=*.*.*.* LEN=62 TOS=0x00 PREC=0x00 TTL=172 ID=36410 PROTO=UDP SPT=39755 DPT=161 LEN=42
Jun 2 14:46:59 localhost kernel: [1570756.336171] FINAL_REJECT: IN=ens3 OUT= MAC=fa:16:3e:fa:20:b8:a6:3c:9a:3d:77:04:08:00 SRC=168.194.14.22 DST=*.*.*.* LEN=62 TOS=0x00 PREC=0x00 TTL=226 ID=41916 PROTO=UDP SPT=24507 DPT=161 LEN=42
Jun 2 14:46:59 localhost kernel: [1570756.361122] FINAL_REJECT: IN=ens3 OUT= MAC=fa:16:3e:fa:20:b8:a6:3c:9a:3d:77:04:08:00 SRC=168.194.14.25 DST=*.*.*.* LEN=62 TOS=0x00 PREC=0x00 TTL=204 ID=22142 PROTO=UDP SPT=19280 DPT=161 LEN=42
Thank
Romain