CrowdSec and Proxmox POC

Hi,

I have a Proxmox VE with a few dozen VMs (with apache, sshd, …) and i would like to secure this environment with Crowdsec.

I am currently using Fail2Ban on each individual VM but i think i could do something different with crowdsec and i would like your opinion.

Basically i would like to have :

  • A central crowdsec LAPI on the proxmox server that keeps track of banned IPs and uses an IPTable bouncer to prevent any banned IP to access proxmox or any of the VMs.
  • Crowdsec installed on each VM with just parsers and scenarios to find new IPs to ban and report them to the central LAPI server

That way i would have one source of truth for banned IPs in my system that would protect every VM with one bouncer.

Do you think this is feasible ? Do you guys have any better ideas or some tips ?

Thanks a lot for this great project btw !

1 Like

Hi

Thanks a lot. We’re happy to hear that you like the software.

To me that sounds feasible. However, I am not aware if our debian packages can be installed on Proxmox as we haven’t tested it. But I would assume so.

Which services are you running on your vms and which bouncers did you plan to install?

Hi !

Nice to hear ! We are running sshd / apache / postfix and were planning to create our own bouncer to communicate with Proxmox firewall directly, but this is still to be determined :slight_smile:

Thanks for your quick answer !

Hey, no problem. That sounds great! You might want to join our webinar tomorrow on community and how we plan to build in strong. Sign up at #1 CrowdSec Community Webinar | Take the community to the next level | CrowdSec if you can :slight_smile: