Good day,
I found you by chance today.
What I have done so far, I have installed crowdsec on a Debian Bullseye where currently runs UFW with Fail2Ban.
Then I installed crowdsec-firewall-bouncer-iptables on top of that.
I have mysql, apache, pgsql and linux active as rules.
But how can I see now that the system really works? Or does it not work together with UFW?
Hey and thanks for posting!
You can check the /var/log/crowdsec.log
file to check what’s going on in terms of errors. Or use the cscli:
cscli decisions list
(which decisions has been made in terms of attacks?)
cscli bouncers list
(which bouncers are registered and active?)
cscli metrics list
(metrics in general)
All commands should be run with sudo.
Try it out and see how it looks. I have no idea if fail2ban and the crowdsec bouncer conflicts. If so, try and uninstall the bouncer and watch the agent’s log file to see what it would have done if a bouncer had been installed.
Hello
I do not why, and if it’s normal, to have 2 bouncers of same type:
$ sudo cscli bouncers list
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
NAME IP ADDRESS VALID LAST API PULL TYPE VERSION AUTH TYPE
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
FirewallBouncer-1646762810 127.0.0.1 ✔️ 2022-06-22T15:05:22Z crowdsec-firewall-bouncer v0.0.22-debian-pragmatic-f64e94b59a948717c3dc848f9abebb27b5974714 api-key
FirewallBouncer-1655910459 127.0.0.1 ✔️ 2022-08-12T16:02:31Z crowdsec-firewall-bouncer v0.0.23-debian-pragmatic-5a27e28ac5b528ab02fc35ae81459f75f69a3866 api-key
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Is it automatic update ?
May i remove the oldest one ?
Thanks & cheers
Cyrille37
Hello,
which version are you running ? 1.4.1 includes info about the last heartbeat from bouncers, as well as the capability to garbage collect the inactive ones : CrowdSec Configuration | CrowdSec