Did I have the rigth setup

crowdsec
1

Good day,

I found you by chance today.
What I have done so far, I have installed crowdsec on a Debian Bullseye where currently runs UFW with Fail2Ban.
Then I installed crowdsec-firewall-bouncer-iptables on top of that.

I have mysql, apache, pgsql and linux active as rules.

But how can I see now that the system really works? Or does it not work together with UFW?

2

Hey and thanks for posting!

You can check the /var/log/crowdsec.log file to check what’s going on in terms of errors. Or use the cscli:
cscli decisions list (which decisions has been made in terms of attacks?)
cscli bouncers list (which bouncers are registered and active?)
cscli metrics list (metrics in general)
All commands should be run with sudo.

Try it out and see how it looks. I have no idea if fail2ban and the crowdsec bouncer conflicts. If so, try and uninstall the bouncer and watch the agent’s log file to see what it would have done if a bouncer had been installed.

3

Hello

I do not why, and if it’s normal, to have 2 bouncers of same type:

$ sudo cscli bouncers list
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 NAME                        IP ADDRESS  VALID  LAST API PULL         TYPE                       VERSION                                                            AUTH TYPE 
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 FirewallBouncer-1646762810  127.0.0.1   ✔️      2022-06-22T15:05:22Z  crowdsec-firewall-bouncer  v0.0.22-debian-pragmatic-f64e94b59a948717c3dc848f9abebb27b5974714  api-key   
 FirewallBouncer-1655910459  127.0.0.1   ✔️      2022-08-12T16:02:31Z  crowdsec-firewall-bouncer  v0.0.23-debian-pragmatic-5a27e28ac5b528ab02fc35ae81459f75f69a3866  api-key   
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Is it automatic update ?
May i remove the oldest one ?

Thanks & cheers
Cyrille37

4

Hello,

which version are you running ? 1.4.1 includes info about the last heartbeat from bouncers, as well as the capability to garbage collect the inactive ones : CrowdSec Configuration | CrowdSec