Fail2ban as agent for CrowdSec?

Hi
As there is still no current / updated version of crowdsec available in Debian repositories (others, even those from CrowdSec are not an option) I’m stucked with fail2ban on my reverse proxy (the services/servers behind the reverse proxy do run crowdsec agents in containers and the firewall bouncer is in place, but reverse proxy is set up plain software installation) …

I wonder if there is a way to use fail2ban as an agent for CrowdSec. As far as I’ve seen, fail2ban can report to AbuseIPDB and I think it would be handy to have fail2ban report as an agent to the CrowdSec local api.

Has anyone tried this? Should this be possible?

1 Like

Hello,

I never tried using fail2ban as an agent for crowdsec.
However, I was curious about what you mean by :

The repositories that we make available to users are not ok for you ? (cf. Install CrowdSec (Linux) | CrowdSec)

Hello!

I’ve already thought about it myself. In theory, it should not be difficult - to add in folder /etc/fail2ban/action.d file with something like

actionban = cscli decisions add --ip < ip > --duration < duration > --reason < reason >

And then call the jail.local.

I am now carefully reading the documentation, I just started to master CrowdSec, so I am in no hurry to implement something - I suddenly subtract a better solution.

1 Like

Yes. Those repositories are not ok.
It’s corporate rule to not use any other repositories as those from Debian for the Debian servers. It is allowed to use backports.

There has been a problem some time ago where a package has been retrieved from a non-Debian repo that should not have been hosted there (new version of a library). IT security department wasn’t amused. Since then, only official Debain repos are allowed.
As far as I understand, when I add another repo it will trust all packages on the repo. Which might be a security issue if someone places unwanted stuff.

This looks like a way to go.
I might use a script via ssh to pass the detected ip to the lapi server and use the cscli on the lapi-Server to add the detected ip. Can use a dedicated user on the lapi server only allowed to run this one script.

1 Like