New to crowdsec, looking for anti basic-auth bruteforce

crowdsec
1

Hi everyone,

I switched from fail2ban to crowdsec on my personal server when the 1.0 version has been released.
I enabled the ssh, http and mysql “collections” and iptable bouncer but I’m still missing something.
I’m using basic-auth on some parts of my nginx web server and I’d like to have a scenario to prevent nginx basic auth bruteforces.

I read the docs about how to create custom configurations but I don’t really understand where to begin, knowing that the nginx parsers etc should already be done and I could just convert the fail2ban jail to a crowdsec scenarios.

Can someone explain where to begin?

Thanks,

2

Hello @teol :slight_smile:

Sorry, this is wip : nginx parser : support basic auth error messages · Issue #183 · crowdsecurity/hub · GitHub I’ll keep you posted soon !

1 Like
3

Nice, thank you :slight_smile:

4

Hello !

This has been merged : Nginx basic auth parser by AlteredCoder · Pull Request #184 · crowdsecurity/hub · GitHub

(and we added as well the scenario for basic auth to the base http collection)

Let us know :slight_smile:

ps: you should be able to run cscli hub update and then cscli collections upgrade crowdsecurity/nginx and you should see a new scenario http-generic-bf

1 Like
5

Very easy to install and works as intended, thank you!

I just had to install additional scenarios like ltsich/http-w00tw00t to make it work.

6

Hello,

cool !

Can you explain me what do you mean by that ? It shouldn’t rely on this to work :sweat_smile: