Newbie questions before installation

Hello

We are running some CentOS servers with Plesk and running the “usual stuff”. Other servers are running tomcat with Lucee (CFML engine).

I’m quite familiary with Fail2Ban, but honestly i don’t like it much :slight_smile:

I have spend some time for your the documention, but i haven’t found some specific information about these topics:

  • Does CrowdSec protect already SSH Logins?

  • I have seen a bouncer for nginx, but what is about apache webserver (httpd)? Protected by default?

  • I know, that i can create my own bouncers. Can “cscli bouncers example” used as a template or should i use the custom-bouncer? Also new parsers or scenarios might be needed, i guess

  • I would like to protect the logins for several Web applications like NextCloud, Shopware, Plesk, preside CMS and others. Can i take the WordPress Bouncer as a role model for this? Sometimes it’s easier to learn from a template as an addition for the docs, at least in my case.

  • I have already seen a post regarding blocking known IP addresses, which isn’t possible out of the box. Any idea, how to do this or is this maybe already on your roadmap?

Thank you very much

Cheers

Martin

Hi Martin and thanks for your questions!

I hope my reply on those questions I knew the reply to made sense. If not, feel free to ask again.

Hi Klaus

Thanks for your answers. I think, i need to clarify some questions :slight_smile:

  • I have already seen a post regarding blocking known IP addresses, which isn’t possible out of the box. Any idea, how to do this or is this maybe already on your roadmap?

I have some notorious hacker attacks from several networks. Instead of blocking them directly in the firewall, which is silly work in Plesk, i wanted to block IP addresses or even whole ranges in CrowdSec.

  • I would like to protect the logins for several Web applications like NextCloud, Shopware, Plesk, preside CMS and others. Can i take the WordPress Bouncer as a role model for this? Sometimes it’s easier to learn from a template as an addition for the docs, at least in my case.

You answer sounds complicated to this question. With Fail2Ban we’re checking the log files for failed login attemps. I think, the basics of these pattern can be reused with CrowdSec.

Since i’m not really fit with the used terms in CrowdSec in like to have kinda custom “module” or however it is named for each action.

Maybe it would make sense to start with CrowSec to learn things :slight_smile:

Many Thanks

Hi Martin

I am sure the replies to your question is a bit limited by me not knowing anything at all about Plesk. If it runs in a webserver supported by CrowdSec (e.g. Apache, nginx or Caddy), attacks can be detected and blocked on whatever level the bouncer you choose, blocks traffic at.

I don’t know how patterns are made with fail2ban but with CrowdSec they’re made with Grok. But you’re at least right that you can get a certain understanding of how logs are constructed from fail2ban parsers. If f2b parsers are made in regexp it should be relatively easy to convert.

I think you’re right in that you should be installing. To me that is the best way to get to understand a new technology.

Feel free to ask again if my replies weren’t sufficient.

Hi Klaus!

Thanks for the update! I’m sure, i can learn a lot from the stuff from the hub :slight_smile:

1 Like