Sshd scenario test

When I run a brut force ssh login to the server, my ip adress is banned but I can sil interact with the server.

Hello !

crowdsec itself is in charge of the detection and emitting decision, but the bouncer(s) are in charge of applying the decision (see FAQ)

You should take a look at the bouncers on the hub to find where and how you want to apply the decision. If you don’t know which one to chose, netfilter is a good default to protect the machine itself, while the nginx one might more relevant if you’re doing web centric things !

Note: future versions of crowdsec’s wizard will directly suggest installation of relevant bouncers, but not done yet ^^

1 Like