CrowdSec newbie, just installed CrowdSec on Raspberry Pi 4, following all steps prescribed here.
Unless everything is fine, it seems the engine has no linked blocklists while dashboard shows 3 are subscribed.
Did I miss a step?
root@raspberrypi:~# cscli version
2024/09/04 16:54:08 version: v1.4.6-6~deb12u1-debian
2024/09/04 16:54:08 Codename: alphaga
2024/09/04 16:54:08 BuildDate: 2023-07-15_09:29:33
2024/09/04 16:54:08 GoVersion: 1.19.8
2024/09/04 16:54:08 Platform: linux
2024/09/04 16:54:08 Constraint_parser: >= 1.0, <= 2.0
2024/09/04 16:54:08 Constraint_scenario: >= 1.0, < 3.0
2024/09/04 16:54:08 Constraint_api: v1
2024/09/04 16:54:08 Constraint_acquis: >= 1.0, < 2.0
Thank you for creating the question, the organization level blocklist feature is recently been added. I will ask some questions internally about the engine summary page as the blocklist is subscribed to an org level, ATM I believe the engine summary page will reflect 0 on the console which may be very confusing as a UX.
Could you check on the subscribed engines / integrations that the list is infact included?
Security Engine:
Integrations:
You would have to curl or check which ever firewall / service your using to ingest it.
Although subscribed engines/integrations confirm block list(s) are included, I plan to wipe and do a fresh CrowdSec install on this Raspberry Pi 4 this weekend to see if resulting dashboard remain the same.
If my RasPi is behind a Unifi firewall, do I need to expose the RasPi (port forward) in order for it to “be in front of the Unifi firewall” and report/block attempted scans? I’m trying to set the RasPi up as a sort of honeypot (open to any setup recommendations) that protects the rest of the network while providing metrics.
