Very interesting. I liked the fact you went through most things at a high level, which is exactly what an overview should be. Sometimes you just need to know 'what are the boundaries of a thing' to avoid becoming overwhelmed. Great job.
This is awesome. I'm about to deploy servers for a small business and will be deploying crowdsec, Could we ave a Windows set up and config please? So many of us are still stuck in this space. Thanks in advance and what an awesome project guys.
Hi. I^m doing a project and I decided to use Crowdsec as well. Could you tell me if there is any way to modify °how many times one can login° until banned? now it is about 5 tries and after the 5th I will get banned, I want to change that to 2. Where can I find this option? thank you in advance. P.S. I love this program, extremly usefull for normal use but as premium as well I think. In my network I have a fedora 38 with freeipa and a ubuntu 24 with nextcloud and crowdsec. (both cloud servers)
Hey 👋 The capacity of the Scenarios are handled within themselves rather than a global limit. You can find the capacity within the files under /etc/crowdsec/scenarios/ and find which scenario you wish to alter. Thank you for kind words ♥
Hi! is there a step by step guide to install CrowdSec on OpenWRT? I tried to install it on my router that uses OpenWRT, but the bouncer doesn't work. Thanks!
It would be really nice to get a guide on how to set up the tarpit like you mentioned. Assume SSH, EndlessSSH, and a base Crowdsec are installed, how do you go from there to automatic blocking of attackers against your other services? I know Crowdsec is mostly targeted more at professionals, but as a homelabber I don't mind sharing my logs too much and I'm only running a couple of services so I can be confident anything else is an attack. Give us some quick and easy ways to flag bad actors and you'll get more clean data more quickly. I don't have the energy to dive into the minutia of Crowdsec like it's my job, but give me some quick and easy recipes (i.e. 5-10 minute videos) to capture high quality data and I'll happily set them up, especially if I'm protecting my other services at the same time.
Yes! and our support specialist has arranged a live stream on RUclips for this topic ruclips.net/user/live-l0E0oIo6no If you cannot make it for the time directly because its on RUclips it will automatically be uploaded as a reply.
FYI nginx is no longer supported on Ubuntu Jammy 22.04.3 LTS. You need to install openresty (includes nginx core) for a bouncer to work. Or does the 1.5.x version install it for you?
Nginx lua is not supported by Ubuntu from Jammy onwards. Within the video, we use 20.04, which was still LTS at the time. For package installation, you must use open resty moving forwards. However, if you still want to use nginx, then you must either compile your own or use a third-party repository.
We recently added the ability to send K8s audit logs to be parsed by crowdsec docs.crowdsec.net/docs/next/data_sources/kubernetes_audit these logs are needed for CrowdSec to detect such attacks
Im having a hard time finding the info, but I run ssh on a non-standard port. How do I configure the ssh scenarios over the default port and the one I've created?
Actually what I have is a Linux phone, a Librem 5, running on PureOS. I understand Crowdsec is designed for Linux servers. I dont have a Linux server. Can Crowdsec be installed on my PureOS phone which is based on Debian.? Actually I managed to install Crowdsec , but failed to install a bouncer as it said PureOS was not supported.
Hey Laurence here from the video. Nginx is just an example application which is just the default install from ubuntu which is the default image provided by killercoda. Sorry you feel this is not beginner level, anything in particular you felt was difficult or not explained well from the point of view of Crowdsec.
@@crowdsec hey Lawrence, I really liked the video other than nginx as you can't install a your nginx bouncer due to the lua dependencies required are not supported anymore from what I understand. Is there a video or documentation explaining how to address this issue? Getting any answers on discord for the few posts I have made hasn't been super helpful, particularly when trying to set up parent and child agents.
@@dankkster Yes, ubuntu 22.04 dropped support for nginx lua. So it means you would have to use openresty moving forward. This is a decision from the ubuntu team so we cannot force them to support a package. In their owns words "Just use openresty as it's a drop in replacement" I am quite active on the discord are you experiencing any issues?
@@crowdsec "are you experiencing any issues? "lol I have plenty of them. I am trying to learn how to effectively use crowdsec with child agents. I have a million little questions, but my main one to stay on point here is, where can I get some information on how to best move to openresty either by replacing nginx or adding a module maybe? I am pretty lost and do realize it has nothing to do with crowdsec - only that using nginx in current videos is somewhat misleading as it isn't mentioned that 22.04 does support nginx lua. Any help for this hurdle would be appreciated. Re: Discord - I have a question open in discord right now that I opened nearly 24 hours ago without any response at all. Thanks again for the reply!
@@dankkster I understand your point about 22.04 but we are not using that version here and to be completely honest its for beginners we dont need to add all little details it will just confuse people. Most of openresty is compatible with nginx as it is nginx under the hood it just comes with lua support out of the box rather than it being a module. Discord is community support its not a service desk so expecting it to be that it is not. From the times you seem to be online I also believe our timezones are rather different we are CET. However, I will continue the conversation on discord
![Ice On My Teeth - ATEEZ エイティーズ 에이티즈 [Music Bank] | KBS WORLD TV 241115](http://i.ytimg.com/vi/c-n92OgbbwA/mqdefault.jpg)
Thank you for taking the time to create this valuable resource.
My pleasure!
- Laurence CrowdSec Support
Very interesting. I liked the fact you went through most things at a high level, which is exactly what an overview should be. Sometimes you just need to know 'what are the boundaries of a thing' to avoid becoming overwhelmed. Great job.
Great beginners tutorial, and overall great product! Thanks!
Great tutorial! Thank you! Recommended to anyone starting with crowdsec.
This is incredible, I love this! thank you CrowdSec!!
great video and well explained, thank you
This is awesome. I'm about to deploy servers for a small business and will be deploying crowdsec, Could we ave a Windows set up and config please? So many of us are still stuck in this space. Thanks in advance and what an awesome project guys.
thank you so much
You're welcome!
Hi. I^m doing a project and I decided to use Crowdsec as well. Could you tell me if there is any way to modify °how many times one can login° until banned? now it is about 5 tries and after the 5th I will get banned, I want to change that to 2. Where can I find this option? thank you in advance.
P.S. I love this program, extremly usefull for normal use but as premium as well I think.
In my network I have a fedora 38 with freeipa and a ubuntu 24 with nextcloud and crowdsec. (both cloud servers)
Hey 👋
The capacity of the Scenarios are handled within themselves rather than a global limit. You can find the capacity within the files under /etc/crowdsec/scenarios/ and find which scenario you wish to alter.
Thank you for kind words ♥
Hi! is there a step by step guide to install CrowdSec on OpenWRT? I tried to install it on my router that uses OpenWRT, but the bouncer doesn't work. Thanks!
Great overview! Much less itimidating than the 1:29:02 version (and you didn't say "PITA" even once ;-)
Thanks, well done.
Where did you get a crowdsec hoodie from?
I got my hoodie from being hired by CrowdSec, we do give them out at events! Also there may be a swag store coming soon that may have it
👀
awesome content, thanks!
It would be really nice to get a guide on how to set up the tarpit like you mentioned. Assume SSH, EndlessSSH, and a base Crowdsec are installed, how do you go from there to automatic blocking of attackers against your other services?
I know Crowdsec is mostly targeted more at professionals, but as a homelabber I don't mind sharing my logs too much and I'm only running a couple of services so I can be confident anything else is an attack. Give us some quick and easy ways to flag bad actors and you'll get more clean data more quickly. I don't have the energy to dive into the minutia of Crowdsec like it's my job, but give me some quick and easy recipes (i.e. 5-10 minute videos) to capture high quality data and I'll happily set them up, especially if I'm protecting my other services at the same time.
Yes! and our support specialist has arranged a live stream on RUclips for this topic ruclips.net/user/live-l0E0oIo6no
If you cannot make it for the time directly because its on RUclips it will automatically be uploaded as a reply.
FYI nginx is no longer supported on Ubuntu Jammy 22.04.3 LTS. You need to install openresty (includes nginx core) for a bouncer to work. Or does the 1.5.x version install it for you?
Nginx lua is not supported by Ubuntu from Jammy onwards. Within the video, we use 20.04, which was still LTS at the time.
For package installation, you must use open resty moving forwards. However, if you still want to use nginx, then you must either compile your own or use a third-party repository.
I installed Crowdsec and Integrated it with Kubernes like your doc explain. Can Crowdsec capture incidents such as container escape? if so how?
We recently added the ability to send K8s audit logs to be parsed by crowdsec docs.crowdsec.net/docs/next/data_sources/kubernetes_audit these logs are needed for CrowdSec to detect such attacks
Im having a hard time finding the info, but I run ssh on a non-standard port. How do I configure the ssh scenarios over the default port and the one I've created?
No need, we read the logs from syslog (or auth.log if your distro does that) and it doesn't matter what port you are running on.
Actually what I have is a Linux phone, a Librem 5, running on PureOS.
I understand Crowdsec is designed for Linux servers. I dont have a Linux server.
Can Crowdsec be installed on my PureOS phone which is based on Debian.?
Actually I managed to install Crowdsec , but failed to install a bouncer as it said PureOS was not supported.
Most likely, it could. However, what services are you running that are exposed to the Internet on your phone?
is there a way to create scenario where it check for multiple 404 errors using https?
Yes, you can take inspiration from the http-bf scenarios hub.crowdsec.net/author/crowdsecurity/configurations/http-generic-bf
Is it free or paid
The Security Engine is free to use, we offer a freemium model via app.crowdsec.net/ but you dont have to use the console.
why is nginx even being used here? it is not usable out of the box anymore and not discussed at all. this is not beginner level.
Hey Laurence here from the video. Nginx is just an example application which is just the default install from ubuntu which is the default image provided by killercoda. Sorry you feel this is not beginner level, anything in particular you felt was difficult or not explained well from the point of view of Crowdsec.
@@crowdsec hey Lawrence, I really liked the video other than nginx as you can't install a your nginx bouncer due to the lua dependencies required are not supported anymore from what I understand. Is there a video or documentation explaining how to address this issue? Getting any answers on discord for the few posts I have made hasn't been super helpful, particularly when trying to set up parent and child agents.
@@dankkster Yes, ubuntu 22.04 dropped support for nginx lua. So it means you would have to use openresty moving forward. This is a decision from the ubuntu team so we cannot force them to support a package. In their owns words "Just use openresty as it's a drop in replacement"
I am quite active on the discord are you experiencing any issues?
@@crowdsec "are you experiencing any issues? "lol I have plenty of them. I am trying to learn how to effectively use crowdsec with child agents. I have a million little questions, but my main one to stay on point here is, where can I get some information on how to best move to openresty either by replacing nginx or adding a module maybe? I am pretty lost and do realize it has nothing to do with crowdsec - only that using nginx in current videos is somewhat misleading as it isn't mentioned that 22.04 does support nginx lua. Any help for this hurdle would be appreciated. Re: Discord - I have a question open in discord right now that I opened nearly 24 hours ago without any response at all. Thanks again for the reply!
@@dankkster I understand your point about 22.04 but we are not using that version here and to be completely honest its for beginners we dont need to add all little details it will just confuse people. Most of openresty is compatible with nginx as it is nginx under the hood it just comes with lua support out of the box rather than it being a module. Discord is community support its not a service desk so expecting it to be that it is not. From the times you seem to be online I also believe our timezones are rather different we are CET. However, I will continue the conversation on discord