Where to put the `.yaml.local` files?
According to the docs: https://docs.crowdsec.net/docs/configuration/crowdsec_configuration#configuration-files-that-support-yamllocal
you are able to create files which will overwrite the entries of the original config file but where do I have to put those
.yaml.local files?
Inside the config_dir directory which is set in config_paths?
I'm specifically asking for the bouncers/crowdsec-firewall-bouncer.yaml....Keep bouncer API as a secret?
This may sound dumb, but does the API key of a bouncer has to be kept private or is it fine if it can be public seen?
My LAPI and the bouncers are running on the same host...
crowdsec init: while loading acquisition config: no datasource enabled
I currently have only one file in my
acquis.d:
```yaml
source: journalctl
journalctl_filter:
- "-k"...FATA can't find 'crowdsecurity/linux' in collections
Hello guys, I'm getting the following error message after executing
```...
cscli collections install crowdsecurity/linux
cscli collections install crowdsecurity/linux
Newbie: How to use CrowdSec
Hello guys! I've just heard about CrowdSec for about a day now and I'm interested in adding it to my homelab.
However, I'm overwhelmed by the website since it looks liek as if there are crazy amount of ways how to setup crowdsec.
I have a VPS so I'm using ssh and I also use traefik.
What would you recommend to do to include CrowdSec to this setup? I want CrowdSec to listen to my system ports but also to the the traefik traffic (if possible?)....
Appsec + Traefik = 403
Hey,
I'm running crowdsec bare metal with tls authentication and wanted to use appsec with traefik. I configured the traefik bouncer according to the docs but when I enable Appsec the site only responds with 403 error messeges. With appsec disabled all works fine. The bouncer is registered in the remote lapi.
I'm running ubuntu 24.04 and the latest traefik docker version. I tried to disable any single option from the appsec dyamic config without success and also tried with api-key authentication.
I don't see any errors in the logs from either crowdsec or traefik. It just doesnt work when I enable appsec....
Wireguard TLS client not connecting
Hey, I'm trying to get my hetzner wireguard vps working with crowdsec.
I followed the TLS guide with cfssl from your website and that's working great in my local network so far. I made an unbound DNS overwrite to "security.localdomain" which includes my local crowdsec ip (192.168...) and the wireguard ip (10.0.0.3) in opnsense, installed all ecdsa521-certificates for the bouncer and agent. Worked more or less flawlessly except with my wireguard connected server.
I added the security.localdomain in the /etc/hosts file of the VPS and installed the ca-intermediate cert in /etc/ssl/certs IIRC and I'm able to ping the domain with correct WG IP address, but the lapi still refuses any connection. It worked without any TLS certficiates.
ping security.localdomain or ping 10.0.0.3 are all connecting and wg is up and running....
Get no Heartbeat from Home Assistant Crowdsec AddOn
Hey there, I installed the Crowdsec AddOn on my Home Assistant Server. The server is a Raspberry Pi with the Home Assistant OS.
I disabled the LAPI via the GUI and registered the Home Assistant instance by the following commands. The commands were executed via the Crowdsec Terminal on the GUI.
```
sudo cscli lapi register -u http://192.168.1.1:8080...
How do you write a custom bouncer script fed from stdin ?
I'm trying to update my custom bouncer to use stdin but it looks like it is never called, and something crash without a proper error msg.
```time="2025-01-03T13:54:16Z" level=info msg="Loading yaml file: '/crowdsec-custom-bouncer.yaml' with additional values from '/crowdsec-custom-bouncer.yaml.local'"
time="2025-01-03T13:54:16Z" level=info msg="Starting crowdsec-custom-bouncer -dc188f560ad1a428b6aead8aaf44ffb300b29956"
time="2025-01-03T13:54:16Z" level=info msg="Using API key auth"
time="2025-01-03T13:54:16Z" level=debug msg="[URL] GET http://127.0.0.1:43254/v1/decisions/stream?origins=crowdsec%2Ccscli%2CCAPI&scenarios_containing=ssh&scopes=Ip&startup=true"...
ENROLL_KEY and Auto-Accept in Crowdsec Console ?
Hey,
Is there a way to have an auto-accept of security engines in CrowdSec Console ? I thought using the ENROLL_KEY would help with that but it looks like I still have to always accept the enrolment online.
Did I miss something ?...
New how-to for crowdsec for haproxy on opnsense
Hello. I am almost certain that this is the wrong place for this, but I wanted to mention that I have created a how-to on the OPNSense forum, it is here https://forum.opnsense.org/index.php?topic=44839.0 . I hope I haven't broken any rules.
PR rdns_seo_bots.txt
Hello, since I don't know where to find the right file to make a PR, I'll do it here.
https://hub-data.crowdsec.net/whitelists/benign_bots/search_engine_crawlers/rdns_seo_bots.txt
before
```bash...
Nextcloud, false positive, blocks users
Hello, I have two clients whose IP addresses are being blocked while performing legitimate tasks. I was wondering if it would be possible to set up a captcha or something similar to prevent this from blocking the users. I will provide the details of the two alerts.
block the vpn servers
hello,
could the developers program a block list linked the current VPNs?
Regards...
Help with multi-server setup
Hi everyone
Is anyone willing to guide me in to the right direction with my multi-server setup as I seam to struggle with the correct configuration even tought I did read the wiki 🙂
I do have the following setup:...
LAPI stream mode doesn't return active decision when filtering origin "crowdsec"
https://github.com/crowdsecurity/crowdsec/issues/3373
I just made this bug report since it clearly looks like a bug to me, but does anyone have any idea how to fix it ?...
IP banned, but I still receive alerts
An attacker keeps attacking one of my servers, his ip has been detected and banned by crowdsec but he can continue to attack. Why and how can I stop him from doing so? Scenario triggered : LePresidente/http-generic-403-bf
CrowdSec for CloudPanel/WordPress websites
Hi All - I am new to CrowdSec. I am running WordPress sites on the CloudPanel (Ubuntu 24.04 LTS server). I have installed CrowdSec on it by following the installation guide https://docs.crowdsec.net/u/getting_started/installation/linux. I have also enrolled the engine to the CrowdSec console. Is this enough for the setup or I am missing something else? Please guide.
Further, In the community edition of CrowdSec, I can subscribe to 3 blocklists. Can you please suggest the relevant blocklists to subscribe to?
Thank you for the support!...
NPMplus won’t connect to api
I have an unraid server with a reverse proxy setup with NPMplus, a fork of NPM with a built in bouncer. I have a custom docker network setup and I’ve generated an api key and put it in the crowdsec.conf file within the app data of npmplus. It’s also worth noting I’m using cloudflare proxy with real ip passthrough setup in nginx. The ports are all right from what I can see and so is the api key. Blocked IPs still connect and the bouncer metrics list never updates. Trying to curl from the npmplus container to the crowdsec container gives me an error 401… I see a similar 401 error in the crowdsec container log coming from the correct ip.
I’m a bit stumped on what to try next...