Help me update my possibly outdated crowdsec setup.
Hello everyone,
It has been a while since I last worked with crowdsec, a lot seems to have changed, and I am lost. My personal setup has changed as well, I was using authelia as my auth service, but I've moved over to authentik.
That's also where my first question lies, I used to have authelia setup. With the collection
LePresidente/authelia
At the same time I had setup a log path as follows, see screenshot. I would like to switch this to authentik, but I don't know how. I would like to use this: https://app.crowdsec.net/hub/author/firix/collections/authentik, and I know it outlines some stuff on this page, but I cannot make sense out of it.
Secondly, I have been using these collections since I started using crowdsec a long time ago:
crowdsecurity/nginx crowdsecurity/base-http-scenarios LePresidente/authelia crowdsecurity/discord-crawler-whitelist
Are these still up-to-date or do you guys recommend I add new stuff to it?
Thirdly, I saw that a whole dashboard has been added with several blocklists, I thought I had set that up, but what are recommendations on what free lists I should implement for my exposed web applications?
Hope this isn't too much of an ask, bit uncertain as so much has been changed in my absence.
Kind regards in advance!
5 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
Also, if there are certain collections which may benefit me, I have looked around, but I'm uncertain.
Seems like my questions may have been too much? 😅
Hey,
Most important thing to upgrade is crowdsec itself (if you are running crowdsec outside a container, it will automatically update the hub content everyday, but you'll be limited to what was released until the next version comes out (if that makes sense :D))
If you run crowdsec inside a container, you just have to restart the container for it to pull the new versions (same thing, you will have access to everything that was changed until the next version was released).
Next, for the collections to install, we cannot really answer that one for you: it depends on what kind of services you expose.
And for the blocklists, again, it depends on what you want to block: generic attackers, proxies, tor nodes, ....
Thank you @blotus!
I am slowly navigating my way through some stuff, and I kept the container up to date. I have managed to get authentik to work making use of the docker logs for the authentik-server. Which will now forbid access to authentik, which is good.
However, it made me wonder. Is there a way for me to instead of blocking the users locally, to block them from cloudflare? I know there is a bouncer, and I know the flaws that come with it, but is it possible to set it up in such a way that my own bans get synced to cloudflare?
yes, that's exactly the job of bouncer 🙂
It will take the decisions you have (either local ones or ones coming from blocklists), and will add them in cloudflare.
We have 2 bouncers for cloudflare:
- https://docs.crowdsec.net/u/bouncers/cloudflare/: the "old" one, works on a free plan BUT there are huge rate limits (which AFAIK are not documented publicly by cloudflare, and are a giant pain to deal with)
- https://docs.crowdsec.net/u/bouncers/cloudflare-workers/: the "new " one that deploys a worker, technically can work with a free plan but you will need to configure it to only take local decisions