Halo semuanya! Sebelum Tahun Baru, kami merilis pembaruan besar produk kami - CrowdSec v.1.0.X, yang berisi perubahan signifikan dibandingkan dengan versi sebelumnya. Yang terpenting, REST API lokal dioperasikan dan perubahan arsitektur yang sesuai dibuat. Hasilnya, proses pembuatan bouncer menjadi sangat disederhanakan dan stabilitasnya meningkat, sementara waktu pemeliharaan sistem berkurang.
Dalam artikel ini, Anda akan menemukan materi dasar tentang bagaimana CrowdSec didesain ulang dan, secara umum, dapat dianggap sebagai Panduan Pengguna bagi mereka yang akan mencoba produk kami di sistem mereka.
CrowdSec ( , cscli ) REST API, . , SQLite, PostgreSQL MySQL.
, CrowdSec Linux Server. :
CrowdSec
-
CrowdSec Debian 10 buster t2.medium EC2. nginx:
Debian 10 buster t2.medium EC2.
, nginx:
$ sudo apt-get update
$ sudo apt-get install nginx
, ssh (tcp / 22) http (tcp / 80) . .
CrowdSec
CrowdSec ( GitHub):
$ curl -s https://api.github.com/repos/crowdsecurity/crowdsec/releases/latest | grep browserdownloadurl| cut -d '"' -f 4 | wget -i β
$ tar xvzf crowdsec-release.tgz
$ cd crowdsec-v1.0.0/
$ sudo ./wizard.sh -i
, ,
. nginx, sshd Linux-.
- :
, CrowdSec . , .
β , . , Crowdsecurity/sshd sshd ssh .
, ( , CrowdSec ), .
, ( , ).
β , IP-. , , CrowdSec. .
CrowdSec .
CrowdSec
, CrowdSec , , «».
- wapiti
- nginx wapiti IP-.
ATTACKER$ wapiti -u http://34.248.33.108/ [*] Saving scan state, please wait⦠Note ======== This scan has been saved in the file /home/admin/.wapiti/scans/34.248.33.108folderb753f4f6.db ⦠|
«»:
, IP :
- Crowdsecurity / http-path-traversal-probing: URI GET
- Crowdsecurity / http-sqli-probbing-detection: SQL- URI GET
, , , nginx-, . , , -.
, - nginx, , , -.
cscli
CrowdSec cscli. β :
cscli decisions list, , , cscli alerts list ( - ).
- , cscli alerts inspect -d <ID> (ID , . ).
scli , . , :
β . Β«tail the logfileΒ» β metabase dashboard prometheus.
cscli dashboard setup metabase , . :
: Prometheus
, -, , Prometheus metabase.
, cscli metrics:
, cscli metrics Prometheus. , , (!) Prometheus CrowdSec. , Prometheus :
- Buckets: , / ;
- Acquisition: / , / ;
- Parser: / ;
- Local API: . .
cscli, . Prometheus Grafana. :
:
, CrowdSec . , . : CrowdSec , .
cs-firewall-bouncer. IP iptables nftables. , sudo cscli solutions delete -i X.X.X.X ( X.X.X.X β IP-).
- GitHub:
|
$ tar xvzf cs-firewall-bouncer.tgz $ cd cs-firewall-bouncer-v0.0.5/ |
:
, REST API, , :
sudo cscli bouncers list , .
, , IP . , . .
, , - .
:
ATTACKER$ curl --connect-timeout 1 http://34.248.33.108/
curl: (28) Connection timed out after 1001 milliseconds
, :
, cs-firewall-bouncer nftables, iptables. nftables ( debian 10 ) Crowdsec Crowdsec6 ( ipv4 ipv6 ).
$ sudo nft list ruleset
β¦
table ip crowdsec {
set crowdsec_blocklist {
type ipv4_addr
elements = { 3.22.63.25, 3.214.184.223,
3.235.62.151, 3.236.112.98,
13.66.209.11, 17.58.98.156, β¦
}
}
chain crowdsec_chain {
type filter hook input priority 0; policy accept;
ip saddr @crowdsec_blocklist drop
}
}
table ip6 crowdsec6 {
set crowdsec6_blocklist {
type ipv6_addr
}
chain crowdsec6_chain {
type filter hook input priority 0; policy accept;
ip6 saddr @crowdsec6_blocklist drop
}
}
iptables mftables, , /etc/crowdsec/cs-firewall-bouncer/cs-firewall-bouncer.yaml/ , iptables ipset.
, , /etc/crowdsec/cs-firewall-bouncer/cs-firewall-bouncer.yaml, , nftables iptables ( iptables ipset).
, . , CrowdSec. :