#linux #homelab #security #serverCheck out the documentation: https://docs.crowdsec.net/docs/next/getting_started/install_crowdsec Detection
Install the Security Engine that only detects but does not block.curl -s https://install.crowdsec.net | sudo sh
sudo apt install crowdsec
Run the configuration interactively by using the wizard. This can be done all the time.sudo /usr/share/crowdsec/wizard.sh -c
Directories:- The application lives in the folder /etc/crowdsec.
- The data is stored in the folder /var/lib/crowdsec/data.
See all currently installed collections:# See all currently installed collections
sudo cscli collections list
# See metrics
sudo cscli metrics
# List bouncer
sudo cscli bouncer list
Remediation / Bouncer
Remediation Components are software packages in charge of acting upon decisions provided by the Security Engine. Depending on where you would like to remediate the decision, you will need to install the appropriate Remediation Component.For basic firewall blocking we use the firewall bouncer.sudo apt install crowdsec-firewall-bouncer-iptables
Other
Restart the crowdsec service:service crowdsec restart
To see the local detected attacks in CrowdSec using the cscli command-line interface, you can use the following command:sudo cscli alerts list