CrowdSec

[Georges]

Hello,

I just discover this.
"CrowdSec is a security automation engine, using both local IP behavior detection & our community-driven IP reputation database."

https://crowdsec.net

Still in beta but this will power OPNsense into a new level with a plugin like this 0.0

What do you think?

[lfirewall1243]

Looks interesting.

But i think its not legal (without certain contracts) because of Privacy Stuff in some countrys

[mimugmail]

looks nice, but it has no FreeBSD port which would be required to get into OPNsense

[philippe_crowdsec]

Hi guys, Philippe from the CrowdSec team.
We're glad you show interest in the product.
Currently, we are finalizing the v1.0 and packaging for debian.
A container will also soon be available, as well as a CentOS package.

As you can guess, we had queries for ports on a lot of OS & distros and we will have hard time to produce them all in a timely manner. What we can offer though is a repo on our site or Github to provide community compiled packages or ports, and we'll be more than happy to. If the team needs to support a community build, it will to the best of its time and capacities. that being said, we chose Golang also because of its very high portability.

As for privacy, we are based in France. To put it mildly, we are under one of the strictest data privacy regulations on earth. We are currently feeding the paperwork beast with all the proper processes, forms, applications, tools, declarations and all that jazz. Takes a bit of time and a lot of money for the lawyers, but be sure that we are working on it.

To put it short, we don't export your logs and no data of yours. To benefit from the network reputation system for free, you have to share your own findings. When you block one IP because of a bad behavior, 3 things and only those 3 are sent back to us: 1/ The timestamp 2/ Offending IP 3/ Scenario it triggered.

Hope this brings some answers to your legitimate concerns.

[Georges]

The v1.0 is out :)

https://crowdsec.net/2020/12/07/crowdsec-v-1-0-is-out/

If i was a dev i will definitly do something to put it in OPNsense, but i'm not :/

[mimugmail]

There is no FreeBSD port ...

[Georges]

The v1.0 is out :)

https://crowdsec.net/2020/12/07/crowdsec-v-1-0-is-out/

If i was a dev i will definitly do something to put it in OPNsense, but i'm not :/

Don't forget to tell us if your are doing a FreeBSD version :)

[Georges]

Yeh!!!!!

https://github.com/mimugmail/opn-repo/issues/4

"It's now in community repo:

pkg install crowdsec
If you tell me something about config and syntax I can try to build a plugin
"

[mfalkvidd]

Anyone using Crowdsec yet?
I installed it, but it says

Code Select Expand


crowdsec is installed.

You need to edit the agent config file /usr/local/etc/crowdsec/crowdsec.yaml and
enable rc via sysrc.

# sysrc crowdsec_enable="YES"
root@OPNsense:~ # sysrc crowdsec_enable="YES"
awk: can't open file /etc/rc.conf

I am not sure what I need to place in the yaml file.

[mimugmail]

Create a file /etc/rc.conf.d/crowdsec and place the content there ...

[klausagnoletti]

Hi

I am with CrowdSec and admittedly we don't have a dedicated package of CrowdSec for OPNsense (yet).
As far as I know there's this maintained by @mimugmail (and thanks a lot for your work here). Also it's available in the official port tree.

The result is the same, though. They are made from the upstream source made for FreeBSD. I tried installing them this weekend on my two OPNsense boxes and they don't work right out of the box. I couldn't make the agent read ssh logs (and report on bruteforcing). I haven't found out why. And the bouncer is not available in @mimugmail's repo but it probably wouldn't work anyway.

State of the FreeBSD port is that it works. At least on FreeBSD - but it shows that it's a new port that we haven't gotten much user feedback on so it's not particularly mature as an easy to use product. And since FreeBSD != OPNsense it will work less good. Log file locations and -formats differs.

However, at CrowdSec we are very interested in making our tool available in an easy to use format across many platforms, so we really want to make a package for OPNsense that just works. If you're interested in helping us out by testing and reporting bugs to us directly or submitting patches, ping me at klaus (at) crowdsec (dot) net.

Thanks for wanting to try out CrowdSec. We really appreciate it!

/klaus

[mimugmail]

Klaus, do you have a quick guide for vanilla FreeBSD? Maybe I can have a shot for a basic plugin.

[klausagnoletti]

Here you go:
https://doc.crowdsec.net/Crowdsec/v1/user_tutorial/crowdsec_firewall_on_freebsd/

Following that I managed to get things working on my droplet on digiocean.

You might want to install the crowdsecurity/geoip-enrich parser if you manage to get it working. That's enabled by default on Linux and nice if you add your box to the web console (which is currently in private beta but provides a very nice overview of who's bfing your firewall).

While you're at it please add crowdsec-firewall-bouncer to your repo. Could be fun to see if I could make it work as well :-)

Thanks

/k

[mimugmail]

Sorry, the link doesn't work (anymore?)

[sorano]

Sorry, the link doesn't work (anymore?)

https://doc.crowdsec.net/blog/crowdsec_firewall_freebsd