CrowdSec

[franco]

"misconfigured" means the plugin was installed by console and was not registered in the config.xml. As long as there is no upstream repo for it that situation will be normal but not affect operation at all (same as "orphaned").


Cheers,
Franco

[cookiemonster]

Crowdsec has been installed, what should be done with the message that v1.3 is available?

I'm wondering the same thing. There's no binary for it I can find in github and the instructions that I can find don't include updates, which I find odd. Early days I suppose.

[zz00mm]

firewall has been updated to build 005 which contains v1.3 of the crowdsec engine. The crowdsec portal has updated itself and shows the correct versions.

[cookiemonster]

thanks for posting, yes a new version is available now.

[alexroz]

CrowdSec arrives on OPNsense

[lilsense]

Would someone elaborate on the Zenarmor/Suricata and Crowdsec? should all of them be used all together/separate or not at all?

[RamSense]

you can run them together if you like and build some multi layer of protection.
For those who also want to start with crowdsec but don't know how, I just found a nicely written guide for you:
https://homenetworkguy.com/how-to/install-and-configure-crowdsec-on-opnsense/

[hushcoden]

Sorry if I'm missing something obvious, but I just installed it and the two aliases crowdsec_blacklists and crowdsec6_blacklists are empty ?

I thought they'd contain the URLs where they'd take the bad IPs from ?

[hushcoden]

Also, just noticed in system -> firmware the cowdsec plugin is listed as misconfigured - but I didn't errors during the installation, any suggestions?

Tia.

[cookiemonster]

Also, just noticed in system -> firmware the cowdsec plugin is listed as misconfigured - but I didn't errors during the installation, any suggestions?

Tia.

"misconfigured" means the plugin was installed by console and was not registered in the config.xml. As long as there is no upstream repo for it that situation will be normal but not affect operation at all (same as "orphaned").


Cheers,
Franco

[cookiemonster]

Sorry if I'm missing something obvious, but I just installed it and the two aliases crowdsec_blacklists and crowdsec6_blacklists are empty ?

I thought they'd contain the URLs where they'd take the bad IPs from ?

It looks like they get pulled every two hours by default according to the "Alerts" tab on the plugin UI. I don't remember if they got populated immediately at installation time though. I'd give it a little time, like two hours max or check the docs.

[abulafia]

Sorry if I'm missing something obvious, but I just installed it and the two aliases crowdsec_blacklists and crowdsec6_blacklists are empty ?

I thought they'd contain the URLs where they'd take the bad IPs from ?

It looks like they get pulled every two hours by default according to the "Alerts" tab on the plugin UI. I don't remember if they got populated immediately at installation time though. I'd give it a little time, like two hours max or check the docs.

Confirmed that they get populated automatically after some time (2h sounds about right).

[Christophe999s]

Having a similar issue. I've been running crowdsec since yesterday and the crowdsec6_blacklists also remains empty. Adding one manually using cscli decisions add --ip xxxx --duration 1m works, but none are added automatically. No problem with the ipv4 crowdsec_blacklists though.

[hushcoden]

It didn't work for me, for some reason: after 3 days blacklists were still empty so I removed it...

[RamSense]

Did you install it in the given order? https://github.com/crowdsecurity/opnsense-plugin-crowdsec/

Copy them to your firewall instance with scp, then install the packages in the following order but do not enable them like the post-install messages say. These instruction are for using them without OPNsense.

# pkg add ./crowdsec-1.3.2.txz
...
# pkg add ./crowdsec-firewall-bouncer-0.0.23.r2.txz
...
# pkg add ./os-crowdsec-0.0.7.txz
...