Information
CrowdSec is an open-source and powerful security tool that protects your infrastructure against cyber attacks and brute-force attempts. In this article, we will guide you through the process of setting up CrowdSec on Debian.
Step 1: Update the System
Before beginning the installation process of CrowdSec, you must first update your Debian system. This will ensure that you have the latest updates and dependencies required by CrowdSec.
To do this, open the terminal and run the following command:
apt update && apt upgrade
Step 2: Install CrowdSec
After updating the system, the next step is to install CrowdSec on the Debian system. You can follow the steps below to install CrowdSec:
Add the CrowdSec repository to your Debian system.
echo "deb https://dl.bintray.com/crowdsec/crowdsec-deb/ buster main" | tee /etc/apt/sources.list.d/crowdsec.list
Install the key used for the CrowdSec repository.
wget -O /tmp/cs-key.gpg https://bintray.com/user/downloadSubjectPublicKey?username=crowdsec
apt-key add /tmp/cs-key.gpg
Update the system and install CrowdSec.
apt update && apt install crowdsec
Step 3: Configure CrowdSec
After the installation process, you need to configure CrowdSec before you can use it on your system. You can do this by editing the configuration files located in the /etc/crowdsec
directory.
Enable CrowdSec service and start it.
systemctl enable crowdsec && systemctl start crowdsec
Check the status of CrowdSec service.
systemctl status crowdsec
Configure your desired profile by editing the configuration file. For example, to use the “ssh-bf” profile, run the following command:
cscli edit ssh-bf
Add your desired IP address to the whitelist.
cscli decisions add whitelist -I <IP-ADDRESS> -s 3600
Check the status of your profile and decisions.
cscli decisions list -p ssh-bf
Step 4: Test CrowdSec
The final step is to test CrowdSec to ensure that everything is working correctly. You can do this by attempting to log in to your system using a different IP address, which is not in the whitelist.
You should see that your login attempts are blocked, and the IP address is added to the blacklist by CrowdSec.