Learn about Centmin Mod LEMP Stack today
Become a Member

CrowdSec

Discussion in 'System Administration' started by enderst, Feb 19, 2022.

  1. enderst

    enderst New Member

    29
    5
    3
    Dec 12, 2017
    Ratings:
    +8
    Local Time:
    2:01 AM
    Any gotchas to look out for when installing CrowdSec?

     
  2. eva2000

    eva2000 Administrator Staff Member

    49,034
    11,232
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,483
    Local Time:
    6:01 PM
    Nginx 1.21.x
    MariaDB 10.x
    Assuming you mean https://crowdsec.net/? As I haven't tried myself, probably best to test on a test hourly VPS server and see.

    I suppose one thing is Centmin Mod installs CSF Firewall CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS but it's just a wrapper to underlying IPTables. But CSF Firewall loads up it's IPTables configuration dynamically at server start up time overriding direct IPTable rules you setup unless you place your own IPTables rules in executable shell script at /etc/csf/csfpre.sh i.e. https://community.centminmod.com/threads/ovh-icmp-ping-whitelist-for-csf-firewall.11427/#post-48519. Then CSF Firewall will load those before it's own at start up.

    Quick Google search suggests Crowdsec + CSF Firewall work together CrowdSec replacing Fail2ban

    Other thing is if it inspects Nginx access logs, know that Centmin Mod by default does buffer Nginx access logs to a small memory segment i.e. access_log directives have additional directive lines for which you can remove to disable buffering for real time logging rather than buffered memory logging
    Code (Text):
    buffer=256k flush=5m