The main points for me us that its more up to date and provides more security than fail2ban.
it comes with a nice dashboard and an API for easy integration.
I think it would be a nice addition and could possibly with as an alternative or alongside to fail2ban.
From there page;
Collaborative Security
Our strength comes from our cybersecurity community that is burning cybercriminals’ anonymity. By sharing IP addresses that aggressed you, you help us curate and redistribute a qualified IP blocklist to protect everyone.
GDPR Compliant
Sharing is caring but privacy matters even more. We collect the very strict minimum in order to be GDPR compliant. Hence, we never export your logs and the only data sent for curation are a timestamp, the aggressive IP, and the scenario used in the attack.
Crowdsec is basically an improved version of fail2ban. Letting them run together makes no sense in my opinion. Choosing one or the other via the UI makes sense, of course.
I’ve completely disabled fail2ban and only use crowdsec which is managed through one central server via API.
Maybe it would be enough to add crowdsec only to the documentation as an alternative.
This makes no sense for us… Up keeping 2 different systems takes time we don’t have and don’t want to spend… We have removed apache2 as front facing panel for the same reason we don’t want to waste time on testing 2 different it takes to test. It requires time to adjust it every time and we don’t have It…
I am not interested in having multiple applications. I fully understand that this doesn’t make sense to you. I just thought it was logical to be able to switch applications and not have 2 identical applications running blindly. I will admit that this is something that should probably be handled by the user.
I will be doing the same at weekend, i will be doing some tests on 3 vm’s to see if i get consistent results.
easy install and it comes with premade jails (so to speak) https://hub.crowdsec.net/browse/#bouncers
Just to name a few:
Dovecot
Mariadb
Docker
Nginx logs
Myself
Postfix configs
There’s loads of premade configs.
It is also worth mentioning that if you install hestiacp without fail2ban and lastly install crowdsec it will auto detect the services that are already installed on the system and auto the files necessary for the installed services, makes it even simpler.
To understand how CrowdSec mitigates this, you will need an understanding of how the consensus engine that assesses reveived CTI, works. To my knowledge there is not a whitepaper describing this yet but there is (at least one) video on YouTube with our CEO Philipe describing how it works. He does so from around 8m10s.