Have you seen the fail2ban alternative?

Just found this.
Its a alternative to fail2ban https://crowdsec.net/

The main points for me us that its more up to date and provides more security than fail2ban.
it comes with a nice dashboard and an API for easy integration.

I think it would be a nice addition and could possibly with as an alternative or alongside to fail2ban.

From there page;

Collaborative Security
Our strength comes from our cybersecurity community that is burning cybercriminals’ anonymity. By sharing IP addresses that aggressed you, you help us curate and redistribute a qualified IP blocklist to protect everyone.

GDPR Compliant
Sharing is caring but privacy matters even more. We collect the very strict minimum in order to be GDPR compliant. Hence, we never export your logs and the only data sent for curation are a timestamp, the aggressive IP, and the scenario used in the attack.

It’s not an alternative. We should use both.

1 Like

There is allready an outstanding feature request for it…

1 Like

I totally agree to run alongside fail2ban, thinking about implementing it to cover all my personal services that are exposed to the net

1 Like

Crowdsec is basically an improved version of fail2ban. Letting them run together makes no sense in my opinion. Choosing one or the other via the UI makes sense, of course.
I’ve completely disabled fail2ban and only use crowdsec which is managed through one central server via API.
Maybe it would be enough to add crowdsec only to the documentation as an alternative.

1 Like

This makes no sense for us… Up keeping 2 different systems takes time we don’t have and don’t want to spend… We have removed apache2 as front facing panel for the same reason we don’t want to waste time on testing 2 different it takes to test. It requires time to adjust it every time and we don’t have It…

1 Like

Adding to the documentation would be an easier option.

Including details of how to disable fail2ban and installing and configuration of crowdsec (might stop forum posts on how to install).

This would allow people to chose to have an updated more modern security option with a nice dashboard.

I am not interested in having multiple applications. I fully understand that this doesn’t make sense to you. I just thought it was logical to be able to switch applications and not have 2 identical applications running blindly. I will admit that this is something that should probably be handled by the user.

1 Like

Still, this would then tend to an “official support” where we would need to test and support it. So basicly we just could implement it directly.

2 Likes

According to this is should do what Fail2ban does so it doesn’t make sense to keep F2B alive …

nano /usr/local/hestia/conf/hestia.conf

replace FIREWALL_EXTENSION=’’

And apt remove fail2ban

I am a fan of implementing in the future but need to investigate it a lot more…

3 Likes

That’s how I found out about it. Lol

Looks interesting. Will have a play with it.

I will be doing the same at weekend, i will be doing some tests on 3 vm’s to see if i get consistent results.
easy install and it comes with premade jails (so to speak)
https://hub.crowdsec.net/browse/#bouncers

The monitors are here.
https://hub.crowdsec.net/browse/#collections

Premade configuration files
https://hub.crowdsec.net/browse/#configurations

Just to name a few:
Dovecot
Mariadb
Docker
Nginx logs
Myself
Postfix configs

There’s loads of premade configs.

It is also worth mentioning that if you install hestiacp without fail2ban and lastly install crowdsec it will auto detect the services that are already installed on the system and auto the files necessary for the installed services, makes it even simpler.

1 Like

So it is trivial to install.

I love the idea of using crowdsec. We could all benefit from it BUT there is the issue with poisoning.

I have not seen clear information on how crowdsec handles a potential attack of denial of service by poisoning the network with false positives.

This is the answer I got on there forum…

Hi

To understand how CrowdSec mitigates this, you will need an understanding of how the consensus engine that assesses reveived CTI, works. To my knowledge there is not a whitepaper describing this yet but there is (at least one) video on YouTube with our CEO Philipe describing how it works. He does so from around 8m10s.

Let me know if you have more questions.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.