CrowdSec replacing Fail2ban

Discussion in 'Feature Requests' started by IzFazt, Dec 11, 2020.

  1. IzFazt

    IzFazt Member HowtoForge Supporter

    much better resource usage
    lollollollol and Jesse Norell like this.
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    So your request is to use this in the Perfect Server tutorials? Include the logs in the panel? Or?
  3. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    I haven't heard of crowdsec before, but have wanted to write something that does exactly that for some time. Will definitely look into this more. I really hope they have open sourced the collection server/database piece, so that anyone can run their own (because the public service gets DoS'd or shuts down, etc.). If you can use multiple public collection services, I'd suggest we set one up for the ispconfig community, preconfigured for use (both for security incidents and spamming).
    ahrasis and IzFazt like this.
  4. IzFazt

    IzFazt Member HowtoForge Supporter

    Yes sir, we've had resource problems with fail2ban, currently using crowdsec.
  5. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Do you have measurement data on resource usage for fail2ban and crowdsec you can share here?
    ahrasis likes this.
  6. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Also somewhat germane to your question, do you have any custom configuration, or just using the collections/configuration/bouncers right from crowdsec hub? What all did you envision or hope an ISPConfig integration would configure and do? It seems like a Perfect Server tutorial that had a few commands to run the crowdsec install wizard and get it pointed at the control panel node, which itself runs the web interface, would be sufficient?

    Also to answer my earlier wandering, they do not make the "consensus engine" available to the public currently, and it sounds like probably no plans to do so any time soon.
  7. IzFazt

    IzFazt Member HowtoForge Supporter

    Hi Jesse, holidays so sorry for my late reply, Happy New Year!

    That would be sufficient indeed. There is currently one issue which I had to resolve in my personal setup, I had to turn this report off as it crashed crowdsec after the first attempt on port 22

    cscli scenarios remove crowdsecurity/ban-report-ssh_bf_report
    all other stuff on their hub I currently have activated.
  8. brainz

    brainz Member

    crowdsec works great love it.... Also works along side fail2ban..

    Screen Shot 2.jpg
    Last edited: Nov 27, 2021
    lollollollol, ahrasis and Taleman like this.
  9. IzFazt

    IzFazt Member HowtoForge Supporter

    Yes works together smooth , but I turned Fail2ban off. Crowdsec is so much more effective because bad IP's don't even pass the firewall. The owners of these IP's do not only focus on brute force. Crowdsec in conjunction with the CSF firewall - which also has a Fail2ban alike brute force protection feature as only one of it's many features - offers in my humble opinion a better protection then the default Fail2ban / Firewall setup from ISPConfig. CSF also allows you to add extra DNSBL lists. Also you should modify the default sysctl.conf (credits Aysad Kozanoglu, Github) and so on. Brute Force is only one of the many treats, still coming in a lot, almost always SSH or FTP.
    lollollollol, ahrasis and Taleman like this.
  10. lollollollol

    lollollollol Member


    Plus 1000 for crowdsec.

    It's much more powerfull and resource efficient than fail2ban.
    Fail2ban is uninstalled on all my servers for more than two years.
    Crowdsec can also protect PHP applications.
    Actively maintained.
    Really Good.
    ahrasis and Taleman like this.
  11. levien

    levien New Member

    Its not server build but via API (server-client)
    So, useless for our setup.

Share This Page