Это старая версия документа!
CrowdSec
Это решение для обеспечения безопасности с открытым исходным кодом и участием пользователей, предлагающее защиту от вредоносных IP-адресов с помощью краудсорсинга и доступ к самым передовым методам анализа угроз и защиты в реальных условиях.
$ docker exec crowdsec cscli bouncers add MyDashboard $ docker exec crowdsec cscli bouncers add MyFirewall $ docker exec crowdsec cscli bouncers list $ docker exec crowdsec cscli metrics
version: '3.8' services: # # docker exec crowdsec cscli bouncers add MyDashboard # docker exec crowdsec cscli bouncers add MyFirewall # docker exec crowdsec cscli bouncers list # docker exec crowdsec cscli metrics # crowdsec: image: crowdsecurity/crowdsec:latest container_name: crowdsec restart: unless-stopped privileged: true group_add: - "4" # adm - "33" # www-data - "998" # docker socket (ваш GID из ls -l) ports: - "192.168.1.132:8484:8080" environment: - COLLECTIONS=crowdsecurity/linux crowdsecurity/nginx crowdsecurity/nextcloud - LAPI_LISTEN_ADDR=0.0.0.0 volumes: - crowdsec-db:/var/lib/crowdsec - crowdsec-config:/etc/crowdsec - /var/run/docker.sock:/var/run/docker.sock:ro - /var/log/auth.log:/var/log/auth.log:ro - proxy:/var/log/nginx:ro - nextcloud:/var/www/nextcloud/data:ro networks: - crowdsec_network crowdsec-ui: image: hhftechnology/crowdsec_manager:latest container_name: crowdsec-ui restart: unless-stopped ports: - "192.168.1.132:8481:8080" environment: - CROWDSEC_LAPI_URL=http://crowdsec:8080 - CROWDSEC_LAPI_KEY=eD3zpYmbyjCYQaS7JzGLpnbY1jOCnfmlWIeLim0W5vI depends_on: - crowdsec networks: - crowdsec_network crowdsec-firewall-bouncer: image: digitaldriveio/cs-firewall-bouncer:snapshot container_name: crowdsec-firewall-bouncer restart: unless-stopped network_mode: host privileged: true cap_add: - NET_ADMIN - NET_RAW environment: - CROWDSEC_LAPI_URL=http://192.168.1.132:8484 - CROWDSEC_LAPI_KEY=JHFZuQIst+1emdfu6I0+zi9h9+ID07hAhqm/J6Sv6yE - BACKEND=nftables - UPDATE_FREQUENCY=10s volumes: - bouncer-config:/config - /etc/localtime:/etc/localtime:ro depends_on: - crowdsec volumes: crowdsec-db: crowdsec-config: bouncer-config: proxy: external: true name: "nextcloud_proxy" nextcloud: external: true name: "nextcloud_nextcloud" networks: crowdsec_network: driver: bridge
$ docker exec crowdsec sh -c "cat <<EOF > /etc/crowdsec/acquis.yaml source: docker container_name: - nextcloud_proxy labels: type: nginx --- filenames: - /var/log/auth.log labels: type: syslog --- filenames: - /var/www/nextcloud/data/data/nextcloud.log labels: type: nextcloud EOF"
$ # docker exec crowdsec cscli metrics +-------------------------------------------------------------------------------------------------------------------------------------------+ | Acquisition Metrics | +-------------------------------------------------+------------+--------------+----------------+------------------------+-------------------+ | Source | Lines read | Lines parsed | Lines unparsed | Lines poured to bucket | Lines whitelisted | +-------------------------------------------------+------------+--------------+----------------+------------------------+-------------------+ | file:/var/log/auth.log | 10 | 6 | 4 | - | 6 | | file:/var/www/nextcloud/data/data/nextcloud.log | 1 | - | 1 | - | - | +-------------------------------------------------+------------+--------------+----------------+------------------------+-------------------+ +------------------------------------+ | Local API Metrics | +--------------------+--------+------+ | Route | Method | Hits | +--------------------+--------+------+ | /v1/heartbeat | GET | 5 | | /v1/usage-metrics | POST | 1 | | /v1/watchers/login | POST | 1 | +--------------------+--------+------+ +-------------------------------------------+ | Local API Machines Metrics | +-----------+---------------+--------+------+ | Machine | Route | Method | Hits | +-----------+---------------+--------+------+ | localhost | /v1/heartbeat | GET | 5 | +-----------+---------------+--------+------+ +------------------------------------------------------------------+ | Parser Metrics | +---------------------------------------+------+--------+----------+ | Parsers | Hits | Parsed | Unparsed | +---------------------------------------+------+--------+----------+ | child-crowdsecurity/nextcloud-logs | 3 | - | 3 | | child-crowdsecurity/sshd-logs | 114 | 6 | 108 | | child-crowdsecurity/sshd-success-logs | 4 | - | 4 | | child-crowdsecurity/syslog-logs | 10 | 10 | - | | crowdsecurity/dateparse-enrich | 6 | 6 | - | | crowdsecurity/nextcloud-logs | 1 | - | 1 | | crowdsecurity/non-syslog | 1 | 1 | - | | crowdsecurity/public-dns-allowlist | 6 | 6 | - | | crowdsecurity/sshd-logs | 10 | 6 | 4 | | crowdsecurity/sshd-success-logs | 4 | - | 4 | | crowdsecurity/syslog-logs | 10 | 10 | - | | crowdsecurity/whitelists | 6 | 6 | - | +---------------------------------------+------+--------+----------+ +---------------------------------------------------------------------------------------+ | Whitelist Metrics | +------------------------------------+-----------------------------+------+-------------+ | Whitelist | Reason | Hits | Whitelisted | +------------------------------------+-----------------------------+------+-------------+ | crowdsecurity/public-dns-allowlist | public DNS server | 6 | - | | crowdsecurity/whitelists | private ipv4/ipv6 ip/ranges | 6 | 6 | +------------------------------------+-----------------------------+------+-------------+