GithubHelp home page GithubHelp logo

hartl3y94 / crowdsec Goto Github PK

View Code? Open in Web Editor NEW

This project forked from crowdsecurity/crowdsec

0.0 0.0 0.0 89.91 MB

CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.

Home Page: https://crowdsec.net

License: MIT License

Makefile 1.23% Go 88.88% Shell 9.48% Dockerfile 0.14% Python 0.27%

crowdsec's Introduction

CrowdSec




Coverage Status

๐Ÿ“š Documentation ๐Ÿ’  Configuration Hub ๐Ÿ’ฌ Discourse (Forum) ๐Ÿ’ฌ Discord (Live Chat)

๐Ÿ’ƒ This is a community driven project, we need your feedback.

<TL;DR>

CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM based infrastructures (by decoupling detection and remediation). Once detected you can remedy threats with various bouncers (firewall block, nginx http 403, Captchas, etc.) while the aggressive IP can be sent to CrowdSec for curation before being shared among all users to further improve everyone's security. See FAQ or read below for more.

2 mins install

Installing it through the Package system of your OS is the easiest way to proceed. Otherwise, you can install it from source.

From package (Debian)

curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
sudo apt-get update
sudo apt-get install crowdsec

From package (rhel/centos/amazon linux)

curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash
sudo yum install crowdsec

From package (FreeBSD)

sudo pkg update
sudo pkg install crowdsec

From source

wget https://github.com/crowdsecurity/crowdsec/releases/latest/download/crowdsec-release.tgz
tar xzvf crowdsec-release.tgz
cd crowdsec-v* && sudo ./wizard.sh -i

โ„น๏ธ About the CrowdSec project

Crowdsec is an open-source, lightweight software, detecting peers with aggressive behaviors to prevent them from accessing your systems. Its user friendly design and assistance offers a low technical barrier of entry and nevertheless a high security gain.

The architecture is as follows :

CrowdSec

Once an unwanted behavior is detected, deal with it through a bouncer. The aggressive IP, scenario triggered and timestamp are sent for curation, to avoid poisoning & false positives. (This can be disabled). If verified, this IP is then redistributed to all CrowdSec users running the same scenario.

Outnumbering hackers all together

By sharing the threat they faced, all users are protecting each-others (hence the name Crowd-Security). Crowdsec is designed for modern infrastructures, with its "Detect Here, Remedy There" approach, letting you analyse logs coming from several sources in one place and block threats at various levels (applicative, system, infrastructural) of your stack.

CrowdSec ships by default with scenarios (brute force, port scan, web scan, etc.) adapted for most context, but you can easily extend it by picking more of them from the HUB. It is also easy to adapt an existing one or create one yourself.

๐Ÿ‘‰ What it is not

CrowdSec is not a SIEM, storing your logs (neither locally nor remotely). Your data are analyzed locally and forgotten.

Signals sent to the curation platform are limited to the very strict minimum: IP, Scenario, Timestamp. They are only used to allow the system to spot new rogue IPs, rule out false positives or poisoning attempts.

โฌ‡๏ธ Install it !

Crowdsec is available for various platforms :

Or look directly at installation documentation for other methods and platforms.

๐ŸŽ‰ Key benefits

Fast assisted installation, no technical barrier

Initial configuration is automated, providing functional out-of-the-box setup

Out of the box detection

Baseline detection is effective out-of-the-box, no fine-tuning required (click to expand)

Easy bouncer deployment

It's trivial to add bouncers to enforce decisions of crowdsec (click to expand)

Easy dashboard access

It's easy to deploy a metabase interface to view your data simply with cscli (click to expand)

Hot & Cold logs

Process cold logs, for forensic, tests and chasing false-positives & false negatives (click to expand)

๐Ÿ“ฆ About this repository

This repository contains the code for the two main components of crowdsec :

  • crowdsec : the daemon a-la-fail2ban that can read, parse, enrich and apply heuristics to logs. This is the component in charge of "detecting" the attacks
  • cscli : the cli tool mainly used to interact with crowdsec : ban/unban/view current bans, enable/disable parsers and scenarios.

Contributing

If you wish to contribute to the core of crowdsec, you are welcome to open a PR in this repository.

If you wish to add a new parser, scenario or collection, please open a PR in the hub repository.

If you wish to contribute to the documentation, please open a PR in the documentation repository.

crowdsec's People

Contributors

alrs avatar alteredcoder avatar blotus avatar buixor avatar chad-jones avatar dependabot[bot] avatar donatj avatar dyllan-p avatar erdoukki avatar erenjag avatar firemasterk avatar flo-mic avatar he2ss avatar jeandevaux avatar lamera avatar latrodectus42 avatar mmetc avatar nanikjava avatar nitescuc avatar peterdavehello avatar plasma avatar registergoofy avatar sabban avatar sbs2001 avatar sbz avatar srcr avatar thespad avatar tuxtof avatar umglurf avatar woopstar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.