What happen, when network is ok, if you do :
cscli hub update && cscli collections install crowdsecurity/linux && cscli parsers install crowdsecurity/whitelists && cscli hub upgrade
And then service crowdsec restart
What happen, when network is ok, if you do :
cscli hub update && cscli collections install crowdsecurity/linux && cscli parsers install crowdsecurity/whitelists && cscli hub upgrade
And then service crowdsec restart
of course that will work... the issue i'm bringing to your attention is when your packages are included within peoples images, which is a typical operation for most packages...
it's only feedback... not questions/direct suggestions... code has a wonderful way of making whats important self evident (clear) over time... so feel free to ignore my observations...
how/if/when/whether to address these 'possible' issues are purely up to you...
Oups, apologize...
Thanks for your (needed and appreciate) feedbacks !
I am just trying to understand well to make a patch...
No problem from your observations...
I don't now if there is any way, without coding, that can check the "online" internet mode ?
Like the hotplug way of the @vgaetera scripts...
It may be simple to check like this way, and let the initscript do the missing firstboot commands...
Or add a test in the default script and postpone the commands...
Same for service init, there is no standard/default way to check online status before do the job or postpone it, AFAIK ?
This is may be a good tweak to add.
update : look like there is no other way than hotplug.
mwan3 already do something like this : https://github.com/openwrt/packages/blob/master/net/mwan3/files/etc/hotplug.d/iface/15-mwan3
I prefer the https://openwrt.org/docs/guide-user/advanced/hotplug_extras script
It will be great to have them in "default" package for OpenWrt and use them as a dependency...
This looks like a wise move to me... ( a few logger messages if someone upgrades without including /srv/crowdsec or similar seem important also - if needed... I did not test for this yet )
( p.s. take your time... you did a good job on this... considering most users will be advanced users anyway... I think pushing it into the repo's in it's current state was a good move... get some exposure, learn how people use it... and tweak based on practical needs, now it's more available... you'll likely get more help over time too! )
edit: looks like crowdsec-firewall-bouncer may have some issues also...
######################## [root@dca632 /usbstick 54°]# cat /var/log/crowdsec-firewall-bouncer.log
time="17-10-2021 13:27:54" level=info msg="backend type : nftables"
time="17-10-2021 13:27:54" level=info msg="nftables initiated"
time="17-10-2021 13:27:54" level=info msg="Processing new and deleted decisions . . ."
time="17-10-2021 13:27:54" level=fatal msg="API error: access forbidden"
####################### [root@dca632 /usbstick 54°]# cat /var/log/crowdsec_api.log
time="17-10-2021 13:27:19" level=info msg="127.0.0.1 - [Sun, 17 Oct 2021 13:27:19 AEDT] \"POST /v1/watchers/login HTTP/1.1 200 441.129836ms \"crowdsec/v1.2.0-openwrt-openwrt\" \""
time="17-10-2021 13:27:20" level=info msg="127.0.0.1 - [Sun, 17 Oct 2021 13:27:20 AEDT] \"POST /v1/watchers/login HTTP/1.1 200 408.192168ms \"crowdsec/v1.2.0-openwrt-openwrt\" \""
time="17-10-2021 13:27:54" level=info msg="127.0.0.1 - [Sun, 17 Oct 2021 13:27:54 AEDT] \"GET /v1/decisions/stream?startup=true HTTP/1.1 403 1.60242ms \"crowdsec-firewall-bouncer/v0.0.15-openwrt\" \""
and then fresh install, and manually re-install packages...
main package is ok until install the bouncer... which is now 401 and kills main package
[ /usbstick 55°]# cat /var/log/crowdsec_api.log
time="17-10-2021 14:35:28" level=info msg="127.0.0.1 - [Sun, 17 Oct 2021 14:35:28 AEDT] \"POST /v1/watchers/login HTTP/1.1 401 1.749092ms \"crowdsec/v1.2.0-openwrt-openwrt\" \""
You can use procd interface triggers inside init scripts:
https://openwrt.org/docs/guide-developer/procd-init-scripts#specifying_triggers
But it can be tricky and may need some delay to mitigate tunneling protocols.
How is this supposed to be bootstrapped? I cannot get it to run:
❯ crowdsec
WARN[0000] can't load CAPI credentials from '/etc/crowdsec/online_api_credentials.yaml' (missing field)
INFO[0000] push and pull to Central API disabled
time="16-10-2021 17:55:26" level=fatal msg="starting outputs error : authenticate watcher (): Post \"http://127.0.0.1:8081/v1/watchers/login\": API error: ent: machine not found"
I've changed the port to 8081 since 8080 is used by docker.
I've also tried:
cscli hub update && cscli collections install crowdsecurity/linux && cscli parsers install crowdsecurity/whitelists && cscli hub upgrade
But still I cannot start the service. This is on a just built master x86_64, with data on external storage, a btrfs sub-volume.
What else do I need to run it?
@jmarcet
Can you please, post the content of /etc/crowdsec/online_api_credentials.yaml
The file look to miss a content !?
Can you do a ls on /etc/crowdsec
also please ?
You may try cscli -c /etc/crowdsec/config.yaml capi register -f /etc/crowdsec/online_api_credentials.yaml
it will reset the register in central API.
Then restart the service with service crowdsec restart
and also check the log, if needed, in /var/log/crowdsec...
Stange that the API was not registered at install, may be because of the already used port !
Will check this.
Thanks for the feedback !
Do you have Crowdsec working fine ?
Crowdsec-firewall-bouncer needs crowdsec.
Can you share your /etc/crowdsec/config.yaml
And /etc/crowdsec/local_api_credentials.yaml
And /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
Thanks in advance
yes... (but installing/starting the bouncer kills it)
[ /usbstick 54°]# cat /etc/crowdsec/local_api_credentials.yaml
url: http://127.0.0.1:8080
login: d4a17ef423SNIP
password: zDYcdygIqSNIP
[ /usbstick 55°]# cat /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
mode: ${BACKEND}
pid_dir: /var/run/
update_frequency: 10s
daemonize: true
log_mode: file
log_dir: /var/log/
log_level: info
api_url: http://localhost:8080/
api_key: ${API_KEY}
disable_ipv6: false
deny_action: DROP
deny_log: false
#to change log prefix
#deny_log_prefix: "crowdsec: "
#if present, insert rule in those chains
iptables_chains:
- INPUT
- FORWARD
# - DOCKER-USER
[ /usbstick 55°]# cat /etc/crowdsec/config.yaml
common:
daemonize: true
pid_dir: /var/run/
log_media: file
log_level: info
log_dir: /var/log/
working_dir: .
config_paths:
config_dir: /etc/crowdsec/
data_dir: /srv/crowdsec/data
simulation_path: /etc/crowdsec/simulation.yaml
hub_dir: /etc/crowdsec/hub/
index_path: /etc/crowdsec/hub/.index.json
notification_dir: /etc/crowdsec/notifications/
plugin_dir: /usr/local/lib/crowdsec/plugins/
crowdsec_service:
acquisition_path: /etc/crowdsec/acquis.yaml
parser_routines: 1
cscli:
output: human
db_config:
log_level: info
type: sqlite
db_path: /srv/crowdsec/data/crowdsec.db
#user:
#password:
#db_name:
#host:
#port:
flush:
max_items: 5000
max_age: 7d
plugin_config:
user: nobody # plugin process would be ran on behalf of this user
group: nogroup # plugin process would be ran on behalf of this group
api:
client:
insecure_skip_verify: false
credentials_path: /etc/crowdsec/local_api_credentials.yaml
server:
log_level: info
listen_uri: 127.0.0.1:8080
profiles_path: /etc/crowdsec/profiles.yaml
online_client: # Central API credentials (to push signals and receive bad IPs)
credentials_path: /etc/crowdsec/online_api_credentials.yaml
# tls:
# cert_file: /etc/crowdsec/ssl/cert.pem
# key_file: /etc/crowdsec/ssl/key.pem
prometheus:
enabled: true
level: full
listen_addr: 127.0.0.1
listen_port: 6060
some logs indicating it's using ipv6 for localhost... yet the daemon doesn't listen on 8080 ipv6 socket afaik...
[ /usbstick 54°]# cat /var/log/crowdsec-firewall-bouncer.log
time="17-10-2021 14:57:15" level=info msg="backend type : nftables"
time="17-10-2021 14:57:15" level=info msg="nftables initiated"
time="17-10-2021 14:57:15" level=info msg="Processing new and deleted decisions . . ."
time="17-10-2021 14:57:15" level=error msg="auth-api: auth with api key failed return nil response, error: dial tcp [::1]:8080: connect: connection refused"
time="17-10-2021 14:57:15" level=fatal msg="Get \"http://localhost:8080/v1/decisions/stream?startup=true\": dial tcp [::1]:8080: connect: connection refused"
#this crashes main server
[ /usbstick 55°]# lsof -i -nP | grep 8080
crowdsec 5518 root 11u IPv4 84428 0t0 TCP 127.0.0.1:8080 (LISTEN)
okay
thanks
I see where is the problem.
2 variables were not rep'aced at install in your
/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
I will look why.
and also guve you manual step fixes.
can you also provide, after a service crowdsec-bouncer-firewall start, the /var/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml ?
thanks
I manually fixed the localhost > '::1' issue as can be seen below
############# [root@dca632 ../_WATCHCATNG 54°] cat /var/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
mode: nftables
pid_dir: /var/run/
update_frequency: 10s
daemonize: true
log_mode: file
log_dir: /var/log/
log_level: info
api_url: http://127.0.0.1:8080/
api_key: ${API_KEY}
disable_ipv6: false
deny_action: DROP
deny_log: false
#to change log prefix
#deny_log_prefix: "crowdsec: "
#if present, insert rule in those chains
iptables_chains:
- INPUT
- FORWARD
# - DOCKER-USER
looks like nft got over adds too (but i'd take that upstream if I were you... should validate/cleanup in it's own afaik)
table ip crowdsec {
set crowdsec_blocklist {
type ipv4_addr
}
chain crowdsec_chain {
type filter hook input priority filter; policy accept;
ip saddr @crowdsec_blocklist drop
ip saddr @crowdsec_blocklist drop
ip saddr @crowdsec_blocklist drop
ip saddr @crowdsec_blocklist drop
ip saddr @crowdsec_blocklist drop
ip saddr @crowdsec_blocklist drop
ip saddr @crowdsec_blocklist drop
}
}
table ip6 crowdsec6 {
set crowdsec6_blocklist {
type ipv6_addr
}
chain crowdsec6_chain {
type filter hook input priority filter; policy accept;
ip6 saddr @crowdsec6_blocklist drop
ip6 saddr @crowdsec6_blocklist drop
ip6 saddr @crowdsec6_blocklist drop
ip6 saddr @crowdsec6_blocklist drop
ip6 saddr @crowdsec6_blocklist drop
ip6 saddr @crowdsec6_blocklist drop
ip6 saddr @crowdsec6_blocklist drop
}
}
table inet nft-qos-monitor {
chain upload {
type filter hook prerouting priority filter; policy accept;
ip saddr 10.2.3.17 counter packets 0 bytes 0
ip saddr 10.2.3.205 counter packets 2 bytes 130
ip saddr 10.2.3.167 counter packets 2 bytes 132
ip6 saddr 2403:b3a7 counter packets 0 bytes 0
ip6 saddr 2403:adca counter packets 30 bytes 26215
}
chain download {
type filter hook postrouting priority filter; policy accept;
ip daddr 10.2.3.17 counter packets 0 bytes 0
ip daddr 10.2.3.205 counter packets 2 bytes 222
ip daddr 10.2.3.167 counter packets 0 bytes 0
ip6 daddr 2403:b3a7 counter packets 0 bytes 0
ip6 daddr 2403:adca counter packets 19 bytes 5888
}
}
I didn't have /etc/crowdsec/online_api_credentials.yaml
. I tried copying the one from the build dir, but it is empty so that's all I have.
After doing cscli -c /etc/crowdsec/config.yaml capi register -f /etc/crowdsec/online_api_credentials.yaml
now it has some content:
❯ cat /etc/crowdsec/local_api_credentials.yaml
url: http://127.0.0.1:8081
❯ cat /etc/crowdsec/online_api_credentials.yaml
url: https://api.crowdsec.net/
login: 49584377b2242b45c5e64522616aeb8et6xsGRgAsloMB4Md
password: 1KjbHcCjPUxyabEH9yiKzfolJJ5llIQLzBhae7WRUiX5XHesjmJFp5fdkPnGpD2P
❯ ls -Al /etc/crowdsec
total 21
-rw-r--r-- 1 root root 286 Oct 16 09:45 acquis.yaml
drwxr-xr-x 1 root root 3488 Oct 16 17:45 bouncers
drwxr-xr-x 1 root root 3488 Oct 16 17:51 collections
-rw-r--r-- 1 root root 1413 Oct 16 17:54 config.yaml
-rw-r--r-- 1 root root 969 Oct 16 09:45 dev.yaml
-rw-r--r-- 1 root root 27 Oct 16 17:44 local_api_credentials.yaml
-rw-r--r-- 1 root root 162 Oct 17 09:30 online_api_credentials.yaml
drwxrwxr-x 5 root root 3488 Oct 16 17:51 parsers
drwxr-xr-x 2 root root 374 Oct 16 09:45 patterns
drwxr-xr-x 2 root root 3 Oct 16 09:45 postoverflows
-rw-r--r-- 1 root root 522 Oct 16 09:45 profiles.yaml
drwxr-xr-x 1 root root 3488 Oct 16 17:51 scenarios
-rw-r--r-- 1 root root 57 Oct 16 09:45 simulation.yaml
-rw-r--r-- 1 root root 991 Oct 16 17:44 user.yaml
Running crowdsec
directly:
==> /var/log/crowdsec.log <==
time="17-10-2021 09:34:59" level=error msg="Failed to notify(sent: false): <nil>"
time="17-10-2021 09:34:59" level=warning msg="Starting processing data"
time="17-10-2021 09:34:59" level=info msg="Error machine login for : ent: machine not found "
==> /var/log/crowdsec_api.log <==
time="17-10-2021 09:34:59" level=info msg="127.0.0.1 - [Sun, 17 Oct 2021 09:34:59 CEST] \"POST /v1/watchers/login HTTP/1.1 401 430.383µs \"crowdsec/v1.2.0-openwrt-openwrt\" \""
==> /var/log/crowdsec.log <==
time="17-10-2021 09:34:59" level=fatal msg="starting outputs error : authenticate watcher (): Post \"http://127.0.0.1:8081/v1/watchers/login\": API error: ent: machine not found"
Here is the error.
It should have been replaced in the
/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
It is made at install, but looks to have not work.
I have add a pseudo upgrade script to not replace it, but it may have a bug.
You may have the service already started and then use cscli
command line.
You can then check the registered status and redo it if needed.
I will look to the necessary commands.
You may also need to register your host with:
cscli -c /etc/crowdsec/config.yaml machines add -a -f /etc/crowdsec/local_api_credentials.yaml
I do not get the point why your install script do not execute...
cscli may be usefull to check status:
you can check the local API with: cscli lapi status
root@LPM:~# cscli lapi status
INFO[17-10-2021 10:25:20 AM] Loaded credentials from /etc/crowdsec/local_api_credentials.yaml
INFO[17-10-2021 10:25:20 AM] Trying to authenticate with username xxxxxx on http://0.0.0.0:8080/
INFO[17-10-2021 10:25:21 AM] You can successfully interact with Local API (LAPI)
You can see that I have changed the IP to 0.0.0.0 to be able to have remote computers talking with the local API.
you can check the central API with: cscli capi status
root@LPM:~# cscli capi status
INFO[17-10-2021 10:26:30 AM] Loaded credentials from /etc/crowdsec/online_api_credentials.yaml
INFO[17-10-2021 10:26:30 AM] Trying to authenticate with username xxxxx on https://api.crowdsec.net/
INFO[17-10-2021 10:26:31 AM] You can successfully interact with Central API (CAPI)
If the CAPI status is okay, you can use the console in beta available here:
https://app.crowdsec.net
the computers registered with the service can be listed with: cscli machines list
root@LPM:~# cscli machines list
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
NAME IP ADDRESS LAST UPDATE STATUS VERSION
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
xxxx 127.0.0.1 2021-10-17T10:25:21+02:00 ✔️ v1.2.0-openwrt-openwrt
If all is fine you can check that the collaborative bad IP list is locally apply in the crowdsec-firewall-bouncer
If using iptables, you must have install ipset, and the ipset list
command can show you the bad IP.
If you use nftables, you can use specific commands like:
nft list tables
nft list table crowdsec
nft list chains
nft list ruleset
cscli can also be used to check these alerts with: cscli alerts list
root@LPM:~# cscli alerts list
+------+------------------------------+----------------------+---------+----+-----------+--------------------------------+
| ID | VALUE | REASON | COUNTRY | AS | DECISIONS | CREATED AT |
+------+------------------------------+----------------------+---------+----+-----------+--------------------------------+
| 1051 | crowdsec/community-blocklist | update : +728/-0 IPs | | | ban:728 | 2021-10-17 09:20:26 +0200 |
| | | | | | | +0200 |
| 1050 | crowdsec/community-blocklist | update : +727/-0 IPs | | | ban:1 | 2021-10-17 07:20:26 +0200 |
| | | | | | | +0200 |
cscli metrics can shows you a global status health:
root@LPM:~# cscli metrics
INFO[17-10-2021 10:36:19 AM] Local Api Metrics:
+----------------------+--------+--------+
| ROUTE | METHOD | HITS |
+----------------------+--------+--------+
| /v1/alerts | GET | 3 |
| /v1/decisions/stream | GET | 108456 |
| /v1/watchers/login | POST | 6 |
+----------------------+--------+--------+
INFO[17-10-2021 10:36:19 AM] Local Api Machines Metrics:
+--------------------------------------------------+------------+--------+------+
| MACHINE | ROUTE | METHOD | HITS |
+--------------------------------------------------+------------+--------+------+
| db3e872e345f48848d0d85ab5c529947GWkbyXJtyNnJziiS | /v1/alerts | GET | 3 |
+--------------------------------------------------+------------+--------+------+
INFO[17-10-2021 10:36:19 AM] Local Api Bouncers Metrics:
+------------------------------+----------------------+--------+--------+
| BOUNCER | ROUTE | METHOD | HITS |
+------------------------------+----------------------+--------+--------+
| cs-firewall-bouncer-LeCzIx9V | /v1/decisions/stream | GET | 108456 |
+------------------------------+----------------------+--------+--------+
Crowdsec has already made some tutorials available here:
There is still a lot of work to do for non INTEL/AMD worlds.
Like the dockerisation and the dashboard which actually do not work elsewhere than x86_AMD64.
I already made some POC, but still need to upstream to crowdsec and document for OpenWrt.
Thanks for feedback, testing, report, debug and patience.
All right, I get crowdsec to run now. The firewall bouncers gets an access forbidden errror though:
==> /var/log/crowdsec-firewall-bouncer.log <==
time="17-10-2021 13:18:10" level=info msg="backend type : iptables"
time="17-10-2021 13:18:10" level=info msg="iptables for ipv4 initiated"
time="17-10-2021 13:18:10" level=info msg="iptables clean-up : /usr/sbin/iptables -D INPUT -m set --match-set crowdsec-blacklists src -j DROP"
time="17-10-2021 13:18:10" level=info msg="iptables clean-up : /usr/sbin/iptables -D FORWARD -m set --match-set crowdsec-blacklists src -j DROP"
time="17-10-2021 13:18:10" level=info msg="ipset clean-up : /usr/sbin/ipset -exist destroy crowdsec-blacklists"
time="17-10-2021 13:18:10" level=info msg="Checking existing set"
time="17-10-2021 13:18:10" level=info msg="ipset set-up : /usr/sbin/ipset -exist create crowdsec-blacklists nethash timeout 300"
time="17-10-2021 13:18:11" level=info msg="Rule doesn't exist (/usr/sbin/iptables -C INPUT -m set --match-set crowdsec-blacklists src -j DROP)"
time="17-10-2021 13:18:11" level=info msg="Rule doesn't exist (/usr/sbin/iptables -C FORWARD -m set --match-set crowdsec-blacklists src -j DROP)"
time="17-10-2021 13:18:11" level=info msg="iptables set-up : /usr/sbin/iptables -I INPUT -m set --match-set crowdsec-blacklists src -j DROP"
time="17-10-2021 13:18:11" level=info msg="iptables set-up : /usr/sbin/iptables -I FORWARD -m set --match-set crowdsec-blacklists src -j DROP"
time="17-10-2021 13:18:11" level=info msg="iptables for ipv6 initiated"
time="17-10-2021 13:18:11" level=info msg="iptables clean-up : /usr/sbin/ip6tables -D INPUT -m set --match-set crowdsec6-blacklists src -j DROP"
time="17-10-2021 13:18:11" level=info msg="iptables clean-up : /usr/sbin/ip6tables -D FORWARD -m set --match-set crowdsec6-blacklists src -j DROP"
time="17-10-2021 13:18:11" level=info msg="ipset clean-up : /usr/sbin/ipset -exist destroy crowdsec6-blacklists"
time="17-10-2021 13:18:11" level=info msg="Checking existing set"
time="17-10-2021 13:18:11" level=info msg="ipset set-up : /usr/sbin/ipset -exist create crowdsec6-blacklists nethash timeout 300 family inet6"
time="17-10-2021 13:18:12" level=warning msg="iptables check command (/usr/sbin/ip6tables -C INPUT -m set --match-set crowdsec6-blacklists src -j DROP) failed : exit status 1"
time="17-10-2021 13:18:12" level=debug msg="output: ip6tables: Bad rule (does a matching rule exist in that chain?).\n"
time="17-10-2021 13:18:12" level=warning msg="iptables check command (/usr/sbin/ip6tables -C FORWARD -m set --match-set crowdsec6-blacklists src -j DROP) failed : exit status 1"
time="17-10-2021 13:18:12" level=debug msg="output: ip6tables: Bad rule (does a matching rule exist in that chain?).\n"
time="17-10-2021 13:18:12" level=info msg="iptables set-up : /usr/sbin/ip6tables -I INPUT -m set --match-set crowdsec6-blacklists src -j DROP"
time="17-10-2021 13:18:12" level=info msg="iptables set-up : /usr/sbin/ip6tables -I FORWARD -m set --match-set crowdsec6-blacklists src -j DROP"
time="17-10-2021 13:18:12" level=info msg="Processing new and deleted decisions . . ."
time="17-10-2021 13:18:12" level=debug msg="req-api: GET http://localhost:8081/v1/decisions/stream?startup=true"
==> /var/log/crowdsec.log <==
time="17-10-2021 13:18:12" level=error msg="auth api key error: select bouncer: ent: bouncer not found: unable to query"
==> /var/log/crowdsec_api.log <==
time="17-10-2021 13:18:12" level=info msg="127.0.0.1 - [Sun, 17 Oct 2021 13:18:12 CEST] \"GET /v1/decisions/stream?startup=true HTTP/1.1 403 463.318µs \"crowdsec-firewall-bouncer/v0.0.15-openwrt\" \""
==> /var/log/crowdsec-firewall-bouncer.log <==
time="17-10-2021 13:18:12" level=debug msg="resp-api: http 403"
time="17-10-2021 13:18:12" level=fatal msg="API error: access forbidden"
❯ cat /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
mode: iptables
pid_dir: /var/run/
update_frequency: 10s
daemonize: true
log_mode: file
log_dir: /var/log/
log_level: info
api_url: http://localhost:8081/
api_key: ${API_KEY}
disable_ipv6: false
deny_action: DROP
deny_log: false
#to change log prefix
#deny_log_prefix: "crowdsec: "
#if present, insert rule in those chains
iptables_chains:
- INPUT
- FORWARD
# - DOCKER-USER
I changed ${BACKEND}
to iptables or it would not even try to start. I tried replacing ${API_KEY}
with the local and the online passwords but those don't seem to be the API key.
How can I find out the correct value? Or what else is wrong?
I got it!.
I got the above mentioned key by adding a bouncer with:
cscli bouncers add myBouncer -l 24
That gave me an API_KEY, I replaced the unescaped var in /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
and now the cs-firewall-bouncer
seems to run
I'll keep checking it out, it looks amazing.
Thanks for helping out
Thanks for reports... feedback, debugs, tests ...
Yes, I think also it is a great security tool.
I already made a POC with remote LXC (NGINX PROXY MANAGER and NEXTCLOUD) servers which remotely send their bad access attempt to the central CrowdSec on main OpenWrt Gateway for blacklisting !
I actually moved the servers to Docker for better performances and have some more code/tweak in the pipe for ARM64...
But more simple than a Fail2Ban alternative !
Actually, now that you get a running installation, you can also get help from the CrowdSec community on their discourse https://discourse.crowdsec.net/ !
See you here for OpenWrt feedback and there for CrowdSec...
Take a look to their console actually in beta test.
The metabase based dashboard can also work locally and may be an alternative of the Cloud Console.