I have both shown and available on MVEBU for 21.02.x
I have personally no free time, for now, to help more on this development at soon.
I know already 22.x come soon...
May be CrowdSec will be trashed !
I can also shared with you that I am in talk with CrowSec Company to been sponsored on this upstreaming, and for now this not in them urgents need because of too few users impact !
I also feel that the problem is more simple than this, because enhancement may get more users, but the Development team have to defend this view to Financial and Managers and I completly understand this loop-lock-up AGAIN !
I am already in talk and looking for sponsorship to get more times in this upstream of CrowdSec components and more security development I have in the pipe.
It's in my TODO and I will, soon, because I need them for my own projects.
About some more of OpenWrt Pull Request tries and History.
All recent tried where stopped by OpenWrt developers because of :
too few users,
too "complete" addition
The inclusion of CrowdSec were very difficult at the first :
I get success in have them in 21.02.x
I get a little success to enhance
I get a lot of aggressive feedback
I already choose my own professional direction that you can look and afford on my own website, Solutions always give more than Problems, Experiment always get more than Discourse.
I can say that you can afford my own services if you need more, and more quickly, but I have also already been censored because of sharing Public articles about OpenWrt afford in a commercial magazine, so it was promotion (I get nothing from the numbers of magazines sell of my own wrote an article ! Nothing more than so few buck from a so huge work that vulgarization of technical solutions require...) Be sure that the magazine also do no more care of OpenWrt, because it is more and more publicly shown as a too complicate and obfuscate system from main stream attentions. How can we help on this ?
I use them enhancements locally, may be I will proposed them on a own forks.
LEDE strikes again on OpenWrt !? (I already ask for helps and advises...)
@OPENWRT TEAM please do not CENSORE this topic, It is not an aggressive subject in any way.
I really care about all and already proof it many times.
How can I do more and better is only the one more try reason of this out of technical answer...
Get in touch directly by email or look about all on my own website.
Thanks, Gérald Kerma / erDoukki / Gandalf / CyberMind
@erdoukki Firstly, I want to thank you for your time and effort for the work you have done and the same goes for everyone have put in time and effort to make OpenWRT better tool. I understand the frastruation and the needs to balance with personal life and free work. so Thank you.
Lastly.. confirming I was using using 22.02 and the packages are avaliable and working. Since upgrade to 22.03.0-RC1 the bouncer package does not appear for arm_cortex-a9_vfpv3-d16.
I've manaully download the bouncer package from 22.02 and seems to be working as expected. I believe from 22.03 onwards OpenWRT have switched from iptable to nftable.
My comment was referring to @aGentti86's post on Feb 17
Package crowdsec-firewall-bouncer is missing in menuconfig in master branch
with firewall4 and if I understand correctly there is no package called nftables?
Additionally I have not being able to install crowdsec package in the past, all it does is fill up the remaining space I have on the router and quits. I found just install crowdsec-firewall-bouncer with crowdsec installed on a different server works just fine.
Anyways.. I'll check out your website and all the best.
What's the deal with Firewall4 and Crowsec, shoud we use lua-cs-bouncer instead firewall-bouncer ?
For me there was an error while installing , but the crowdsec kinda managed to install and connect with app.crowdsec.net, but it dosn't respond on 192.168.1.1:8080 is shoud be happenning ?
Also i'am using Nginx-ssl 1.21.3
root@xXX:~# cscli console enroll ***************************************
INFO[20-05-2022 04:16:09 PM] custom already set to true
INFO[20-05-2022 04:16:09 PM] manual set to true
INFO[20-05-2022 04:16:09 PM] tainted already set to true
INFO[20-05-2022 04:16:09 PM] Enabled tainted&manual alerts sharing, see 'cscli console status'.
INFO[20-05-2022 04:16:09 PM] Watcher successfully enrolled. Visit https://app.crowdsec.net to acce pt it.
INFO[20-05-2022 04:16:09 PM] Please restart crowdsec after accepting the enrollment.
root@xXX:~# service crowdsec restart
root@xXX:~# cscli version
2022/05/20 16:28:04 version: v1.3.0-openwrt-1.3.0-3
2022/05/20 16:28:04 Codename: alphaga
2022/05/20 16:28:04 BuildDate: 2022-05-19_14:47:46
2022/05/20 16:28:04 GoVersion:
2022/05/20 16:28:04 Constraint_parser: >= 1.0, <= 2.0
2022/05/20 16:28:04 Constraint_scenario: >= 1.0, < 3.0
2022/05/20 16:28:04 Constraint_api: v1
2022/05/20 16:28:04 Constraint_acquis: >= 1.0, < 2.0
root@xXX:~# cscli metrics
INFO[20-05-2022 04:28:22 PM] Local Api Metrics:
| ROUTE | METHOD | HITS |
| /v1/watchers/login | POST | 2 |
cscli parsers list
WARN[20-05-2022 05:17:08 PM] Crowdsec is not the latest version. Current version is 'v1.3.0' and the latest stable version is 'v1.3.4'. Please update it!
WARN[20-05-2022 05:17:08 PM] As a result, you will not be able to use parsers/scenarios/collections added to Crowdsec Hub after CrowdSec v1.3.4
I didn't install Crowsec on my router so I can't confirm it works or not. It does not work for me personally, as it just fills up my space and fails to install.
I have Crowdsec instance installed in a docker and firewall bouncer installed on the router.
Sorry about this, the problem is known and I have already proposed a lot of fixes that was refused by the developers...
It become complicate to offer free time and huge amount of works for so little code fixes !
Always "titling positive style" and "code justification" !
I am feeling very far from TECHNICAL aspects only...
And common Solutions become HUGE problems !
The unfix-able behavior is more a life style in nowadays !
Like my CAPS and ! which are "offensive way" ; Not at all, it's an accented proposal ...
Not any neutral could help a world to become better !!!
It is also a criticize about people not liking bad words but still excuse bad actions !...
I will try again to propose something !
One day ?!
Because Life is more important than Helping bad to become better...
All tips are available on my github or in the PR tried.
The data is because of GEOIP downloading which was forced by default...
Have a nice day...
Mine may be better, long far way from computers...
I no longer use OpenWRT so I can't confirm. The way I understand the bouncer adds them into nftable and it is the firewall's responsibility to block those IP addresses. Hope that helps.
And I am new user, I can not install parsers:dropbear-logs: cscli parsers install crowdsecurity/dropbear-logs
resultWARN[17-02-2023 03:31:50 AM] Crowdsec is not the latest version. Current version is 'v1.3.0' and the latest stable version is 'v1.4.6'. Please update it! WARN[17-02-2023 03:31:50 AM] As a result, you will not be able to use parsers/scenarios/collections added to Crowdsec Hub after CrowdSec v1.4.6 FATA[17-02-2023 03:31:50 AM] unable to retrieve item : crowdsecurity/dropbear-logs
Need help, please!
I spent some time playing with crowdsec today but feel there is still a way to go. My questions may be due to my ignorance of the software so apologies in advance if they are not OpenWrt specific:
is the email plugin working? I get the following:
time="27-02-2023 20:29:35" level=fatal msg="api server init: unable to run local API: while loading plugin: open /usr/local/lib/crowdsec/plugins: no such file or directory"
I've managed to expose the LAPI and Prometheus metrics by changing the listen_addr and listen_uri in config.yaml. Are these available in the UCI config?
I've managed to get the agent (1.3.0-3) and bouncer (0.0.25-1) talking to each other by manually registering them as the bouncer did not automatically register. However I'm having trouble downloading a relevant collection/parser/blocklist via the commands at Crowdsec packages for OpenWrt - #21 by erdoukki. Are these still current or is are there other more relevant config I should download?
# cscli collections install crowdsecurity/linux
WARN[27-02-2023 09:03:11 PM] Crowdsec is not the latest version. Current version is 'v1.3.0' and the latest stable version is 'v1.4.6'. Please update it!
WARN[27-02-2023 09:03:11 PM] As a result, you will not be able to use parsers/scenarios/collections added to Crowdsec Hub after CrowdSec v1.4.6
WARN[27-02-2023 09:03:12 PM] crowdsecurity/syslog-logs : overwrite
WARN[27-02-2023 09:03:12 PM] crowdsecurity/geoip-enrich : overwrite
INFO[27-02-2023 09:03:12 PM] downloading data 'https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-City.mmdb' in '/srv/crowdsec/data/GeoLite2-City.mmdb'
And in my crowdsec.log:
time="27-02-2023 21:05:41" level=warning msg="No matching files for pattern /var/log/nginx/*.log" type=file
time="27-02-2023 21:05:41" level=warning msg="No matching files for pattern ./tests/nginx/nginx.log" type=file
time="27-02-2023 21:05:41" level=warning msg="No matching files for pattern /var/log/auth.log" type=file
time="27-02-2023 21:05:41" level=warning msg="No matching files for pattern /var/log/syslog" type=file
time="27-02-2023 21:05:41" level=warning msg="No matching files for pattern /var/log/apache2/*.log" type=file
In particular I can still see arbitrary scans hitting my WAN port (after turning on zone logging in kernel log), and am not sure if crowdsec is parsing them (or even blocking them).
How do I check the contents of @crowdsec-blacklists in the nft firewall rules? I can see the nft tables, but how do I know that the blocklist is actually populated?
Thanks - I actually used the config from that page with no results. I should have given context:
So was wondering if this was still a known issue.
My question was whether I should be setting them via /etc/config/crowdsec or directly in the yaml (in case they get overwritten). I may just end up using a local config file though.
I presume this is the same list as found via cscli hub list -a? If so I'm not sure how to determine the appropriate collections/config for an OpenWrt install. Is the crowdsecurity/linux collection and crowdsecurity/whitelists parser not the most appropriate? If so, how to download them without hitting the OOM error?
root@router:/# cscli decisions list --all
No active decisions
root@router:/# cscli alerts list
No active alerts
I think I have an "empty" install so just need this final config for it to actually do anything.