Crowdsec

This Ansible role installs Crowdsec, which includes the hub, collections, scenarios, post-overflows, parsers, bouncers, and the Prometheus endpoint.

Requirements

Ansible master should be version 2.12.

Tested on:

  platforms:
    - name: Ubuntu
      versions:
        - bionic  # 18.04 LTS
        - focal   # 20.04 LTS
        - impish  # 21.10
        - jammy   # 22.04 LTS (Not tested)
    - name: Debian
      versions:
        - bookworm # 12
        - bullseye # 11
    - name: EL
      versions:
        - '8'   # Rocky & Alma Linux and Oracle Linux
        - '7'   # Oracle Linux

How to Install

1. Create a requirements.yml file using ansible-galaxy:

roles:
  - geerlingguy.security
  - alf149.crowdsec

2. Run the command: ansible-galaxy install -r requirements.yml This will add the role to your Ansible project.

Role Variables

You can find available variables with their default values in defaults/main.yml. Variables can also be specific to a host in group_vars/host.yml.

Example Playbook

- hosts: all

  vars:
    cs_ban_duration: "duration: 4h" # For production, use 10m for testing

  roles:
    - alf149.crowdsec 

Useful Manual Tasks

You may find the following commands handy:

• Install a parser: ansible HOST -m shell -a "sudo cscli parsers install crowdsecurity/whitelists --force"
• Remove a parser: ansible 'group' -m shell -a "sudo cscli parsers remove crowdsecurity/whitelists --force"
• Reload Crowdsec: ansible 'group' -m shell -a "sudo systemctl reload crowdsec"

TODO

• Test on Windows Server.
• Possibly auto-detect nftables/iptables and load the correct bouncer.

Error Reporting

Use GitHub issues or create a pull request.

Author Information

Alf149