NoteBook

Appearance

Configurazione Multi-Server di CrowdSec

1. Install the main CrowdSec server

sh
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
sudo apt-get install crowdsec

Set API Host

sh
sudo vim /etc/crowdsec/config.yaml

api:
  server: true
  listen_url: 0.0.0.0:8080

Restart Crowdsec

sh
sudo systemctl restart crowdsec

2. (Debian12) Install and configure Crowd agent on another service

Install Crowdsec

sh
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
sudo apt-get install crowdsec

to uninstall

sh
sudo apt-get remove --purge crowdsec

Copy config to disable lapi server on our agent

sh
sudo cp /lib/systemd/system/crowdsec.service /etc/systemd/system/crowdsec.service

Edit service to disable api

sh
vim /etc/systemd/system/crowdsec.service
ExecStart=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml -no-api # <- add this arg

Register this agent to LAPI Crowdsec main server

sh
sudo cscli lapi register -u http://<CROWDSEC_MAIN_SERVER>:8080 --machine YOUR-SRV-NAME

## Dont reload before approbation
sudo systemctl restart crowdsec

Accept this new agent on your main crowdsec server

Create a new boucner on your main crowdsec server and get another api key

Register this new bouncer on our agent

sh
sudo vim /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml

...
api_url:
api_key: <YOUR_API__KEY HERE>

Restart your bouncer service

sh
systemctl restart crowdsec-firewall-bouncer

2. (Windows) Install and configure Crowd agent on another service

install Crowdsec

Change Configuration

api>server

sh
enable: false
listen_url: ... # remove/comment

Register this agent to LAPI Crowdsec main server

sh
cscli lapi register - http://<CROWDSEC_MAIN_SERVER>:8080 --machine "YOUR-SRV-NAME" 
Restart-Service crowdsec

3. Approve the new agent on the main server

Check

sh
cscli machines list

Validate

sh
cscli machines validate "YOUR-SRV-NANE"

Double check

sh
cscli machines list

4. Set our new agent as bouncer on the main server

Add Bouncer

sh
cscli bouncers add "YOUR-SRV-NAME-Bouncer" # youcan put  your custom bouncer here

At the end you will get an api key, you will need to configure the bouncer on our agent.

5. Register the bouncer api key on the agent.

Add our main server bouncer api key

config/bouncers/

sh
api_endpoint: http://<YOUR_MAIN_SERVER_IP>:8080
api_key: <YOUR_API_KEY_HERE>

Reload your bouncer service

sh
Restart-Service cs-windows-firewall-bouncer