Step1: Add the Crowdsec Repository
first, add the Crowdsec repository to your system
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bashStep 2: Update your repository indexes
sudo apt updateStep3: Install Crowdsec
Now, install Crowdsec on your Proxmox node:
sudo apt install crowdsecStep 4: Add the Firewall IPTables Browser
nft is in the works, but for now Proxmox is fully IPTables. The bouncer keeps your IPTables up-to-do with Crowdsec’s thread lists
sudo apt install crowdsec-firewall-bouncerStep 5: Configure SQLite Database Settings
To optimize the SQLite database, add use_wal: true to the db_config section in the configuration file. To not alter the original file, we wil add a local config.yaml for local adjustments. Open the file using:
nano /etc/crowdsec/config.yaml.localThen, update the db_config section as follows:
# Optimization for sqlite, see README.Debian
db_config:
use_wal: trueStep 6: Add exceptions for your ip arrays
To make sure your own IP is never added to your local crowdsec threadlist, create a whitelist file by doing:
sudo nano /etc/crowdsec/parsers/s02-enrich/01-my-whitelist.yamlThan add the following to this file:
name: my/whitelist ## Must be unqiue
description: "Whitelist events from my IP"
whitelist:
reason: "My IP"
ip:
- "192.168.1.1"You can also add a IP range with the following content:
name: my/whitelist ## Must be unqiue
description: "Whitelist events from my IP range"
whitelist:
reason: "My IP range"
cidr:
- "192.168.1.0/24"To activate your edits you will need to restart crowdsec, by entering:
sudo systemctl restart crowdsecStep 7: Start Crowdsec
Start the Crowdsec service with the following command. Autostart is enabled by default.
service crowdsec startStep 8: The Crowdsec Dashboard.
To be able to check and manage all your monitored systems on a single page, you need to add them to your crowdsec dashboard page at crowdsec. To add the current system, just do the following:
sudo cscli console enroll your_enroll_code_here