How is this different from Fail2Ban?
Comment on Nextcloud zero day security
beerclue@lemmy.world 1 year ago
Not only for Nextcloud, but I recommend setting up crowdsec for any publicly facing service. You’d be surprised by the amount of bots and script kiddies out there trying their luck…
False@lemmy.world 1 year ago
johntash@eviltoast.org 1 year ago
Iirc crowdsec is like fail2ban but blocks ips reported by other servers, not just ones attacking your server. Kinda like a distributed fail2ban I guess?
False@lemmy.world 1 year ago
Neat
TwinHaelix@reddthat.com 1 year ago
My recollection is that Fail2Ban has some default settings, but is mostly reactionary in terms of blacklisting things that it observes trying to get in. Crowdsec behaves in a similar vein but, as the name implies, includes a lot of crowdsourced rules and preventative measures.
Comptero@feddit.ch 1 year ago
In my understanding fail2ban will block ips if they are detected to do brutforce or use known exploits.
Crowdsec will share this IP via a blocklist to all subscribte systems. You will benefit form the detection of other systems and not only your own.
thisisawayoflife@lemmy.world 1 year ago
One of my next steps was hardening my OPNSense router as it handles all the edge network reverse proxy duties, so IDS was in the list. I’m digging into Crowdsec now, it looks like there’s an implementation for OPNsense. Thanks for the tip!