My recollection is that Fail2Ban has some default settings, but is mostly reactionary in terms of blacklisting things that it observes trying to get in. Crowdsec behaves in a similar vein but, as the name implies, includes a lot of crowdsourced rules and preventative measures.
Comment on Nextcloud zero day security
False@lemmy.world 1 year agoHow is this different from Fail2Ban?
TwinHaelix@reddthat.com 1 year ago
Comptero@feddit.ch 1 year ago
In my understanding fail2ban will block ips if they are detected to do brutforce or use known exploits.
Crowdsec will share this IP via a blocklist to all subscribte systems. You will benefit form the detection of other systems and not only your own.
johntash@eviltoast.org 1 year ago
Iirc crowdsec is like fail2ban but blocks ips reported by other servers, not just ones attacking your server. Kinda like a distributed fail2ban I guess?
False@lemmy.world 1 year ago
Neat