CrowdSec Security Engine

Overview

CrowdSec Security Engine is a powerful, open source solution for detecting and blocking malicious IPs, safeguarding both infrastructure and application security.

Manual

Releases

Community

---

Deployment

Opt in via Inventory toggle.

sb install crowdsec

Role Defaults

Use the Inventory to customize variables. (1)

1. Example override

   crowdsec_enabled: true
   

   Avoid overriding variables ending in _default

   When overriding variables that end in _default (like crowdsec_docker_envs_default), you replace the entire default configuration. Future updates that add new default values will not be applied to your setup, potentially breaking functionality.

   Instead, use the corresponding _custom variable (like crowdsec_docker_envs_custom) to add your changes. Custom values are merged with defaults, ensuring you receive updates.

ToggleConfiguration

crowdsec_enabled

# Type: bool (true/false)
crowdsec_enabled: false

crowdsec_console_enrollment_key

# Type: string
crowdsec_console_enrollment_key: ""

crowdsec_collections_install_default

# Type: list
crowdsec_collections_install_default:
  - "crowdsecurity/linux"
  - "crowdsecurity/iptables"
  - "crowdsecurity/sshd"
  - "crowdsecurity/whitelist-good-actors"
  - "crowdsecurity/traefik"
  - "crowdsecurity/plex"

crowdsec_collections_install_custom

# Type: list
crowdsec_collections_install_custom: []

crowdsec_collections_remove_default

# Type: list
crowdsec_collections_remove_default: []

crowdsec_collections_remove_custom

# Type: list
crowdsec_collections_remove_custom: []

crowdsec_scenarios_install_default

# Type: list
crowdsec_scenarios_install_default: []

crowdsec_scenarios_install_custom

# Type: list
crowdsec_scenarios_install_custom: []

crowdsec_scenarios_remove_default

# Type: list
crowdsec_scenarios_remove_default:
  - "crowdsecurity/http-crawl-non_statics"
  - "crowdsecurity/http-probing"

crowdsec_scenarios_remove_custom

# Type: list
crowdsec_scenarios_remove_custom: []

crowdsec_parsers_install_default

# Type: list
crowdsec_parsers_install_default: []

crowdsec_parsers_install_custom

# Type: list
crowdsec_parsers_install_custom: []

crowdsec_parsers_remove_default

# Type: list
crowdsec_parsers_remove_default: []

crowdsec_parsers_remove_custom

# Type: list
crowdsec_parsers_remove_custom: []

crowdsec_postoverflows_install_default

# Type: list
crowdsec_postoverflows_install_default: []

crowdsec_postoverflows_install_custom

# Type: list
crowdsec_postoverflows_install_custom: []

crowdsec_postoverflows_remove_default

# Type: list
crowdsec_postoverflows_remove_default: []

crowdsec_postoverflows_remove_custom

# Type: list
crowdsec_postoverflows_remove_custom: []

crowdsec_prometheus_enabled

# Type: bool (true/false)
crowdsec_prometheus_enabled: false

crowdsec_prometheus_level

# Type: string
crowdsec_prometheus_level: "full"

crowdsec_prometheus_listen_addr

# Type: string
crowdsec_prometheus_listen_addr: "172.19.0.1"

crowdsec_prometheus_listen_port

# Type: string
crowdsec_prometheus_listen_port: "6060"

crowdsec_whitelisted_routers

# Takes a list of exact router names to ignore when parsing Traefik access logs.
# Include @file or @docker depending on the source of said router:
# authelia@docker
# authelia-http@docker
# Remember to include api/http routers as well if needed.
# Type: list
crowdsec_whitelisted_routers: []

crowdsec_whitelisted_ips

# Takes list of specific IPs
# Type: list
crowdsec_whitelisted_ips: []

crowdsec_whitelisted_cidrs

# Takes list of CIDR notation IP ranges
# Type: list
crowdsec_whitelisted_cidrs: []