beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

update schema and readme

Browse source
This commit is contained in:
erenJag 2021-02-25 10:29:29 +01:00
parent efa16fc2df
commit a619e57d7e
2 changed files with 27 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
examples/docker-compose/README.md
View file

@ -10,7 +10,7 @@ This example contains multiple containers :
* crowdsec : it will read reverse-proxy logs from the shared volume
* dashboard : we use [metabase](https://hub.docker.com/r/metabase/metabase) to display crowdsec database data.
We have chosen the simplest way to collect logs (by sharing volumes between containers), if you are in production, you are probably using logging-driver to centralize logs with rsyslog or another driver, so don't forget to adapt the crowdsec docker-compose configuration to read the logs properly.
We have chosen the simplest way to collect logs (by sharing volumes between containers), if you are in production, you are probably using [logging-driver](https://docs.docker.com/config/containers/logging/configure/) to centralize logs with rsyslog or another driver, so don't forget to adapt the crowdsec docker-compose configuration to read your logs properly.
**Prerequisites:** [Docker](https://docs.docker.com/engine/install/) / [Docker Compose](https://docs.docker.com/compose/install/)
@ -24,14 +24,35 @@ Then to see the status : `docker-compose ps`
## Step 2: Install & Configure bouncer on host
Now we have crowdsec up and running, we can deploy the firewall bouncer on the host machine. It will fetch IPs to block from the crowdsec Local API deploy in docker container.
```bash
wget https://github.com/crowdsecurity/cs-firewall-bouncer/releases/download/v0.0.10/cs-firewall-bouncer.tgz
tar xvzf cs-firewall-bouncer.tgz
cd cs-firewall-bouncer-v0.0.10/
sudo ./install.sh
```
Then you need to create bouncer API key to permit the bouncer to query crowdsec Local API.
```
$ docker-compose exec crowdsec cscli bouncers add test
Api key for 'test':
c7eb8d2789dcff96a7aa6fd0b52425ea
Please keep this key since you will not be able to retreive it!
```
Then add it to the cs-firewall-bouncer config file on the host
```
sudo vim /etc/crowdsec/cs-firewall-bouncer/cs-firewall-bouncer.yaml
```
## Step 3: Configure dashboard
The dashboard is deployed using static metabase.db ([explained here](https://docs.crowdsec.net/faq/#how-to-have-a-dashboard-without-docker)), so you have to use the defaults credentials to connect to the database, then update immediatly those credentials.
Then you need to update the crowdsec database path :
* Go to `http://localhost:3003/` and connect with defaults credentials
* Go to `http://localhost:3003/admin/databases/2` and modify the file path `/var/lib/crowdsec/data/crowdsec.db`
* Save changes and go back to the home, you'll see the active decisions pulled from the online API.
## Step 4: Simulate an attack and check detection + prevention

BIN
examples/docker-compose/schema.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 46 KiB

After

Width:  |  Height:  |  Size: 174 KiB