crowdsec
Installation
SKILL.md
Identity
- Unit:
crowdsec.service - Config:
/etc/crowdsec/config.yaml(main),/etc/crowdsec/acquis.yaml(log sources),/etc/crowdsec/profiles.yaml(decision profiles) - Decisions DB:
/var/lib/crowdsec/data/crowdsec.db - Log:
journalctl -u crowdsec,/var/log/crowdsec/crowdsec.log - Install: Official script (
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash) or distro package repo
Architecture
CrowdSec has three distinct layers that must all be present for traffic to actually be blocked:
Log files / journald
↓
Agent (crowdsec.service)
- Reads logs via acquis.yaml
- Applies parser chains to normalize events
- Runs scenarios to detect attack patterns
- Writes decisions to LAPI
Related skills