crowdsec

Identity

• Unit: crowdsec.service
• Config: /etc/crowdsec/config.yaml (main), /etc/crowdsec/acquis.yaml (log sources), /etc/crowdsec/profiles.yaml (decision profiles)
• Decisions DB: /var/lib/crowdsec/data/crowdsec.db
• Log: journalctl -u crowdsec, /var/log/crowdsec/crowdsec.log
• Install: Official script (curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash) or distro package repo

Architecture

CrowdSec has three distinct layers that must all be present for traffic to actually be blocked: