This ansible roles installs Crowdsec incl. hub, collections, scenarios, postoverflows, parsers, bouncers and prometheus endpoint.
Ansible master running version 2.12
Tested on:
platforms:
- name: Ubuntu
versions:
- bionic #18.04 LTS
- focal #20.04 LTS
- impish #21.10
- jammy #22.04 LTS Not tested
- name: Debian
versions:
- bookworm # 12
- bullseye # 11
- name: EL
versions:
- '9' #Rocky
- '8' #Rocky & alma Linux og Oracle Linux
- '7' #Oracle Linux
I use ansible-galaxy do make a requirements.yml
roles:
- geerlingguy.security
- alf149.crowdsec
And run
ansible-galaxy install -r requirements.yml
This wil import this role to your ansible projekt.
Available variables with default values (see defaults/main.yml
)
variables can be host specific in group_vars/host.yml
- hosts: all
vars:
cs_ban_duration: "duration: 4h" # PROD eg. 10m for testing
roles:
- alf149.crowdsec
ansible HOST -m shell -a "sudo cscli parsers install crowdsecurity/whitelists --force" ansible 'group' -m shell -a "sudo cscli parsers remove crowdsecurity/whitelists --force" ansible 'group' -m shell -a "sudo systemctl reload crowdsec"
You can get the crowdsec bouncer id from bouncers directory, i.e:
cat /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml.id
cs-firewall-bouncer-2715248097
And then add it to the lapi server list:
crowdsec_agent_bouncers:
- cs-firewall-bouncer-2715248097
So it must be done after installing the bouncer.
This role was originally created to use local psql database for lapi server. Now you can use an external MySQL database with:
crowdsec_lapi_db: mysql # Use mysql or psql
crowdsec_mysql_db_user: crowdsec
crowdsec_mysql_db_password: 'VeryLongPasswordPsqlChangeme2024!'
crowdsec_mysql_db_name: crowdsec
crowdsec_mysql_db_host: localhost
The role asumes the MySQL database is already configured and the access is granted.
- Test on Windows server
- Maby autodetect nftables/iptables and load the correct bouncer.
Use github issues or make a PR.