jpallison0625/frostlabs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John
2025-11-17 23:23:44 +00:00
parent fad38a229f
commit 51187de49a
3 changed files with 0 additions and 209 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
crowdsec/QUICK-REFERENCE.md
View File

@@ -1,131 +0,0 @@
# CrowdSec Quick Reference Card
## Setup Alias (Recommended)
Add to your `~/.bashrc`:
```bash
alias cscli='ssh 10.0.4.14 "docker exec \$(docker ps -qf name=crowdsec_crowdsec) cscli"'
```
Then use: `cscli decisions list` instead of the full command.
---
## Most Common Commands
### View Active Bans
```bash
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions list'
```
### Ban an IP for 4 Hours
```bash
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions add --ip 1.2.3.4 --duration 4h'
```
### Unban an IP
```bash
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions delete --ip 1.2.3.4'
```
### View Recent Alerts (What Triggered Bans)
```bash
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli alerts list'
```
### Check Status & Metrics
```bash
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli metrics'
```
### Verify Bouncer Connected
```bash
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli bouncers list'
```
### View Installed Collections
```bash
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli collections list'
```
### View Traefik Access Logs
```bash
tail -f /home/doc/projects/swarm-data/traefik/logs/access.log
```
### View CrowdSec Logs
```bash
docker service logs crowdsec_crowdsec --tail 50 --follow
```
---
## Add Protection to a Service
### Docker Swarm Service (via labels)
```yaml
deploy:
labels:
- "traefik.http.routers.myapp.middlewares=crowdsec@file"
```
### External Service (in dynamic.yml)
```yaml
http:
routers:
myservice:
middlewares:
- crowdsec
```
---
## Troubleshooting
### Restart CrowdSec
```bash
docker service update --force crowdsec_crowdsec
```
### Restart Traefik
```bash
docker service update --force traefik_traefik
```
### Check if Logs Are Being Read
```bash
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli metrics show acquisition'
```
### View Service Status
```bash
docker service ls | grep -E "crowdsec|traefik"
```
---
## File Locations
| Purpose | Path |
|---------|------|
| CrowdSec Stack | `/home/doc/projects/homelab/frostlabs/crowdsec/stack.yml` |
| Log Config | `/home/doc/projects/homelab/frostlabs/crowdsec/acquis.yaml` |
| Traefik Config | `/home/doc/projects/homelab/frostlabs/traefik/dynamic.yml` |
| Access Logs | `/home/doc/projects/swarm-data/traefik/logs/access.log` |
| CrowdSec Data | `/home/doc/projects/swarm-data/crowdsec/` |
---
## Emergency: I Locked Myself Out
```bash
# Delete all bans
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions delete --all'
# Or unban specific IP
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions delete --ip YOUR.IP.HERE'
```
---
For detailed information, see: `/home/doc/projects/homelab/frostlabs/crowdsec/GUIDE.md`

40
crowdsec/stack.yml
View File

@@ -1,40 +0,0 @@
services:
crowdsec:
image: crowdsecurity/crowdsec:latest
environment:
# Disable online API enrollment (use for local setup)
- DISABLE_ONLINE_API=false
# Set collections to install
- COLLECTIONS=crowdsecurity/traefik crowdsecurity/http-cve
# Enable Prometheus metrics
- METRICS_PORT=6060
volumes:
# Persistent CrowdSec configuration and data
- /home/doc/projects/swarm-data/crowdsec/config:/etc/crowdsec
- /home/doc/projects/swarm-data/crowdsec/data:/var/lib/crowdsec/data
# Traefik access logs (read-only)
- /home/doc/projects/swarm-data/traefik/logs:/var/log/traefik:ro
# Acquis configuration
- ./acquis.yaml:/etc/crowdsec/acquis.yaml:ro
networks:
- frostlabs
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.labels.task == control
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
healthcheck:
test: ["CMD", "cscli", "version"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
networks:
frostlabs:
external: true

38
portainer/stack.yml
View File

@@ -1,38 +0,0 @@
services:
portainer:
image: portainer/portainer-ce:latest
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- /home/doc/projects/swarm-data/portainer:/data
networks:
- frostlabs
ports:
- 9000:9000
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.labels.task == control
labels:
- "traefik.enable=true"
- "traefik.swarm.network=frostlabs"
- "traefik.http.routers.portainer.rule=Host(`portainer.frostlabs.me`)"
- "traefik.http.routers.portainer.entrypoints=websecure"
- "traefik.http.routers.portainer.tls=true"
- "traefik.http.routers.portainer.tls.certresolver=cloudflare"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
agent:
image: portainer/agent:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- frostlabs
deploy:
mode: global
networks:
frostlabs:
external: true