# CrowdSec Quick Reference Card ## Setup Alias (Recommended) Add to your `~/.bashrc`: ```bash alias cscli='ssh 10.0.4.14 "docker exec \$(docker ps -qf name=crowdsec_crowdsec) cscli"' ``` Then use: `cscli decisions list` instead of the full command. --- ## Most Common Commands ### View Active Bans ```bash ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions list' ``` ### Ban an IP for 4 Hours ```bash ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions add --ip 1.2.3.4 --duration 4h' ``` ### Unban an IP ```bash ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions delete --ip 1.2.3.4' ``` ### View Recent Alerts (What Triggered Bans) ```bash ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli alerts list' ``` ### Check Status & Metrics ```bash ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli metrics' ``` ### Verify Bouncer Connected ```bash ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli bouncers list' ``` ### View Installed Collections ```bash ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli collections list' ``` ### View Traefik Access Logs ```bash tail -f /home/doc/projects/swarm-data/traefik/logs/access.log ``` ### View CrowdSec Logs ```bash docker service logs crowdsec_crowdsec --tail 50 --follow ``` --- ## Add Protection to a Service ### Docker Swarm Service (via labels) ```yaml deploy: labels: - "traefik.http.routers.myapp.middlewares=crowdsec@file" ``` ### External Service (in dynamic.yml) ```yaml http: routers: myservice: middlewares: - crowdsec ``` --- ## Troubleshooting ### Restart CrowdSec ```bash docker service update --force crowdsec_crowdsec ``` ### Restart Traefik ```bash docker service update --force traefik_traefik ``` ### Check if Logs Are Being Read ```bash ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli metrics show acquisition' ``` ### View Service Status ```bash docker service ls | grep -E "crowdsec|traefik" ``` --- ## File Locations | Purpose | Path | |---------|------| | CrowdSec Stack | `/home/doc/projects/homelab/frostlabs/crowdsec/stack.yml` | | Log Config | `/home/doc/projects/homelab/frostlabs/crowdsec/acquis.yaml` | | Traefik Config | `/home/doc/projects/homelab/frostlabs/traefik/dynamic.yml` | | Access Logs | `/home/doc/projects/swarm-data/traefik/logs/access.log` | | CrowdSec Data | `/home/doc/projects/swarm-data/crowdsec/` | --- ## Emergency: I Locked Myself Out ```bash # Delete all bans ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions delete --all' # Or unban specific IP ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions delete --ip YOUR.IP.HERE' ``` --- For detailed information, see: `/home/doc/projects/homelab/frostlabs/crowdsec/GUIDE.md`