2.9 KiB
2.9 KiB
CrowdSec Quick Reference Card
Setup Alias (Recommended)
Add to your ~/.bashrc:
alias cscli='ssh 10.0.4.14 "docker exec \$(docker ps -qf name=crowdsec_crowdsec) cscli"'
Then use: cscli decisions list instead of the full command.
Most Common Commands
View Active Bans
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions list'
Ban an IP for 4 Hours
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions add --ip 1.2.3.4 --duration 4h'
Unban an IP
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions delete --ip 1.2.3.4'
View Recent Alerts (What Triggered Bans)
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli alerts list'
Check Status & Metrics
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli metrics'
Verify Bouncer Connected
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli bouncers list'
View Installed Collections
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli collections list'
View Traefik Access Logs
tail -f /home/doc/projects/swarm-data/traefik/logs/access.log
View CrowdSec Logs
docker service logs crowdsec_crowdsec --tail 50 --follow
Add Protection to a Service
Docker Swarm Service (via labels)
deploy:
labels:
- "traefik.http.routers.myapp.middlewares=crowdsec@file"
External Service (in dynamic.yml)
http:
routers:
myservice:
middlewares:
- crowdsec
Troubleshooting
Restart CrowdSec
docker service update --force crowdsec_crowdsec
Restart Traefik
docker service update --force traefik_traefik
Check if Logs Are Being Read
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli metrics show acquisition'
View Service Status
docker service ls | grep -E "crowdsec|traefik"
File Locations
| Purpose | Path |
|---|---|
| CrowdSec Stack | /home/doc/projects/homelab/frostlabs/crowdsec/stack.yml |
| Log Config | /home/doc/projects/homelab/frostlabs/crowdsec/acquis.yaml |
| Traefik Config | /home/doc/projects/homelab/frostlabs/traefik/dynamic.yml |
| Access Logs | /home/doc/projects/swarm-data/traefik/logs/access.log |
| CrowdSec Data | /home/doc/projects/swarm-data/crowdsec/ |
Emergency: I Locked Myself Out
# Delete all bans
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions delete --all'
# Or unban specific IP
ssh 10.0.4.14 'docker exec $(docker ps -qf name=crowdsec_crowdsec) cscli decisions delete --ip YOUR.IP.HERE'
For detailed information, see: /home/doc/projects/homelab/frostlabs/crowdsec/GUIDE.md