[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#972573: marked as done (RFP: crowdsec -- lightweight and collaborative security engine)

Your message dated Tue, 9 Feb 2021 21:12:09 +0200
with message-id <20210209191209.GA31529@localhost>
and subject line crowdsec is now in unstable
has caused the Debian Bug report #972573,
regarding RFP: crowdsec -- lightweight and collaborative security engine
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
972573: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972573
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: wnpp
Severity: wishlist

* Package name    : crowdsec
  Version         : 0.3.5
  Upstream Author : Crowd Security
* URL             : https://crowdsec.net/
* License         : MIT/Expat?
  Programming Lang: Golang
  Description     : lightweight agent to detect and respond to bad behaviours

Crowdsec is an open-source, lightweight software, detecting peers with
aggressive behaviors to prevent them from accessing your systems. Its
user friendly design and assistance offers a low technical barrier of
entry and nevertheless a high security gain.

Processing is done in 5 steps:

 1. Read Data sources (log files, streams, trails, messages ...),
    normalize and enrich signals
 
 2. Matching those signals to behavior patterns, aka scenarios (*)
 
 3. If an unwanted behavior is detected, deal with it through a
    bouncer : a software component integrated into your applicative
    stack that supports various remediations such as block, return
    403, and soon captcha, 2FA, etc.

 4. (ONLY) The aggressive IP, the scenario name triggered and a
    timestamp is then sent to our curation platform (to avoid
    poisoning & false positives)

 5. If verified, this IP is then integrated to the block list
    continuously distributed to all CrowdSec clients (which is used as
    an enrichment source in step 1)

By detecting, blocking and sharing the threat they faced, all clients
are reinforcing each-others (hence the name Crowd-Security). Crowdsec
is designed for modern infrastructures, with its "Detect Here, Remedy
There" approach, letting you analyse logs coming from several sources
in one place and block threats at various levels (applicative, system,
infrastructural) of your stack.

(*) CrowdSec ships by default with scenario (brute force, port scan,
web scan, etc.) adapted for most context, but you can easily extend it
by picking more of them from the hub. It is also very easy to adapt an
existing one or create one yourself.

====

This is similar to fail2ban and sshguard, but with the extra touch
that it allows for federation and distribution of blocklists. It also
integrates with Prometheus, also packaged in Debian.

I haven't tested it. I guess it could be maintained by the Go team?

Source code is available here: https://github.com/crowdsecurity/crowdsec

The software is free (MIT), but to get access to the crowd-sourced
reputation data, you must also share it. The server-side of things is
also non-free.

--- End Message ---
--- Begin Message --- 
crowdsec is now in unstable:
https://tracker.debian.org/pkg/crowdsec

cu
Adrian

--- End Message ---
Reply to: