Setting up a Multi-Server Security Engine Installation
This guide demonstrates how to configure a multi-server CrowdSec Security Engine, enhancing your network's collective security. One server acts as the parent (server-1), receiving alerts from child Log Processors (server-2 and server-3). This architecture allows for distributed threat detection and remediation.
Server-1, the parent, hosts the HTTP REST API (LAPI) and manages signal storage and distribution. Server-2 and server-3, the children, are internet-facing, forwarding alerts to server-1. Remediation, managed by Remediation Components, is independent of detection and relies on server-1's LAPI. Child Log Processors have their LAPI disabled to conserve resources.
Key Considerations:
- A PostgreSQL backend is recommended for server-1's LAPI for enhanced stability (though SQLite with WAL is a viable alternative).
- Requires three Ubuntu 22.04 servers: one parent and two children, connected via a local network.
Setup Steps:
1. Parent LAPI Server (server-1):
-
Install CrowdSec: Follow the installation guide and use the provided commands:
curl -s https:/packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash sudo apt install crowdsec
Copy after login -
(Optional) PostgreSQL Setup: If using PostgreSQL, install it (
sudo apt install postgresql), create thecrowdsecdatabase and user, grant privileges, and update/etc/crowdsec/config.yaml'sdb_configsection accordingly. Regenerate credentials and restart CrowdSec.sudo -i -u postgres psql # ... PostgreSQL commands ... sudo cscli machines add -a –force sudo systemctl restart crowdsec
Copy after login -
Expose LAPI Port: Modify
/etc/crowdsec/config.yamlto expose the LAPI port (e.g.,10.0.0.1:8080).api: server: listen_uri: 10.0.0.1:8080Copy after login
2. Child Log Processors (server-2 & server-3):
-
Install CrowdSec: Use the same installation commands as server-1.
-
Register with LAPI: Register each child with server-1's LAPI:
sudo cscli lapi register -u http://10.0.0.1:8080
Copy after login -
Disable Child LAPI: Disable the local API in
/etc/crowdsec/config.yaml:api: server: enable: falseCopy after login -
Validate Registration: On server-1, validate each child using
cscli machines listandcscli machines validate <machine_id></machine_id>. -
Restart CrowdSec: Restart CrowdSec on each child.
3. Remediation (server-2 & server-3):
-
Generate API Key: On server-1, generate an API key for each child using
cscli bouncers add <bouncer_name></bouncer_name>. -
Install Remediation Component: Install the
cs-firewall-bouncer-iptablescomponent. -
Configure Remediation Component: Configure
/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yamlwith the API URL and key. -
Restart Remediation Component: Restart the
crowdsec-firewall-bouncerservice.
Important Notes:
- Communication between servers is currently unencrypted HTTP (consider HTTPS for production).
- This setup lacks monitoring and alerting (refer to CrowdSec documentation for details).
- Server-1 is a single point of failure.
This enhanced setup provides a more robust and scalable security posture. Future articles will cover high-availability configurations. Engage with the CrowdSec community for support and feedback.
The above is the detailed content of Setting up a Multi-Server Security Engine Installation. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1653
14
1413
52
1305
25
1251
29
1224
24
What is the Linux best used for?
Apr 03, 2025 am 12:11 AM
Linux is best used as server management, embedded systems and desktop environments. 1) In server management, Linux is used to host websites, databases, and applications, providing stability and reliability. 2) In embedded systems, Linux is widely used in smart home and automotive electronic systems because of its flexibility and stability. 3) In the desktop environment, Linux provides rich applications and efficient performance.
What are the 5 basic components of Linux?
Apr 06, 2025 am 12:05 AM
The five basic components of Linux are: 1. The kernel, managing hardware resources; 2. The system library, providing functions and services; 3. Shell, the interface for users to interact with the system; 4. The file system, storing and organizing data; 5. Applications, using system resources to implement functions.
What is the most use of Linux?
Apr 09, 2025 am 12:02 AM
Linux is widely used in servers, embedded systems and desktop environments. 1) In the server field, Linux has become an ideal choice for hosting websites, databases and applications due to its stability and security. 2) In embedded systems, Linux is popular for its high customization and efficiency. 3) In the desktop environment, Linux provides a variety of desktop environments to meet the needs of different users.
How to learn Linux basics?
Apr 10, 2025 am 09:32 AM
The methods for basic Linux learning from scratch include: 1. Understand the file system and command line interface, 2. Master basic commands such as ls, cd, mkdir, 3. Learn file operations, such as creating and editing files, 4. Explore advanced usage such as pipelines and grep commands, 5. Master debugging skills and performance optimization, 6. Continuously improve skills through practice and exploration.
What is a Linux device?
Apr 05, 2025 am 12:04 AM
Linux devices are hardware devices running Linux operating systems, including servers, personal computers, smartphones and embedded systems. They take advantage of the power of Linux to perform various tasks such as website hosting and big data analytics.
Does the internet run on Linux?
Apr 14, 2025 am 12:03 AM
The Internet does not rely on a single operating system, but Linux plays an important role in it. Linux is widely used in servers and network devices and is popular for its stability, security and scalability.
What are the disadvantages of Linux?
Apr 08, 2025 am 12:01 AM
The disadvantages of Linux include user experience, software compatibility, hardware support, and learning curve. 1. The user experience is not as friendly as Windows or macOS, and it relies on the command line interface. 2. The software compatibility is not as good as other systems and lacks native versions of many commercial software. 3. Hardware support is not as comprehensive as Windows, and drivers may be compiled manually. 4. The learning curve is steep, and mastering command line operations requires time and patience.
What are Linux operations?
Apr 13, 2025 am 12:20 AM
The core of the Linux operating system is its command line interface, which can perform various operations through the command line. 1. File and directory operations use ls, cd, mkdir, rm and other commands to manage files and directories. 2. User and permission management ensures system security and resource allocation through useradd, passwd, chmod and other commands. 3. Process management uses ps, kill and other commands to monitor and control system processes. 4. Network operations include ping, ifconfig, ssh and other commands to configure and manage network connections. 5. System monitoring and maintenance use commands such as top, df, du to understand the system's operating status and resource usage.
