Crowdsec-cheat-sheet
Zur Navigation springen
Zur Suche springen
CrowdSec Cheat Sheet
Status und Überwachung
- systemctl status crowdsec
- journalctl -u crowdsec -f
- cscli metrics
- cscli version
Szenarien und Parser
- cscli scenarios list
- cscli scenarios install crowdsecurity/port-scan
- cscli scenarios enable crowdsecurity/port-scan
- cscli scenarios disable crowdsecurity/ssh-bf
- cscli parsers list
- cscli parsers upgrade
- cscli hub update
Entscheidungen (Bans)
- cscli decisions list
- cscli decisions delete --ip 192.0.2.42
- cscli decisions add --ip 192.0.2.42 --reason "test"
- cscli alerts list
- cscli alerts delete --id <id>
Bouncer-Verwaltung
- cscli bouncers list
- cscli bouncers add my-bouncer
- cscli bouncers delete <bouncer-name>
Logs und Config-Verzeichnisse
- ls /etc/crowdsec/config.yaml
- ls /etc/crowdsec/scenarios/
- ls /etc/crowdsec/parsers/
- less /var/log/crowdsec.log
- less /var/lib/crowdsec/data/local_api_credentials.yaml
Test-Angriffe erzeugen
- nmap -Pn -p- <ziel-ip>
- nc <ziel-ip> 22
- curl http://<ziel-ip>:9999
- hydra -l root -P /usr/share/wordlists/rockyou.txt ssh://<ziel-ip>
Zusatztools
- crowdsec-firewall-bouncer status
- cscli console enroll
- cscli machines list