Setting up a Multi-Server Security Engine Installation
Mar 09, 2025 pm 12:02 PM
This guide demonstrates how to configure a multi-server CrowdSec Security Engine, enhancing your network's collective security. One server acts as the parent (server-1), receiving alerts from child Log Processors (server-2 and server-3). This architecture allows for distributed threat detection and remediation.
Server-1, the parent, hosts the HTTP REST API (LAPI) and manages signal storage and distribution. Server-2 and server-3, the children, are internet-facing, forwarding alerts to server-1. Remediation, managed by Remediation Components, is independent of detection and relies on server-1's LAPI. Child Log Processors have their LAPI disabled to conserve resources.
Key Considerations:
- A PostgreSQL backend is recommended for server-1's LAPI for enhanced stability (though SQLite with WAL is a viable alternative).
- Requires three Ubuntu 22.04 servers: one parent and two children, connected via a local network.
Setup Steps:
1. Parent LAPI Server (server-1):
-
Install CrowdSec: Follow the installation guide and use the provided commands:
curl -s https:/packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash sudo apt install crowdsec
-
(Optional) PostgreSQL Setup: If using PostgreSQL, install it (
sudo apt install postgresql), create thecrowdsecdatabase and user, grant privileges, and update/etc/crowdsec/config.yaml'sdb_configsection accordingly. Regenerate credentials and restart CrowdSec.sudo -i -u postgres psql # ... PostgreSQL commands ... sudo cscli machines add -a –force sudo systemctl restart crowdsec
-
Expose LAPI Port: Modify
/etc/crowdsec/config.yamlto expose the LAPI port (e.g.,10.0.0.1:8080).api: server: listen_uri: 10.0.0.1:8080
2. Child Log Processors (server-2 & server-3):
-
Install CrowdSec: Use the same installation commands as server-1.
-
Register with LAPI: Register each child with server-1's LAPI:
sudo cscli lapi register -u http://10.0.0.1:8080
-
Disable Child LAPI: Disable the local API in
/etc/crowdsec/config.yaml:api: server: enable: false -
Validate Registration: On server-1, validate each child using
cscli machines listandcscli machines validate <machine_id></machine_id>. -
Restart CrowdSec: Restart CrowdSec on each child.
3. Remediation (server-2 & server-3):
-
Generate API Key: On server-1, generate an API key for each child using
cscli bouncers add <bouncer_name></bouncer_name>. -
Install Remediation Component: Install the
cs-firewall-bouncer-iptablescomponent. -
Configure Remediation Component: Configure
/etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yamlwith the API URL and key. -
Restart Remediation Component: Restart the
crowdsec-firewall-bouncerservice.
Important Notes:
- Communication between servers is currently unencrypted HTTP (consider HTTPS for production).
- This setup lacks monitoring and alerting (refer to CrowdSec documentation for details).
- Server-1 is a single point of failure.
This enhanced setup provides a more robust and scalable security posture. Future articles will cover high-availability configurations. Engage with the CrowdSec community for support and feedback.
The above is the detailed content of Setting up a Multi-Server Security Engine Installation. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Install LXC (Linux Containers) in RHEL, Rocky & AlmaLinux
Jul 05, 2025 am 09:25 AM
LXD is described as the next-generation container and virtual machine manager that offers an immersive for Linux systems running inside containers or as virtual machines. It provides images for an inordinate number of Linux distributions with support
7 Ways to Speed Up Firefox Browser in Linux Desktop
Jul 04, 2025 am 09:18 AM
Firefox browser is the default browser for most modern Linux distributions such as Ubuntu, Mint, and Fedora. Initially, its performance might be impressive, however, with the passage of time, you might notice that your browser is not as fast and resp
How to troubleshoot DNS issues on a Linux machine?
Jul 07, 2025 am 12:35 AM
When encountering DNS problems, first check the /etc/resolv.conf file to see if the correct nameserver is configured; secondly, you can manually add public DNS such as 8.8.8.8 for testing; then use nslookup and dig commands to verify whether DNS resolution is normal. If these tools are not installed, you can first install the dnsutils or bind-utils package; then check the systemd-resolved service status and configuration file /etc/systemd/resolved.conf, and set DNS and FallbackDNS as needed and restart the service; finally check the network interface status and firewall rules, confirm that port 53 is not
How would you debug a server that is slow or has high memory usage?
Jul 06, 2025 am 12:02 AM
If you find that the server is running slowly or the memory usage is too high, you should check the cause before operating. First, you need to check the system resource usage, use top, htop, free-h, iostat, ss-antp and other commands to check CPU, memory, disk I/O and network connections; secondly, analyze specific process problems, and track the behavior of high-occupancy processes through tools such as ps, jstack, strace; then check logs and monitoring data, view OOM records, exception requests, slow queries and other clues; finally, targeted processing is carried out based on common reasons such as memory leaks, connection pool exhaustion, cache failure storms, and timing task conflicts, optimize code logic, set up a timeout retry mechanism, add current limit fuses, and regularly pressure measurement and evaluation resources.
Install Guacamole for Remote Linux/Windows Access in Ubuntu
Jul 08, 2025 am 09:58 AM
As a system administrator, you may find yourself (today or in the future) working in an environment where Windows and Linux coexist. It is no secret that some big companies prefer (or have to) run some of their production services in Windows boxes an
How to Burn CD/DVD in Linux Using Brasero
Jul 05, 2025 am 09:26 AM
Frankly speaking, I cannot recall the last time I used a PC with a CD/DVD drive. This is thanks to the ever-evolving tech industry which has seen optical disks replaced by USB drives and other smaller and compact storage media that offer more storage
How to find my private and public IP address in Linux?
Jul 09, 2025 am 12:37 AM
In Linux systems, 1. Use ipa or hostname-I command to view private IP; 2. Use curlifconfig.me or curlipinfo.io/ip to obtain public IP; 3. The desktop version can view private IP through system settings, and the browser can access specific websites to view public IP; 4. Common commands can be set as aliases for quick call. These methods are simple and practical, suitable for IP viewing needs in different scenarios.
How to Install NodeJS 14 / 16 & NPM on Rocky Linux 8
Jul 13, 2025 am 09:09 AM
Built on Chrome’s V8 engine, Node.JS is an open-source, event-driven JavaScript runtime environment crafted for building scalable applications and backend APIs. NodeJS is known for being lightweight and efficient due to its non-blocking I/O model and
