1.0.48 CrowdSec

[PathfinderNetworks]

I just saw the Twitter notification about the release of 1.0.48 and the addition of CrowdSec. Awesome!
But I don't see any information concerning how to activate/configure this option?

[The-Real-Admin-Guy]

Brilliant Feature... Just attempted to implement ...
Does not work!

Here is my Server console return:

"warnings": [
{
"msg": "Unrecognized configuration option "crowdsec".",
"id": 3,
"args": [
"crowdsec"
]
}

[Ylianst]

If you put any unknown value at the top level of the config.json, MeshCentral will show this warning. At the top level there are not many values allowed, these are the allowed ones:

'settings', 'domaindefaults', 'domains', 'configfiles', 'smtp', 'letsencrypt', 'peers', 'sms', 'sendgrid', 'sendmail', 'firebase', 'firebaserelay', '$schema'

If you see that warning, it's a good sign there is something wrong with your config.json. I have a video on the config.json syntax since it's causing issues with people that are not familiar with JSON.

[The-Real-Admin-Guy]

Hello Ylian,
Thanks the thing appears to work, only it ban my IP, whilst already authenticated and properly logged in, and locked me out of my server via browser...

It did however produce a beautiful page explaining it's a protected site against attacks...

Yet I cant see a warning on the Crowdsec panel page.

Any way to easily unban ip's like in my case?

[The-Real-Admin-Guy]

Problem solved, I had the listener on 6060 (Prometheus) instead of 8080.
Cheers!

[Ylianst]

Apologies for the delay... you need to configure it in the "settings" section like this:

{
  "settings": {
    "port": 443,
    "crowdsec": {
      "url": "http://localhost:8080",
      "apiKey": "BOUNCER_API_KEY",
      "fallbackRemediation": "ban"
    }
  }
}

The "fallbackRemediation" setting can be "bypass", "captcha" or "ban" and indicates what MeshCentral should do if it can't contact the CrowdSec agent. I will be recoding a YouTube video with a demonstration of MeshCentral with CrowdSec.

One side effect of the configuration is that you can do this:

{
  "settings": {
    "port": 443,
    "crowdsec": { "fallbackRemediation": "captcha" }
  }
}

Since the CrowdSec agent is not configured, it will always default back to fallback and always apply Captcha. So you instantly see the Captcha screen from any IP address.

[PathfinderNetworks]

Perfect. I'll try to get this setup later this week.

[PathfinderNetworks]

I'm just now getting back to this. I have an account set up with CrowdSec. But where do we find the bouncer API key? All I see at CrowdSec is a section providing three steps to install a Linux agent and bouncer (I run MeshCentral on a Windows server- but I assume the 'agent' is already built in to MeshCentral). The last step is to enroll the Crowdsec instance. Is the string shown in the command of step 3 the API key that needs to be entered in the 'apiKey' section of the CrowdSec settings?

[PathfinderNetworks]

Assuming the key shown in step 3 of the CrowdSec setup instructions is the APIkey, I just tried to configure Mesh to use this. I have the fallback remediation set to captcha.
However, it now always shows the captcha when I try to access my MeshCentral logon.
One question, in the settings example above, is the 'localhost:8080' what we need to enter or is that just an example placeholder and, instead, we need to enter the actual URL of our MeshCentral site?
I have the relevant section of my settings like this:
"CrowdSec": { "url": "http://localhost:8080", "apikey": "keyfromstep3ofCrowdSec", "fallbackremediation": "captcha" },