crowdsec v1.0.12 releases: open-source and lightweight software
About the crowdsec project
Crowdsec is an open-source and lightweight software that allows you to detect peers with malevolent behaviors and block them from accessing your systems at various levels (infrastructural, system, applicative).
To achieve this, Crowdsec reads logs from different sources (files, streams …) to parse, normalize and enrich them before matching them to threats patterns aka scenarios.
It is a modular and plug-able framework, it ships a large variety of well known popular scenarios; users can choose what scenarios they want to be protected from as well as easily add new custom ones to better fit their environment.
Detected malevolent peers can then be prevented from accessing your resources by deploying blockers at various levels (applicative, system, infrastructural) of your stack.
One of the advantages of Crowdsec, when compared to other solutions, is its crowded aspect: Meta information about detected attacks (source IP, time, and triggered scenario) are sent to a central API and then shared amongst all users.
Besides detecting and stopping attacks in real-time based on your logs, it allows you to preemptively block known bad actors from accessing your information system.
Key points
Fast assisted installation, no technical barrier
Out of the box detection
Easy blocker deployment
Easy dashboard access
This repository contains the code for the two main components of crowdsec :
- crowdsec : the daemon a-la-fail2ban that can read, parse, enrich, and apply heuristics to logs. This is the component in charge of “detecting” the attacks
- cscli: the cli tool mainly used to interact with crowdsec: ban/unban/view current bans, enable/disable parsers, and scenarios.
Changelog v1.0.12
New
- add autocompletion for
cscli
(#717) @AlteredCoder- refactor configuration management : extend non-root usage (#698) @AlteredCoder
Bug Fixes & Improvements
- ent update : 0.7.0 (#692) @buixor
cscli
hub mgmt improvements (#710) @buixor- bump pyyaml from 5.3.1 to 5.4 in /docs (#720) @dependabot
- bump jinja2 from 2.11.1 to 2.11.3 in /docs (#706) @dependabot
- ensure LAPI logs respect
log_media
(#707) @buixor- fix pattern registration (#715) @AlteredCoder
- debian package auto-testing (#701) @buixor
pkg/apiclient
: pick up dropped errors (#676) @alrs- fix null deref in cscli config (#694) @AlteredCoder
- use –no-cache with apk to skip manual apk update (#689) @PeterDaveHello
- don’t hide cscli version (#686) @AlteredCoder
- fix #677 (#684) @AlteredCoder
- reorder Dockerfile to improve image layer caching (#681) @PeterDaveHello
- pattern syntax consistence (#675) @buixor
- fix #670, improve decision delete doc (#673) @buixor
- pkg/metabase: fix dropped error (#652) @alrs
- remove pattern matching valid SSH disconnect (#668) @dani
- pkg/apiserver: fix dropped error (#700) @alrs
- fix #723 : intercept http2 stream closed errors (#724) @buixor
- get rid of tmp stuff (#738) @registergoofy
- Bump pygments from 2.6.1 to 2.7.4 in /docs (#725) @dependabot
- Static release (#737) @registergoofy
- dispatch on tag creation (#734) @sabban
- README update (#730) @buixor
- honor log levels for api : don’t log access logs if level is warn/err (#732) @buixor
Documentation & others
- FreeBSD changes (#718) (#721) @AlteredCoder
- update crowdsec tour documentation (#713) @AlteredCoder
- update README (#714) @AlteredCoder
- fix debian-like installation documentation (#708) @registergoofy
- clarify doc on onsuccess in parsers + add new date formats for dateparse (#703) @buixor
- unified functional tests (#696) @buixor
- misspelling in docker Readme (#688) @thib3113
- up installation documentation (#678) @buixor
- automatically update docker hub readme (github action) (#679) @he2ss
- update the config.yaml file (#674) @AlteredCoder
- clarify help message, fix #659 (#672) @buixor
- fix documentation in write_configurations (#666) @AlteredCoder
Geolite2 notice
This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.
Install & Use
Copyright (c) 2020 crowdsecurity