Ansible role to install crowdsec or specifically the crowdsec-agent and bouncers
- Crowdsec-agent is an open-source and lightweight software that allows you to detect peers with malevolent behaviors and block them from accessing your systems at various level (infrastructural, system, applicative)
- Bouncers are standalone software pieces in charge of acting upon a decision taken by crowdsec : block an IP, present a captcha, enforce MFA on a given user, etc.
In addition it let's you install (and remove)
- TBI Collections are bundle of parsers, [scenarios], postoverflows that form a coherent package and are present in
/etc/crowdsec/collections/
There are different installation options and the role will do the following
- on debian or rhel systems it installs the package from the repo
- for all others, it installs it from tarball
Tarball installtion does currently not work. I plan to enable this asap, but this requires to consider a proper update mechanism (see open issues)
N/A
There are common role variables and service specific ones. Most variables should be fine (as tested). Thus it's recommended to only define these variables
| Parameter | Description | Default Value |
|---|---|---|
cs_install_agent |
Whether to install the crowdsec agent | true |
cs_agent_version |
Version of the crowdsec agent to install | v1.0.13 |
cs_bouncers |
Dictionary of bouncers to be installed | - |
cs_console_token |
Token to register instance in Crowdstrike Console | - |
The installation process for bouncers differs. Thus
-
for debian or rhel install the bouncer from the repo (if available)
-
for any other case install from tarball, which are usually installed as follows
$ tar xzvf cs-firewall-bouncer.tgz $ sudo ./install.sh
One has to define cf_bouncers which contains the bouncer name and the version to be installed:
cs_bouncers:
cs-firewall-bouncer: ## bouncer name
version: v0.0.12 ## bouncer versionThe following bouncers are supported:
If your are missing something, please check the open issues and create one if necessary.
n/a
I use Hetzner Cloud for testing hence you can use this play
ansible-playbook tests/test.install.both.yml -e cs_console_token=XXXXFor this to work, export HCLOUD_TOKEN.
The following playbook installs the crowdsec agent with version cf_agent_version and the [bouncer][bounvers] cs-firewall-bouncer with version v0.0.12
- name: Install crowdsec agentd
hosts: "servers"
vars:
bouncers:
cs-firewall-bouncer:
version: v0.0.12
roles:
- papanito.crowdsecThis is Free Software, released under the terms of the Apache v2 license.
