alfajorcito/ansible-role-crowdsec

Ansible role to install crowdsec agent and bouncers

Ansible role "papanito.crowdsec"

Ansible role to install crowdsec or specifically the crowdsec-agent and bouncers

• Crowdsec-agent is an open-source and lightweight software that allows you to detect peers with malevolent behaviors and block them from accessing your systems at various level (infrastructural, system, applicative)
• Bouncers are standalone software pieces in charge of acting upon a decision taken by crowdsec : block an IP, present a captcha, enforce MFA on a given user, etc.

In addition it let's you install (and remove)

• TBI Collections are bundle of parsers, [scenarios], postoverflows that form a coherent package and are present in /etc/crowdsec/collections/

Role Details

Installation

There are different installation options and the role will do the following

• on debian or rhel systems it installs the package from the repo
• for all others, it installs it from tarball

Tarball installtion does currently not work. I plan to enable this asap, but this requires to consider a proper update mechanism (see open issues)

Requirements

N/A

Role Variables

There are common role variables and service specific ones. Most variables should be fine (as tested). Thus it's recommended to only define these variables

Parameter	Description	Default Value
cs_install_agent	Whether to install the crowdsec agent	true
cs_agent_version	Version of the crowdsec agent to install	v1.0.13
cs_bouncers	Dictionary of bouncers to be installed	-
cs_console_token	Token to register instance in Crowdstrike Console	-

Bouncers

The installation process for bouncers differs. Thus

• for debian or rhel install the bouncer from the repo (if available)

• for any other case install from tarball, which are usually installed as follows

  $ tar xzvf cs-firewall-bouncer.tgz
  $ sudo ./install.sh

One has to define cf_bouncers which contains the bouncer name and the version to be installed:

cs_bouncers:
  cs-firewall-bouncer: ## bouncer name
     version: v0.0.12  ## bouncer version

The following bouncers are supported:

• cs-firewall-bouncer
• cs-nginx-bouncer

If your are missing something, please check the open issues and create one if necessary.

Dependencies

n/a

Testing

I use Hetzner Cloud for testing hence you can use this play

ansible-playbook tests/test.install.both.yml -e cs_console_token=XXXX

For this to work, export HCLOUD_TOKEN.

Example Playbook

The following playbook installs the crowdsec agent with version cf_agent_version and the [bouncer][bounvers] cs-firewall-bouncer with version v0.0.12

- name: Install crowdsec agentd
  hosts: "servers"
  vars:
    bouncers:
      cs-firewall-bouncer:
        version: v0.0.12

  roles:
     - papanito.crowdsec

License

This is Free Software, released under the terms of the Apache v2 license.

Author Info

Written by Papanito - Gitlab / Github