Skip to content

Crowdsec

Official site

docs

crowsec tags

docker-compose.yml

YAML
services:
  crowdsec:
    image: crowdsecurity/crowdsec
    restart: unless-stopped
    ports:
      - "8080:8080"
      - "6060:6060"
    volumes:
      - ./acquis.d:/etc/crowdsec/acquis.d
      - ./crowdsec-db:/var/lib/crowdsec/data/
      - /var/log:/var/log:ro
      - /webapps/nginx-pm/data/logs:/log/npm:ro
      - /webapps/docker-mail-server/data/dms/mail-logs:/log/dms:ro
    environment:
      # These collection contains parsers and scenarios for postfix and dovecot
      COLLECTIONS: crowdsecurity/postfix crowdsecurity/dovecot crowdsecurity/sshd crowdsecurity/nginx-proxy-manager crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/iptables crowdsecurity/linux
      TZ: Europe/Belgrade
  • Recommended perisisting volumes
YAML
    volumes:
    - crowdsec-db:/var/lib/crowdsec/data/ ## Data Directory
    - crowdsec-config:/etc/crowdsec/ ## Configuration Directory

Collecting logs

  • dms.yml

docker mail server

YAML
---
source: file
filenames:
  - /log/dms/mail.log
labels:
  type: syslog
  • ssh.yaml
YAML
filenames:
 - /var/log/auth.log
 - /var/log/syslog
labels:
  type: syslog
  • npm.yaml
YAML
filenames:
  - /log/npm/*.log
labels:
  type: nginx-proxy-manager