Crowdsec finally comming to pfSense
-
@wgstarks From https://doc.crowdsec.net/docs/getting_started/install_crowdsec_pfsense
# pkg remove pfSense-pkg-crowdsec crowdsec crowdsec-firewall-bouncer # rm -rf /usr/local/etc/crowdsec /usr/local/etc/rc.conf.d/crowdsec* # rm -rf /var/db/crowdsec /var/log/crowdsec* /var/run/crowdsec* -
@provels said in Crowdsec finally comming to pfSense:
@wgstarks From https://doc.crowdsec.net/docs/getting_started/install_crowdsec_pfsense
# pkg remove pfSense-pkg-crowdsec crowdsec crowdsec-firewall-bouncer # rm -rf /usr/local/etc/crowdsec /usr/local/etc/rc.conf.d/crowdsec* # rm -rf /var/db/crowdsec /var/log/crowdsec* /var/run/crowdsec*Thanks. I just found the doc you linked. Probably should have done the google search first.
-
This install didn't work for me using the doc linked just above. I got several errors regarding the FreeBSD version-
[24.03-RELEASE][root@heimdall.dahoney.me]/root: pkg add -f https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1.3-1.6.2/crowdsec-firewall-bouncer-0.0.28_3.pkg Fetching crowdsec-firewall-bouncer-0.0.28_3.pkg: 100% 4 MiB 3.8MB/s 00:01 Installing crowdsec-firewall-bouncer-0.0.28_3... pkg: wrong architecture: FreeBSD:14:amd64 instead of FreeBSD:15:amd64 Extracting crowdsec-firewall-bouncer-0.0.28_3: 100%And then when I try the enroll command I get command not found-
[24.03-RELEASE][root@heimdall.dahoney.me]/root: sudo cscli console enroll -e context clzeha7*****************uikulpm sudo: Command not found. [24.03-RELEASE][root@heimdall.dahoney.me]/root: cscli console enroll -e context clzeha7*****************uikulpm cscli: Command not found.The 4200 is running pfSense+ 24.03 if that matters.
Update: Installed the SUDO package and now I get this-
[24.03-RELEASE][root@heimdall.dahoney.me]/root: sudo cscli console enroll -e context clzeha7******************uikulpm WARN can't load CAPI credentials from '/usr/local/etc/crowdsec/online_api_credentials.yaml' (missing login field) FATA the Central API (CAPI) must be configured with 'cscli capi register' -
What is so great about Crowdsec? Is this the same company that Blackrock investing purchased? Is this also the company responsible for the issue with windows updates? Is this part of Solarwinds and the security issues they had and or Fire eye?
Long story short what improves within pfSense with this software? Azure use? Cloud platform?
What’s the background with this company? Is it a subsidiary of another company? Please also explain if Blackrock invested in this business, I tend to avoid anything that Blackrock gets involved in as they have a history of destroying companies and taking patents and other intellectual property rights away from them in the process. I have seen this a number of times with tech companies and Blackrock investments, way to much to say it is a fluke anymore.
So why use Crowdsec? Why are they not on the main repo?
Make sure to upvote
-
I think this video explains how it works, there is no relation with Crowdstrike.
-
@JonathanLee said in Crowdsec finally comming to pfSense:
What is so great about Crowdsec? Is this the same company that Blackrock investing purchased? Is this also the company responsible for the issue with windows updates? Is this part of Solarwinds and the security issues they had and or Fire eye?
Long story short what improves within pfSense with this software? Azure use? Cloud platform?
What’s the background with this company? Is it a subsidiary of another company? Please also explain if Blackrock invested in this business, I tend to avoid anything that Blackrock gets involved in as they have a history of destroying companies and taking patents and other intellectual property rights away from them in the process. I have seen this a number of times with tech companies and Blackrock investments, way to much to say it is a fluke anymore.
So why use Crowdsec? Why are they not on the main repo?
I believe you have them mistaken with CrowdStrike.
-
The fact that CrowdSec is still not available in the pfSense repository says a lot. It probably suggests that there are some problems with either maintaining its code or its implementation.
-
@wgstarks said in Crowdsec finally comming to pfSense:
[24.03-RELEASE][root@heimdall.dahoney.me]/root: pkg add -f https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1.3-1.6.2/crowdsec-firewall-bouncer-0.0.28_3.pkg Fetching crowdsec-firewall-bouncer-0.0.28_3.pkg: 100% 4 MiB 3.8MB/s 00:01 Installing crowdsec-firewall-bouncer-0.0.28_3... pkg: wrong architecture: FreeBSD:14:amd64 instead of FreeBSD:15:amd64 Extracting crowdsec-firewall-bouncer-0.0.28_3: 100%If you click "Assets" on the release page you will find the archive for your version
https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1.3-1.6.2/freebsd-15-amd64.tar
Download, untar and then pkg install in the right order.
-
Our PR has been sitting for the last 9 months or so without feedback: https://github.com/pfsense/FreeBSD-ports/pull/1311
If anybody from the project has a chance to provide us feedback as to what we need to do or improve to see it being merged, don't hesitate to reach out!
-
@mmetc
Do I need to uninstall the currently installed version first? -
@mmetc said in Crowdsec finally comming to pfSense:
@wgstarks said in Crowdsec finally comming to pfSense:
[24.03-RELEASE][root@heimdall.dahoney.me]/root: pkg add -f https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1.3-1.6.2/crowdsec-firewall-bouncer-0.0.28_3.pkg Fetching crowdsec-firewall-bouncer-0.0.28_3.pkg: 100% 4 MiB 3.8MB/s 00:01 Installing crowdsec-firewall-bouncer-0.0.28_3... pkg: wrong architecture: FreeBSD:14:amd64 instead of FreeBSD:15:amd64 Extracting crowdsec-firewall-bouncer-0.0.28_3: 100%If you click "Assets" on the release page you will find the archive for your version
https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1.3-1.6.2/freebsd-15-amd64.tar
Download, untar and then pkg install in the right order.
Also not sure what the commands are to download, untar and install since I’m pretty sure the links will change for the untarred files.
-
@wgstarks said in Crowdsec finally comming to pfSense:
@mmetc said in Crowdsec finally comming to pfSense:
@wgstarks said in Crowdsec finally comming to pfSense:
[24.03-RELEASE][root@heimdall.dahoney.me]/root: pkg add -f https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1.3-1.6.2/crowdsec-firewall-bouncer-0.0.28_3.pkg Fetching crowdsec-firewall-bouncer-0.0.28_3.pkg: 100% 4 MiB 3.8MB/s 00:01 Installing crowdsec-firewall-bouncer-0.0.28_3... pkg: wrong architecture: FreeBSD:14:amd64 instead of FreeBSD:15:amd64 Extracting crowdsec-firewall-bouncer-0.0.28_3: 100%If you click "Assets" on the release page you will find the archive for your version
https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1.3-1.6.2/freebsd-15-amd64.tar
Download, untar and then pkg install in the right order.
Also not sure what the commands are to download, untar and install since I’m pretty sure the links will change for the untarred files.
Tracked down the answers for myself.
To download-fetch <link to tarball>To untar-
tar xvf <name of file>Install commands-
# setenv IGNORE_OSVERSION yes # pkg add -f /root/abseil-20230125.3.pkg # pkg add -f /root/re2-20240501.pkg # pkg add -f /root/crowdsec-firewall-bouncer-0.0.28_3.pkg # pkg add -f /root/crowdsec-1.6.2.pkg # pkg add -f /root/pfSense-pkg-crowdsec-0.1.3.pkgInstall whitelist-
sudo cscli parsers install crowdsecurity/whitelistsI deleted the originally installed pkg so re-registered-
sudo cscli capi registerAnd re-enrolled-
sudo cscli console enroll -e context clzeha7k80004l6087uikulpmAnd then reloaded the pkg-
sudo service crowdsec onereloadStill no crowdsec package in package manager though. Maybe that will get fixed later???
-
Have there been any more thoughts about including Crowdsec as an official pfSsense package?
-
@provels said in Crowdsec finally comming to pfSense:
Have there been any more thoughts about including Crowdsec as an official pfSsense package?
Upvoting this!
