Crowdsec finally comming to pfSense
-
@mmetc FWIW, the crowdsec-1.6.0_1.pkg in the tar linked above worked fine for me.
https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1.3/freebsd-15-amd64.tar
However, the 1.6.1 package linked below pretty much blew up my system
https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/tag/v0.1.3-1.6.1
Caused a lockup on installation and save, Apparently ZFS saved my butt, directories below the root folder vanished, system eventually rolled itself back to mid-December. Perhaps a coincidence, but for me it was a mess.
EDIT - Ok, since I love hitting myself in the head with a hammer, I tried again... System crashed out shortly after, threw me back to 23.09 deleted my saved logs after 12/7 and threw a bunch of error's. Someone else can test, I've had it.
-
I attempted to upgrade only those two packages initially. After the upgrade, Crowdsec ceased to function, and even pressing 'save' on the settings page without making any changes, to force a restart, did not help.
Subsequently, I performed the complete 5-package upgrade following the sequence outlined in the documentation, but it still failed to start.
Ultimately, rebooting my pfSense resolved the issue, and it began working.
In previous upgrades of earlier versions, I recall never having to reboot my pfSense. It's strange.
-
Continuing my self-abuse, I have found that the 1.6.0 version works fine on 24.03-RELEASE AFAICT even though it's compiled for Freebsd 14. Both the 1.6.0_1 and 1.6.1 will crash out and fubar the system. Think I'll wait for the Netgate Seal of Approval.
-
@provels Did you test last one 1.6.1_1 released 9 hours ago?
-
@Antibiotic No, I can wait. You first!
-
@provels Any ideas when will come to official? or even planning to come?As i know a huge problem was with a use of ram disk. I do not know, they are resolve this problem or not!
-
-
@Antibiotic No idea. I hadn't even heard of it before this thread.
-
Yes, would be great if it is 'officially' supported by Pfsense.
-
Hello, any info about official support of this package?
-
We are also waiting for the package to land in the main repo. Any ETA ?
-
@btspce As I know a problem was with a RAM disk to use.
No any idea, how is going now))) -
Since Netgate recommends uninstalling 3rd party plugins prior to updating pfsense I’m wondering if that process is documented anywhere? I’ve seen the install docs but maybe I just missed the uninstall docs.
-
@wgstarks From https://doc.crowdsec.net/docs/getting_started/install_crowdsec_pfsense
# pkg remove pfSense-pkg-crowdsec crowdsec crowdsec-firewall-bouncer # rm -rf /usr/local/etc/crowdsec /usr/local/etc/rc.conf.d/crowdsec* # rm -rf /var/db/crowdsec /var/log/crowdsec* /var/run/crowdsec*
-
@provels said in Crowdsec finally comming to pfSense:
@wgstarks From https://doc.crowdsec.net/docs/getting_started/install_crowdsec_pfsense
# pkg remove pfSense-pkg-crowdsec crowdsec crowdsec-firewall-bouncer # rm -rf /usr/local/etc/crowdsec /usr/local/etc/rc.conf.d/crowdsec* # rm -rf /var/db/crowdsec /var/log/crowdsec* /var/run/crowdsec*
Thanks. I just found the doc you linked. Probably should have done the google search first.
-
This install didn't work for me using the doc linked just above. I got several errors regarding the FreeBSD version-
[24.03-RELEASE][root@heimdall.dahoney.me]/root: pkg add -f https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1.3-1.6.2/crowdsec-firewall-bouncer-0.0.28_3.pkg Fetching crowdsec-firewall-bouncer-0.0.28_3.pkg: 100% 4 MiB 3.8MB/s 00:01 Installing crowdsec-firewall-bouncer-0.0.28_3... pkg: wrong architecture: FreeBSD:14:amd64 instead of FreeBSD:15:amd64 Extracting crowdsec-firewall-bouncer-0.0.28_3: 100%
And then when I try the enroll command I get command not found-
[24.03-RELEASE][root@heimdall.dahoney.me]/root: sudo cscli console enroll -e context clzeha7*****************uikulpm sudo: Command not found. [24.03-RELEASE][root@heimdall.dahoney.me]/root: cscli console enroll -e context clzeha7*****************uikulpm cscli: Command not found.
The 4200 is running pfSense+ 24.03 if that matters.
Update: Installed the SUDO package and now I get this-
[24.03-RELEASE][root@heimdall.dahoney.me]/root: sudo cscli console enroll -e context clzeha7******************uikulpm WARN can't load CAPI credentials from '/usr/local/etc/crowdsec/online_api_credentials.yaml' (missing login field) FATA the Central API (CAPI) must be configured with 'cscli capi register'
-
What is so great about Crowdsec? Is this the same company that Blackrock investing purchased? Is this also the company responsible for the issue with windows updates? Is this part of Solarwinds and the security issues they had and or Fire eye?
Long story short what improves within pfSense with this software? Azure use? Cloud platform?
What’s the background with this company? Is it a subsidiary of another company? Please also explain if Blackrock invested in this business, I tend to avoid anything that Blackrock gets involved in as they have a history of destroying companies and taking patents and other intellectual property rights away from them in the process. I have seen this a number of times with tech companies and Blackrock investments, way to much to say it is a fluke anymore.
So why use Crowdsec? Why are they not on the main repo?
-
I think this video explains how it works, there is no relation with Crowdstrike.
-
@JonathanLee said in Crowdsec finally comming to pfSense:
What is so great about Crowdsec? Is this the same company that Blackrock investing purchased? Is this also the company responsible for the issue with windows updates? Is this part of Solarwinds and the security issues they had and or Fire eye?
Long story short what improves within pfSense with this software? Azure use? Cloud platform?
What’s the background with this company? Is it a subsidiary of another company? Please also explain if Blackrock invested in this business, I tend to avoid anything that Blackrock gets involved in as they have a history of destroying companies and taking patents and other intellectual property rights away from them in the process. I have seen this a number of times with tech companies and Blackrock investments, way to much to say it is a fluke anymore.
So why use Crowdsec? Why are they not on the main repo?
I believe you have them mistaken with CrowdStrike.
-
The fact that CrowdSec is still not available in the pfSense repository says a lot. It probably suggests that there are some problems with either maintaining its code or its implementation.