Crowdsec finally comming to pfSense
-
@provels Did you test last one 1.6.1_1 released 9 hours ago?
-
@Antibiotic No, I can wait. You first!
-
@provels Any ideas when will come to official? or even planning to come?As i know a huge problem was with a use of ram disk. I do not know, they are resolve this problem or not!
-
-
@Antibiotic No idea. I hadn't even heard of it before this thread.
-
Yes, would be great if it is 'officially' supported by Pfsense.
-
Hello, any info about official support of this package?
-
We are also waiting for the package to land in the main repo. Any ETA ?
-
@btspce As I know a problem was with a RAM disk to use.
No any idea, how is going now))) -
Since Netgate recommends uninstalling 3rd party plugins prior to updating pfsense I’m wondering if that process is documented anywhere? I’ve seen the install docs but maybe I just missed the uninstall docs.
-
@wgstarks From https://doc.crowdsec.net/docs/getting_started/install_crowdsec_pfsense
# pkg remove pfSense-pkg-crowdsec crowdsec crowdsec-firewall-bouncer # rm -rf /usr/local/etc/crowdsec /usr/local/etc/rc.conf.d/crowdsec* # rm -rf /var/db/crowdsec /var/log/crowdsec* /var/run/crowdsec*
-
@provels said in Crowdsec finally comming to pfSense:
@wgstarks From https://doc.crowdsec.net/docs/getting_started/install_crowdsec_pfsense
# pkg remove pfSense-pkg-crowdsec crowdsec crowdsec-firewall-bouncer # rm -rf /usr/local/etc/crowdsec /usr/local/etc/rc.conf.d/crowdsec* # rm -rf /var/db/crowdsec /var/log/crowdsec* /var/run/crowdsec*
Thanks. I just found the doc you linked. Probably should have done the google search first.
-
This install didn't work for me using the doc linked just above. I got several errors regarding the FreeBSD version-
[24.03-RELEASE][root@heimdall.dahoney.me]/root: pkg add -f https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1.3-1.6.2/crowdsec-firewall-bouncer-0.0.28_3.pkg Fetching crowdsec-firewall-bouncer-0.0.28_3.pkg: 100% 4 MiB 3.8MB/s 00:01 Installing crowdsec-firewall-bouncer-0.0.28_3... pkg: wrong architecture: FreeBSD:14:amd64 instead of FreeBSD:15:amd64 Extracting crowdsec-firewall-bouncer-0.0.28_3: 100%
And then when I try the enroll command I get command not found-
[24.03-RELEASE][root@heimdall.dahoney.me]/root: sudo cscli console enroll -e context clzeha7*****************uikulpm sudo: Command not found. [24.03-RELEASE][root@heimdall.dahoney.me]/root: cscli console enroll -e context clzeha7*****************uikulpm cscli: Command not found.
The 4200 is running pfSense+ 24.03 if that matters.
Update: Installed the SUDO package and now I get this-
[24.03-RELEASE][root@heimdall.dahoney.me]/root: sudo cscli console enroll -e context clzeha7******************uikulpm WARN can't load CAPI credentials from '/usr/local/etc/crowdsec/online_api_credentials.yaml' (missing login field) FATA the Central API (CAPI) must be configured with 'cscli capi register'
-
What is so great about Crowdsec? Is this the same company that Blackrock investing purchased? Is this also the company responsible for the issue with windows updates? Is this part of Solarwinds and the security issues they had and or Fire eye?
Long story short what improves within pfSense with this software? Azure use? Cloud platform?
What’s the background with this company? Is it a subsidiary of another company? Please also explain if Blackrock invested in this business, I tend to avoid anything that Blackrock gets involved in as they have a history of destroying companies and taking patents and other intellectual property rights away from them in the process. I have seen this a number of times with tech companies and Blackrock investments, way to much to say it is a fluke anymore.
So why use Crowdsec? Why are they not on the main repo?
-
I think this video explains how it works, there is no relation with Crowdstrike.
-
@JonathanLee said in Crowdsec finally comming to pfSense:
What is so great about Crowdsec? Is this the same company that Blackrock investing purchased? Is this also the company responsible for the issue with windows updates? Is this part of Solarwinds and the security issues they had and or Fire eye?
Long story short what improves within pfSense with this software? Azure use? Cloud platform?
What’s the background with this company? Is it a subsidiary of another company? Please also explain if Blackrock invested in this business, I tend to avoid anything that Blackrock gets involved in as they have a history of destroying companies and taking patents and other intellectual property rights away from them in the process. I have seen this a number of times with tech companies and Blackrock investments, way to much to say it is a fluke anymore.
So why use Crowdsec? Why are they not on the main repo?
I believe you have them mistaken with CrowdStrike.
-
The fact that CrowdSec is still not available in the pfSense repository says a lot. It probably suggests that there are some problems with either maintaining its code or its implementation.
-
@wgstarks said in Crowdsec finally comming to pfSense:
[24.03-RELEASE][root@heimdall.dahoney.me]/root: pkg add -f https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1.3-1.6.2/crowdsec-firewall-bouncer-0.0.28_3.pkg Fetching crowdsec-firewall-bouncer-0.0.28_3.pkg: 100% 4 MiB 3.8MB/s 00:01 Installing crowdsec-firewall-bouncer-0.0.28_3... pkg: wrong architecture: FreeBSD:14:amd64 instead of FreeBSD:15:amd64 Extracting crowdsec-firewall-bouncer-0.0.28_3: 100%
If you click "Assets" on the release page you will find the archive for your version
https://github.com/crowdsecurity/pfSense-pkg-crowdsec/releases/download/v0.1.3-1.6.2/freebsd-15-amd64.tar
Download, untar and then pkg install in the right order.
-
Our PR has been sitting for the last 9 months or so without feedback: https://github.com/pfsense/FreeBSD-ports/pull/1311
If anybody from the project has a chance to provide us feedback as to what we need to do or improve to see it being merged, don't hesitate to reach out!
-
@mmetc
Do I need to uninstall the currently installed version first?