CrowdSec plugin to query Crowdsec server
Summary
CrowdSec is a free and open-source security automation tool leveraging local IP behavior detection and a community-powered IP reputation system.
Design proposition
-
Contributing:
- LLNG log parser to indicate suspicious IP (rejections, bruteForce rejections,...)
- (optional: LLNG logger plugin (used with
Logger::Duplicate
) to parse in real-time some rejections)
-
Ban:
- New CrowdSec plugin queries CrowdSec Local API to get decision. Depending of its configuration, it rejects directly or provides a session variable to be used in other plugins rules (needs strong authenticationLevel,...)