klea/selfhostingfromscratch
1
0
Fork 0
mirror of https://github.com/ImranR98/selfhostingfromscratch.git synced 2026-04-24 06:38:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

Use CrowdSec to block malicious IPs

Browse Source
This commit is contained in:
Imran Remtulla
2025-11-15 04:27:20 -05:00
parent 43118ca1ae
commit a4faca0eef
4 changed files with 82 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
crowdsec_config/profiles.yaml Executable file
View File

@@ -0,0 +1,14 @@
name: default_ip_remediation
#debug: true
filters:
- Alert.Remediation == true && Alert.GetScope() == "Ip"
decisions:
- type: ban
duration: 672h
#duration_expr: Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)
# notifications:
# - http_default # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this.
# - slack_default # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this.
# - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this.
# - email_default # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this.
on_success: break