CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.
Follow these steps to get the add-on installed on your system:
- Navigate in your Home Assistant frontend to Settings -> Add-ons -> ADD-ON STORE.
- Click on the icon at the top right then respositories and add
https://github.com/crowdsecurity/home-assistant-addons
- Find the "Crowdsec" add-on in Crowdsec add-ons repository and click it.
- Click on the "INSTALL" button.
The add-on is configured by default to parse and detect bruteforce on home-assistant login interface.
Crowdsec addon expose a web terminal to access the container where Crowdsec is running. So you can interact with Crowdsec (bouncers management for example).
You can add the Crowdsec terminal in sidebar :
- Go to : http://homeassistant.local:8123/hassio/dashboard and click on Crowdsec addon.
- Enable "Show in sidebar" option.
Or you can open the crowdsec terminal (on the addon info page), by clicking on "OPEN WEB UI" button.
The Crowdsec add-on has journald
option activated to map host system journal to process all the logs (even others add-ons logs).
With that, you can even parse and detect behaviors on Nginx Proxy Manager or Nginx addons for example.
This add-on has also persistent config and data files that are store at /config/.storage/crowdsec/
.
acquisition: |
---
source: journalctl
journalctl_filter:
- "--directory=/var/log/journal/"
labels:
type: syslog
collections:
- crowdsecurity/home-assistant
parsers: []
scenarios: []
postoverflows: []
parsers_to_disable:
- crowdsecurity/whitelists
scenarios_to_disable: []
disable_online_api: false
Acquisition config file for crowdsec (see documentation). The default acquisition allow Crowdsec add-on to process all logs from the host system journal.
All the collections you want to install before running crowdsec.
All the parsers you want to install before running crowdsec.
All the scenarios you want to install before running crowdsec.
All the postoverflows you want to install before running crowdsec.
All the parsers you want to remove before running crowdsec.
All the scenarios you want to remove before running crowdsec.
Disable Online API registration for signal sharing.
Got questions?
You have several options to get them answered:
- The Crowdsec Discord Chat Server.
- The Home Assistant Community Forum.
In case you've found a bug, please open an issue on our GitHub.