crowdsec

Getting Started

1. Install the skill using the command above
2. Open your AI coding agent (Claude Code, Codex, Gemini CLI, or Cursor)
3. Reference the skill in your prompt
4. The AI will use the skill's capabilities automatically

Example Prompts

• "Deploy the latest build to the staging environment and run smoke tests"
• "Check the CI pipeline status and summarize any recent failures"

Overview

CrowdSec is an open-source, community-driven security engine. It detects attacks (brute force, DDoS, scans) by analyzing logs and shares threat intelligence with the community. Think fail2ban but collaborative and modern.

Instructions

Step 1: Install

curl -s https://install.crowdsec.net | sudo bash
sudo apt install crowdsec crowdsec-firewall-bouncer-iptables

Step 2: Configure Collections

# Install detection scenarios
sudo cscli collections install crowdsecurity/nginx
sudo cscli collections install crowdsecurity/sshd
sudo cscli collections install crowdsecurity/linux
sudo cscli collections list

Step 3: Monitor

sudo cscli decisions list      # blocked IPs
sudo cscli alerts list         # alerts
sudo cscli metrics             # statistics

Step 4: Docker Deployment

# docker-compose.yml — CrowdSec with Nginx bouncer
services:
  crowdsec:
    image: crowdsecurity/crowdsec
    volumes:
      - /var/log/nginx:/var/log/nginx:ro
      - crowdsec_config:/etc/crowdsec
      - crowdsec_data:/var/lib/crowdsec/data
    environment:
      COLLECTIONS: "crowdsecurity/nginx crowdsecurity/http-cve"
  bouncer:
    image: crowdsecurity/nginx-bouncer
    environment:
      CROWDSEC_BOUNCER_API_KEY: your-api-key
volumes:
  crowdsec_config:
  crowdsec_data:

Guidelines

• Free and open-source. Community shares 10M+ threat signals.
• Bouncers enforce decisions — iptables, nginx, Cloudflare, AWS WAF.
• Lower false positives than fail2ban due to community-validated intelligence.
• Console (app.crowdsec.net) provides dashboard and threat visualization.