CrowdSec: a new open source and free cybersecurity tool for Linux

watcher31

Dear estimated community,

We would like to get your feedback on a new security project.

CrowdSec is free and open source (under an MIT License), with the source code available on GitHub. It is currently available for Linux, with ports to macOS and Windows on the roadmap.

This tool has been designed to protect servers, services, containers, or virtual machines exposed on the internet with a server-side agent. It was inspired by Fail2Ban and aims to be a modernized, collaborative version of that intrusion-prevention framework.

CrowdSec is written in Golang and was designed to run on modern, complex architectures such as clouds, lambdas, and containers. To achieve this, the solution is “decoupled,” meaning you can “detect here” (e.g., in your database logs) and “remedy there” (e.g., in your firewall or rproxy).

The goal is to leverage the power of the crowd to create a very accurate IP reputation database. When CrowdSec blocks a specific IP, the triggered scenario and the timestamp are sent to our API to be checked and integrated into the global consensus of bad IPs. All users can access it so they can also block these IPs and subsequently protect each other.

Our vision is that once the CrowdSec community is large enough, we will all generate, in real time, the most accurate IP reputation database available. This global reputation engine, coupled with local behavior assessment and remediation, should allow many businesses to achieve tighter security at a very low cost.

Currently, community members come from 60+ countries across 6 different continents. We are looking for more users and contributors to take the project to the next level.

We would love to hear your feedback and engage further discussions. If the interest is mutual and you'd like to find out more about this project, don't hesitate to comment or to contact us through our Gitter channel. Thank you!