Introducing Crowdsec: A Modernized, Collaborative Massively Multiplayer Firewall for Linux>
Linux Security – Brittany Day
CrowdSec is a massively multiplayer firewall designed to protect Linux servers, services, containers, or virtual machines exposed on the Internet with a server-side agent. It was inspired by Fail2Ban and aims to be a modernized, collaborative version of that intrusion-prevention tool.

CrowdSec is free and open-source (under an MIT License), with the source code available on GitHub. It uses a behavior analysis system to qualify whether someone is trying to hack you, based on your logs. If your agent detects such aggression, the offending IP is then dealt with and sent for curation. If this signal passes the curation process, the IP is then redistributed to all users sharing a similar technological profile to âimmunizeâ them against this IP.

CrowdSec is written in Golang and was designed to run on modern, complex architectures such as clouds, lambdas, and containers. To achieve this, it’s “decoupled,” meaning you can “detect here” (e.g., in your database logs) and “remedy there” (e.g., in your firewall or rproxy).

While the Crowdsec software currently looks like a spruced up Fail2Ban, the project’s goal is to leverage the power of the crowd to create a highly accurate IP reputation database. When CrowdSec bounces a specific IP, the triggered scenario and the timestamp are sent to our API to be checked and integrated into the global consensus of bad IPs.

Our vision is that once the CrowdSec community is large enough, we will all generate, in real-time, the most accurate IP reputation database available. This global reputation engine, coupled with local behavior assessment and remediation, should allow many businesses to achieve tighter security at a very low cost.
Link: https://linuxsecurity.com/features/features/introducing-crowdsec?rss