Remediation Components
You may see Remediation Components referred to as "bouncers" in the documentation and/or within cscli commands.
Introduction
Remediation Components are software packages in charge of acting upon decision's provided by the Security Engine.
- nginx bouncer will check requester IP against the local API before granting or denying access.
- firewall bouncer will add IPs to nftables/ipset set.
- cloudflare bouncer will add IPs to the Cloudflare firewall.
- blocklist mirror will serve the blocklist to a appliance such as pfsense, fortinet, untangle via a http server.
Remediation Components interact with crowdsec's Local API to retrieve active decisions and remediate appropriately.
You can explore available remediation components on the hub.
For your remediation components to communicate with the local API, you have to generate an API token with cscli
and put it in the associated configuration file:
sudo cscli bouncers add testBouncer
Api key for 'testBouncer':
6dcfe93f18675265e905aef390330a35
Please keep this key since you will not be able to retrieve it!
This command must be run on the server where the local API is installed (or at least with a cscli that has valid credentials to communicate with the database used by the API). This is only necessary if you "manually" install a bouncer, packages and install scripts usually take care of this.
If you wish to create your own remediation component, look at this section of the local API documentation.