Couple questioins

Eyecu

1) Has anyone used crowdsec on an openpanel server and if so how did it work. any issues noted?
2) Whats the upgrade path for OS's My current setup that I am looking to move from is stuck at debian 10 which is not longer supported. I don't wanted to be stuck without an upgrade path again in the near future.
3) Been looking around reading, but haven't found it yet, what mailserver does openpanel use. Postfix or exim?

Thanks
Eyecu

stefan

Eyecu

Not that I know of, this is the 2nd time I've heard of it and have never used it. If anyone has, please share

On roadmap we have both replication and clusterion options. So in a case where os can not be updated, for any reason, you will be able to easily replicate it on another server with newer or even different OS. Because of containerization, there Is very little os-related stuff that Is needed for OpenPanel, so in the future any OS that can run docker or lcx will work.

Postfix will be used.

Eyecu

Thank you for the reply stefan, i've been looking at crowdsec a lot lately as it seems like a very good security option and is lightweight. Just seems like a no brainer to me to protect things. I think when I'm ready to make the move to open panel within the next few days I think, ill be setting up crowdsec and will definitely give some feed back here on it for others.
Also good to know about the replication and clusterion options gives me some peace of mind!.

So far from what I've read, seen and your responses in a timely manner I am very impressed with your product. Good job sir!

mendozal

I use Crowdsec in all my servers. In the most basic level it's a fail2ban replacement with crowd sourced and more intelligent event detection.

You basically feed it logs and it parses, analizes, enriches and correlates the data. And if it determines there's a threat it blocks the IP using ipset. There are also other remediation components.

When I tested it with open panel I could only analize ssh events. I could not configure the nginx, apache or LiteSpeed parsers since I didn't know where these logs were located in order to feed them to Crowdsec.

It also has the ability to read these logs from the docker container if the logs are available when doing docker compose logs. For example I'm reading postfix and dovecot logs in a mailcow instance by doing:

docker compose logs postfix-mailcow

And Crowdsec has the ability to read and parse them and detect various mail related threads.

I wish I had more expertise on all these things to explain it better. And also the language barrier is not helping.

I believe it would be very positive to have Crowdsec working in with open panel. Or at least have the logs more centrally available for Crowdsec to ingest.