Bouncers & Machines management¶
Crowdsec is composed of different components that communicate via a local API. To access this API, the various components (crowdsec agent, cscli and bouncers) need to be authenticated.
Info
This documentation should be relevant mostly for administrators that would like to setup distributed architectures. Single machine setup users can likely skip this part.
There are two kind of access to the local api :
machines
: it's a login/password authentication used by cscli and crowdsec-agent, this one allows to post, get and delete decisions and alerts.bouncers
: it's a token authentication used by bouncers to query the decisions, and only allows to perform get on decisions and alerts.
Bouncers authentication¶
Warning
The cscli bouncers
command interacts directly with the database (bouncers add and delete are not implemented in the API), and thus it must have the correct database configuration.
$ sudo cscli bouncers list
You can view the registered bouncers with list
, as well as add or delete them :
$ sudo cscli bouncers add mybouncersname
Api key for 'mybouncersname':
23........b5a0c
Please keep this key since will not be able to retrive it!
$ sudo cscli bouncers delete mybouncersname
The API KEY must be kept and given to the bouncers.
cscli bouncers example
$ sudo cscli bouncers add mybouncersname
Api key for 'mybouncersname':
23........b5a0c
Please keep this key since will not be able to retrive it!
$ sudo cscli bouncers list
-----------------------------------------------------------------------------
NAME IP ADDRESS VALID LAST API PULL TYPE VERSION
-----------------------------------------------------------------------------
mybouncersname ✔️ 2020-11-01T11:45:05+01:00
-----------------------------------------------------------------------------
$ sudo cscli bouncers add jlkqweq
Api key for 'jlkqweq':
a7........efdc9c
Please keep this key since will not be able to retrive it!
$ sudo cscli bouncers delete mybouncersname
$ sudo cscli bouncers list
----------------------------------------------------------------------
NAME IP ADDRESS VALID LAST API PULL TYPE VERSION
----------------------------------------------------------------------
jlkqweq ✔️ 2020-11-01T11:49:32+01:00
----------------------------------------------------------------------
Machines authentication¶
Warning
The cscli machines
command interacts directly with the database (machines add and delete are not implemented in the API), and thus it must have the correct database configuration.
$ cscli machines list
You can view the registered machines with list
, as well as add or delete them :
$ sudo cscli machines add mytestmachine -a
INFO[0004] Machine 'mytestmachine' created successfully
INFO[0004] API credentials dumped to '/etc/crowdsec/local_api_credentials.yaml'
$ sudo cscli machines delete 82929df7ee394b73b81252fe3b4e5020
cscli machines example
$ sudo cscli machines list
----------------------------------------------------------------------------------------------------------------------------------
NAME IP ADDRESS LAST UPDATE STATUS VERSION
----------------------------------------------------------------------------------------------------------------------------------
82929df7ee394b73b81252fe3b4e5020 127.0.0.1 2020-10-31T14:06:32+01:00 ✔️ v0.3.6-3d6ce33908409f2a830af6551a7f5e37f2a4728f
----------------------------------------------------------------------------------------------------------------------------------
$ sudo cscli machines add -m mytestmachine -a
INFO[0004] Machine 'mytestmachine' created successfully
INFO[0004] API credentials dumped to '/etc/crowdsec/local_api_credentials.yaml'
$ sudo cscli machines list
----------------------------------------------------------------------------------------------------------------------------------
NAME IP ADDRESS LAST UPDATE STATUS VERSION
----------------------------------------------------------------------------------------------------------------------------------
82929df7ee394b73b81252fe3b4e5020 127.0.0.1 2020-10-31T14:06:32+01:00 ✔️ v0.3.6-3d6ce33908409f2a830af6551a7f5e37f2a4728f
mytestmachine 127.0.0.1 2020-11-01T11:37:19+01:00 ✔️ v0.3.6-6a18458badf8ae5fed8d5f1bb96fc7a59c96163c
----------------------------------------------------------------------------------------------------------------------------------
$ sudo cscli machines delete -m 82929df7ee394b73b81252fe3b4e5020
$ sudo cscli machines list
---------------------------------------------------------------------------------------------------------
NAME IP ADDRESS LAST UPDATE STATUS VERSION
---------------------------------------------------------------------------------------------------------
mytestmachine 127.0.0.1 2020-11-01T11:37:19+01:00 ✔️ v0.3.6-6a18458badf8ae5fed8d5f1bb96fc7a59c96163c
---------------------------------------------------------------------------------------------------------