NS8 / Crowdsec settings in GUI

Shadowfire · February 20, 2025, 7:29am

Looking in the CrowdSec Doc’s -

https://docs.nethserver.org/projects/ns8/en/latest/crowdsec.html#configuration

It’s probably me, but in the above ns8 crowdsec doc / github don’t really go into detail to explain setup on the GUI side.

So when I look at the following, I have questions -

I number the items I have questions.

Lets take item 1 - Email recipients for notifications

-There is no real explanation of what email recipients should be used. I am guessing that I can have different people’s email addresses. This would be like and alert email address, admin address, or so one who manages the security for NS8.

So for instance I would put - admin@example.com or info@example.com or I could put both or more?

Item 2 - Allow list of CIDR, IP and fully qualified domain name ( No ban will occur for members of this list)

So what would be examples or a thought process of what CIDR, IP or FQDN. that I would place in this area, Do I need to worry about putting in the IP address for the NS8? Like if I had an on-prem NS8 and my network is 192.168.77.0 and my NS8 was at 192.168.77.25, I would add 192.168.77.25, or does Crowdsec already account for the IP of NS8/IP adddress Crowdsec is on? Do I have to put in the FQDN of my NS8 as well? or is it already counted for by Crowdsec because its running on NS8? Could you give me a example of CIDR, IP and fully qualified domain name that would be relavant to add to this item.

Item 3 - Enroll this CrowdSec instance (says the token must be retrieved from the website)

I realize that I have to go to Crowdsec and setup and account at - https://app.crowdsec.net/

No specifics on to go and retrieve the token on the website. (I see you can do it in the CLI, but is it still doable and how in the GUI?)

Can anyone show me on the Crowdsec site you get the token to put in to item 3 location.

Item 4 - Helo_host

Would this be like mail.example.com? When is an example of when this is needed? Does this have to be done with Webtop or Sogo NS8 setups?
Any background on this would be great too…

I appreciate any feedback on this.

Andy_Wismer · February 20, 2025, 7:49am

Hi @Shadowfire

For item 1, I read as follows: “Enter an email address per line”.
This is clear english to me, one e-mail per line, as many as you want or need:

Eg

security@example.com
my-fat-poop@example.com

Whatever…

Item 2:
AFAIK, you do not need to put in NS8 in any form (IP, DNS Name, FQDN, whatever…).

An Example:

A network printer, when printing triggers something in Croudsec.
You know it prints
It has a static IP AND no gateway or DNS entered (It can’t reach the Internet!).
So why bear with not important reports in Croudsec?

As to items 3 and 4 I can’t say much (yet).

My 2 cents
Andy

mrmarkuz · February 20, 2025, 11:17am

On the CrowdSec page go to Security Engines/Engines:

Add security engine:

Get the code and insert it in the NS8 UI:

EDIT:

From the tooltip text:

This might be needed to properly receive email notifications. If your antispam system adds score due to default ‘localhost’ Helo name, you can set a specific Helo FQDN here

I entered the node FQDN. It does not affect other apps like Webtop or Sogo.

EDIT2:

The helo host (in this example node.example.com) is used as sending domain like the crowdsec mails are sent by crowdsec@node.example.com

Background:
Usually the hosts FQDN is used as helo host but in the crowdsec container the hostname is localhost which may cause issues with spamfilters.

Shadowfire · February 23, 2025, 9:07am

Thanks for the walk through. I think this was helpful for me. I believe it will be helpful for others as well.

Thanks!

steve · February 4, 2026, 10:29am

Hi,

I installed Crowdsec on NS8. During setup, the following message appears on the Crowdsec console:

This suggests that the Security Engine should be updated, but I can’t find where or how to do this.

Can anyone help?

Thank you for your help

mrmarkuz · February 4, 2026, 10:43am

It will be updated with the next release of the ns8-crowdsec app.

steve · February 4, 2026, 2:18pm

@mrmarkuz thank you for your answer. I thought the update had to be done via the Crowdsec command line. Of course, I’m patiently waiting for the update.

After the installation and the settings recommended in the forum, some default rules were installed and are working. These can be viewed as Scenarios and Alarms related to their operation.

However, these do not protect everything on the NS8 and unfortunately I am not familiar with them, but I think rules should be installed for protection. How can I navigate between them and what should be installed and configured?

This image is shown at the bottom left of the Crowdsec console:

According to this, it seems like I haven’t completed the setup completely, it shows status 2/4. What could be the reason, can it be fixed or is it irrelevant in this case?

Thanks for the help

mrmarkuz · February 4, 2026, 2:25pm

Without the web console you already get a similar protection against brute force attacks like fail2ban did in NS7.

For sure you can enable additional blocklists in the web console. IIRC you can just select a few of the free blocklists when using the free plan so it depends on what exactly you want to block.