Looking in the CrowdSec Doc’s -
https://docs.nethserver.org/projects/ns8/en/latest/crowdsec.html#configuration
It’s probably me, but in the above ns8 crowdsec doc / github don’t really go into detail to explain setup on the GUI side.
So when I look at the following, I have questions -
I number the items I have questions.
Lets take item 1 - Email recipients for notifications
-There is no real explanation of what email recipients should be used. I am guessing that I can have different people’s email addresses. This would be like and alert email address, admin address, or so one who manages the security for NS8.
So for instance I would put - admin@example.com or info@example.com or I could put both or more?
Item 2 - Allow list of CIDR, IP and fully qualified domain name ( No ban will occur for members of this list)
So what would be examples or a thought process of what CIDR, IP or FQDN. that I would place in this area, Do I need to worry about putting in the IP address for the NS8? Like if I had an on-prem NS8 and my network is 192.168.77.0 and my NS8 was at 192.168.77.25, I would add 192.168.77.25, or does Crowdsec already account for the IP of NS8/IP adddress Crowdsec is on? Do I have to put in the FQDN of my NS8 as well? or is it already counted for by Crowdsec because its running on NS8? Could you give me a example of CIDR, IP and fully qualified domain name that would be relavant to add to this item.
Item 3 - Enroll this CrowdSec instance (says the token must be retrieved from the website)
I realize that I have to go to Crowdsec and setup and account at - https://app.crowdsec.net/
No specifics on to go and retrieve the token on the website. (I see you can do it in the CLI, but is it still doable and how in the GUI?)
Can anyone show me on the Crowdsec site you get the token to put in to item 3 location.
Item 4 - Helo_host
Would this be like mail.example.com? When is an example of when this is needed? Does this have to be done with Webtop or Sogo NS8 setups?
Any background on this would be great too…
I appreciate any feedback on this.