CrowdSec: An Innovative Open-Source Massively Multiplayer Firewall for Linux

CrowdSec is a massively multiplayer firewall designed to protect Linux servers, services, containers, or virtual machines exposed on the Internet with a server-side agent. It was inspired by Fail2Ban and aims to be a modernized, collaborative version of that intrusion-prevention tool.

CrowdSec is free and open-source (under an MIT License), with the source code available on GitHub. It is using a behavior analysis system to qualify whether someone is trying to hack you, based on your logs. If your agent detects such aggression, the offending IP is then dealt with and sent for curation. If this signal passes the curation process, the IP is then redistributed to all users sharing a similar technological profile to “immunize” them against this IP.

The goal is to leverage the crowd power to create a real-time IP reputation database. As for the IP that aggressed your machine, you can choose to remedy the threat in any manner you feel appropriate. Ultimately, CrowdSec leverages the power of the crowd to create an extremely accurate IP reputation system that benefits all its users.

It was clear to the founders that open source was going to be one of the main pillars of CrowdSec. First because they have been working on open source projects for decades. They didn’t just jump on the train. They are strong open source believers. Second because the crowd is key to the mass hacking plague and Open Source is the best lever to create a community and have people bring their knowledge to contribute to the project and make it better.

The solution recently turned 1.x, introducing a major architectural change: the introduction of a local REST API.