github-com-docker-mailserver/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00
Code Issues Projects Releases Wiki Activity

docs: add a new example explaining how to integrate crowdsec with (#3651)

Browse source
This commit is contained in:
Jean-Kevin KPADEY 2023-11-25 11:02:42 +01:00 committed by GitHub
parent 7d1fcb75d7
commit cedd360ebd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 75 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

74
docs/content/examples/tutorials/crowdsec.md Normal file
View file

@ -0,0 +1,74 @@
---
title: 'Tutorials | Crowdsec'
---
!!! quote "What is Crowdsec?"
Crowdsec is an open source software that detects and blocks attackers using log analysis.
It has access to a global community-wide IP reputation database.
[Source](https://www.crowdsec.net)
## Installation
Crowdsec supports multiple [installation methods][crowdsec-installation-docs], however this page will use the docker installation.
### Docker mailserver
In your `compose.yaml` for the DMS service, add a bind mount volume for `/var/log/mail`. This is to share the DMS logs to a separate crowdsec container.
!!! example
```yaml
services:
mailserver:
- /docker-data/dms/mail-logs/:/var/log/mail/
```
### Crowdsec
The crowdsec container should also bind mount the same host path for the DMS logs that was added in the DMS example above.
```yaml
services:
image: crowdsecurity/crowdsec
restart: unless-stopped
ports:
- "8080:8080"
- "6060:6060"
volumes:
- /docker-data/dms/mail-logs/:/var/log/dms:ro
- ./acquis.d:/etc/crowdsec/acquis.d
- crowdsec-db:/var/lib/crowdsec/data/
environment:
# These collection contains parsers and scenarios for postfix and dovecot
COLLECTIONS: crowdsecurity/postfix crowdsecurity/dovecot
TZ: Europe/Paris
volumes:
crowdsec-db:
```
## Configuration
Configure crowdsec to read and parse DMS logs file.
!!! example
Create the file `dms.yml` in `./acquis.d/`
```yaml
---
source: file
filenames:
- /var/log/dms/mail.log
labels:
type: syslog
```
!!! warning Bouncers
Crowdsec on its own is just a detection software, the remediation is done by components called bouncers.
This page does not explain how to install or configure a bouncer. It can be found in [crowdsec documentation][crowdsec-bouncer-docs].
[crowdsec-installation-docs]: https://doc.crowdsec.net/docs/getting_started/install_crowdsec
[crowdsec-bouncer-docs]: https://doc.crowdsec.net/docs/bouncers/intro

1
docs/mkdocs.yml
View file

@ -157,6 +157,7 @@ nav:
- 'Tutorials': - 'Tutorials':
- 'Basic Installation': examples/tutorials/basic-installation.md - 'Basic Installation': examples/tutorials/basic-installation.md
- 'Mailserver behind Proxy': examples/tutorials/mailserver-behind-proxy.md - 'Mailserver behind Proxy': examples/tutorials/mailserver-behind-proxy.md
- 'Crowdsec': examples/tutorials/crowdsec.md
- 'Building your own Docker image': examples/tutorials/docker-build.md - 'Building your own Docker image': examples/tutorials/docker-build.md
- 'Blog Posts': examples/tutorials/blog-posts.md - 'Blog Posts': examples/tutorials/blog-posts.md
- 'Use Cases': - 'Use Cases':