CrowdSec on Ubuntu 24.04 LTS by cloudimg - the open-source (MIT) collaborative IDS/IPS. The Security Engine parses your journal and SSH logs, detects brute-force with the bundled crowdsecurity/linux + sshd collections, and the iptables firewall bouncer bans attackers out of the box. Loopback-only Local API. 24/7 cloudimg support.
## CrowdSec on Ubuntu 24.04 LTS by cloudimg
CrowdSec is an open-source (MIT) collaborative intrusion detection and prevention system. Its Security Engine parses local logs (the systemd journal, SSH/auth activity), runs behavioural scenarios to detect aggressive behaviour such as SSH brute-force, and ships decisions to bouncers that enforce bans. The cloudimg image installs CrowdSec 1.7.8 from the official repository with the agent, the cscli CLI, the crowdsecurity/linux and crowdsecurity/sshd collections, and the iptables firewall bouncer so the appliance actively bans attackers out of the box. The Local API binds loopback only, and a per-VM machine credential is rotated on first boot. Backed by 24/7 expert support.
Collaborative IDS/IPS
The Security Engine parses your journal and SSH/auth logs, runs behavioural scenarios (SSH brute-force and more), and the iptables firewall bouncer enforces bans automatically. Extend it with more collections from the CrowdSec Hub.
Safe By Default
The Local API (LAPI) binds to 127.0.0.1:8080 only and is never exposed publicly. Loopback + RFC1918 management ranges are whitelisted and an editable admin whitelist ships so operators do not lock themselves out. A per-VM Local API machine credential is rotated on first boot.
Why Choose cloudimg?
* 24/7 Expert Support with guaranteed 24 hour response. Contact support@cloudimg.co.uk
* Production Ready from Launch Pre configured, security patched, and validated before publication
* Azure Native Integration Built with Azure Linux Agent, cloud init, and Gen2 Hyper V
What is Included
* CrowdSec 1.7.8 Security Engine (crowdsec.service) and the cscli management CLI
* Local API bound to 127.0.0.1:8080 with a /health endpoint
* The crowdsecurity/linux and crowdsecurity/sshd collections (journal parsing + SSH brute-force scenarios)
* The crowdsec-firewall-bouncer-iptables bouncer that enforces bans
* A per-VM Local API machine credential rotated on first boot, with loopback + RFC1918 whitelisted
Use Cases
SSH brute-force protection, host intrusion detection and prevention, log-based threat detection, and a self-hosted, collaborative alternative to fail2ban.
Keep your NSG limited to 22/tcp from trusted networks.
Visit www.cloudimg.co.uk/guides/crowdsec-on-ubuntu-24-04-azure for the full user guide.
CrowdSec is a trademark of CrowdSec SAS; this image is maintained by cloudimg and is not affiliated with or endorsed by CrowdSec SAS. All trademarks are the property of their respective holders.