{"id":40394344,"url":"https://github.com/jgeek00/crowdsec-opencloud-collection","last_synced_at":"2026-01-20T13:02:21.496Z","repository":{"id":333339012,"uuid":"1136953005","full_name":"JGeek00/crowdsec-opencloud-collection","owner":"JGeek00","description":"OpenCloud collection to detect bruteforce attacks with Crowdsec","archived":false,"fork":false,"pushed_at":"2026-01-18T17:02:58.000Z","size":6,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-19T01:17:26.074Z","etag":null,"topics":["crowdsec","crowdsec-parser","opencloud"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JGeek00.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-18T16:51:49.000Z","updated_at":"2026-01-18T17:04:25.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/JGeek00/crowdsec-opencloud-collection","commit_stats":null,"previous_names":["jgeek00/crowdsec-opencloud-collection"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/JGeek00/crowdsec-opencloud-collection","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JGeek00%2Fcrowdsec-opencloud-collection","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JGeek00%2Fcrowdsec-opencloud-collection/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JGeek00%2Fcrowdsec-opencloud-collection/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JGeek00%2Fcrowdsec-opencloud-collection/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JGeek00","download_url":"https://codeload.github.com/JGeek00/crowdsec-opencloud-collection/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JGeek00%2Fcrowdsec-opencloud-collection/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28603405,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-20T12:01:53.233Z","status":"ssl_error","status_checked_at":"2026-01-20T12:01:46.545Z","response_time":117,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crowdsec","crowdsec-parser","opencloud"],"created_at":"2026-01-20T13:02:20.270Z","updated_at":"2026-01-20T13:02:21.482Z","avatar_url":"https://github.com/JGeek00.png","language":null,"readme":"# CrowdSec OpenCloud Collection\n\n![CrowdSec](https://img.shields.io/badge/CrowdSec-Collection-blue)\n![License](https://img.shields.io/badge/license-MIT-green)\n\nA CrowdSec collection to detect and prevent bruteforce attacks against OpenCloud authentication.\n\n## ๐Ÿ“‹ Description\n\nThis collection provides comprehensive protection against authentication bruteforce attacks targeting OpenCloud installations. It detects: \n\n- **Classic bruteforce attacks**: Multiple failed authentication attempts from a single IP\n- **User enumeration**: Attempts to discover valid users/endpoints\n- **Distributed bruteforce**: Coordinated attacks from multiple IPs\n\n## ๐Ÿš€ Installation\n\n### From CrowdSec Hub (when published)\n\n```bash\nsudo cscli collections install jgeek00/opencloud\n```\n\n### Manual Installation\n\n```bash\n# Clone the repository\ngit clone https://github.com/jgeek00/crowdsec-opencloud-collection.git\ncd crowdsec-opencloud-collection\n\n# Copy files to CrowdSec directories\nsudo cp -r parsers/* /etc/crowdsec/parsers/\nsudo cp -r scenarios/* /etc/crowdsec/scenarios/\nsudo cp -r collections/* /etc/crowdsec/collections/\n\n# Restart CrowdSec\nsudo systemctl restart crowdsec\n```\n\n## โš™๏ธ Configuration\n\n### Configure log acquisition\n\nAdd to your `/etc/crowdsec/acquis.yaml`:\n\n```yaml\n---\nfilenames:\n - /var/log/opencloud/*.log\n - /path/to/your/opencloud.log\nlabels:\n type: opencloud\n```\n\n### Restart CrowdSec\n\n```bash\nsudo systemctl restart crowdsec\n```\n\n## ๐Ÿ“Š Scenarios Included\n\n### jgeek00/opencloud-bf\nDetects classic bruteforce attacks: \n- **Trigger**: 5 failed auth attempts from the same IP in 100 seconds\n- **Action**: Ban IP for 1 minute\n- **MITRE ATT\u0026CK**: T1110 (Brute Force)\n\n### jgeek00/opencloud-bf_user-enum\nDetects user enumeration attempts:\n- **Trigger**: 5 different endpoints accessed from the same IP in 50 seconds\n- **Action**: Ban IP for 1 minute\n- **MITRE ATT\u0026CK**: T1589 (Gather Victim Identity Information)\n\n### jgeek00/opencloud-bf_distributed\nDetects distributed bruteforce attacks: \n- **Trigger**: 10 different IPs attacking the same endpoint in 300 seconds\n- **Action**: Ban all IPs for 5 minutes\n- **MITRE ATT\u0026CK**: T1110 (Brute Force)\n\n## ๐Ÿงช Testing\n\n### Verify installation\n\n```bash\n# Check parsers\nsudo cscli parsers list | grep jgeek00\n\n# Check scenarios\nsudo cscli scenarios list | grep jgeek00\n\n# View metrics\nsudo cscli metrics\n```\n\n## ๐Ÿ“ Log Format\n\nThe parser expects OpenCloud logs in JSON format: \n\n```json\n{\n \"level\": \"error\",\n \"service\": \"proxy\",\n \"error\": \"failed to verify access token: token signature is invalid: crypto/rsa: verification error\",\n \"authenticator\": \"oidc\",\n \"path\": \"/api/v0/settings/roles-list\",\n \"user_agent\": \"Mozilla/5.0...\",\n \"client.address\": \"95.127.180.157\",\n \"time\": \"2026-01-18T16:25:36Z\",\n \"message\": \"failed to authenticate the request\"\n}\n```\n\n## ๐Ÿ”ง Customization\n\n### Adjust sensitivity\n\nEdit `/etc/crowdsec/scenarios/jgeek00/opencloud-bf.yaml`:\n\n```yaml\n# More strict (ban after 3 attempts)\ncapacity: 3\nleakspeed: \"10s\"\n\n# More permissive (ban after 10 attempts)\ncapacity: 10\nleakspeed: \"30s\"\n```\n\n### Change ban duration\n\n```yaml\n# Ban for 1 hour\nblackhole: 1h\n\n# Ban for 24 hours\nblackhole: 24h\n```\n\n## ๐Ÿ“„ License\n\nMIT License - see LICENSE file for details\n\n## ๐Ÿ”— Links\n\n- [CrowdSec Hub](https://hub.crowdsec.net)\n- [CrowdSec Documentation](https://docs.crowdsec.net)\n- [MITRE ATT\u0026CK Framework](https://attack.mitre.org)\n\n---\n\n**Author**: JGeek00 \n**Version**: 1.0.0 \n**Last Updated**: 2026-01-18","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjgeek00%2Fcrowdsec-opencloud-collection","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjgeek00%2Fcrowdsec-opencloud-collection","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjgeek00%2Fcrowdsec-opencloud-collection/lists"}