[SOLVED] Having trouble getting crowdsec service to start

MAYBL8 · 2025-04-08 12:48:44

First I want to say I know enough to be dangerous.
I went through the wiki for installing and that seemed to work just fine.
Here is what I am getting. I need some help processing the error messages.
Thanks

[demo@mail mailcow-dockerized]$ sudo systemctl enable crowdsec.service
Created symlink '/etc/systemd/system/multi-user.target.wants/crowdsec.service' → '/usr/lib/systemd/system/crowdsec.service'.

[demo@mail mailcow-dockerized]$ sudo systemctl start crowdsec.service
Job for crowdsec.service failed because the control process exited with error code.
See "systemctl status crowdsec.service" and "journalctl -xeu crowdsec.service" for details.

[demo@mail mailcow-dockerized]$ sudo systemctl reload crowdsec
crowdsec.service is not active, cannot reload.

[demo@mail mailcow-dockerized]$ sudo systemctl stop crowdsec.service
[demo@mail mailcow-dockerized]$ sudo systemctl enable crowdsec.service
[demo@mail mailcow-dockerized]$ sudo systemctl start crowdsec.service
Job for crowdsec.service failed because the control process exited with error code.
See "systemctl status crowdsec.service" and "journalctl -xeu crowdsec.service" for details.

[demo@mail mailcow-dockerized]$ sudo systemctl status crowdsec.service
● crowdsec.service - Crowdsec agent
     Loaded: loaded (/usr/lib/systemd/system/crowdsec.service; enabled; preset: disabled)
     Active: activating (auto-restart) (Result: exit-code) since Tue 2025-04-08 08:07:43 EDT; 40s ago
 Invocation: 99cba10c7221463fa024c9a9c050c14f
    Process: 1414336 ExecStartPre=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml -t -error (code=exited, status=1/FAILURE)
   Mem peak: 242.1M
        CPU: 2.420s

[demo@mail mailcow-dockerized]$ journalctl -xeu crowdsec.service
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ The unit crowdsec.service has entered the 'failed' state with result 'exit-code'.
Apr 08 08:08:46 mail systemd[1]: Failed to start Crowdsec agent.
░░ Subject: A start job for unit crowdsec.service has failed
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit crowdsec.service has finished with a failure.
░░
░░ The job identifier is 10726 and the job result is failed.
Apr 08 08:08:46 mail systemd[1]: crowdsec.service: Consumed 2.388s CPU time, 238.2M memory peak.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ The unit crowdsec.service completed and consumed the indicated resources.

Last edited by MAYBL8 (2025-04-14 12:24:25)

xerxes_ · 2025-04-08 16:11:10

Post full output of commands after you try to start that service:

sudo journalctl -b
sudo systemctl list-units | grep crowdsec
sudo systemctl cat crowdsec.service
sudo systemctl show crowdsec.service
sudo systemctl list-dependencies crowdsec.service
sudo systemctl reset-failed crowdsec.service
sudo systemctl try-reload-or-restart crowdsec.service
sudo systemctl help crowdsec.service

Is it in package from main Arch repo or from elsewhere?

Last edited by xerxes_ (2025-04-08 16:18:26)

MAYBL8 · 2025-04-08 17:57:10

After trying to post all of that I get:

The following errors need to be corrected before the message can be posted:

Posts cannot be longer than 1,048,576 bytes.

mackin_cheese · 2025-04-08 18:20:00

You forgot to answer the question "Is it in package from main Arch repo or from elsewhere?"

xerxes_ · 2025-04-08 18:23:36

You may send longer output to some site and post links here, like this:

sudo journalctl -b | curl -F 'file=@-' 0x0.st

MAYBL8 · 2025-04-08 18:56:31

Sorry couldn't find it in main , installed from AUR

getting info now.

journal
http://0x0.st/8_64.txt

[root@mail mailcow-dockerized]# sudo systemctl list-units | grep crowdsec
● crowdsec-firewall-bouncer.service                                                                     loaded activating auto-restart The firewall bouncer for CrowdSec
● crowdsec.service                                                                                      loaded activating auto-restart Crowdsec agent

root@mail mailcow-dockerized]# sudo systemctl cat crowdsec.service
# /usr/lib/systemd/system/crowdsec.service
[Unit]
Description=Crowdsec agent
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
Type=notify
Environment=LC_ALL=C LANG=C
ExecStartPre=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml -t -error
ExecStart=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml
#ExecStartPost=/bin/sleep 0.1
ExecReload=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml -t -error
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
RestartSec=60

[Install]
WantedBy=multi-user.target

[root@mail mailcow-dockerized]# sudo systemctl show crowdsec.service
Type=notify
ExitType=main
Restart=always
RestartMode=normal
NotifyAccess=main
RestartUSec=1min
RestartSteps=0
RestartMaxDelayUSec=infinity
RestartUSecNext=1min
TimeoutStartUSec=1min 30s
TimeoutStopUSec=1min 30s
TimeoutAbortUSec=1min 30s
TimeoutStartFailureMode=terminate
TimeoutStopFailureMode=terminate
RuntimeMaxUSec=infinity
RuntimeRandomizedExtraUSec=0
WatchdogUSec=0
WatchdogTimestampMonotonic=0
RootDirectoryStartOnly=no
RemainAfterExit=no
GuessMainPID=yes
MainPID=0
ControlPID=0
FileDescriptorStoreMax=0
NFileDescriptorStore=0
FileDescriptorStorePreserve=restart
StatusErrno=0
Result=exit-code
ReloadResult=success
CleanResult=success
LiveMountResult=success
UID=[not set]
GID=[not set]
NRestarts=296
OOMPolicy=stop
ReloadSignal=1
ExecMainStartTimestampMonotonic=0
ExecMainExitTimestampMonotonic=0
ExecMainHandoffTimestampMonotonic=0
ExecMainPID=0
ExecMainCode=0
ExecMainStatus=0
ExecStartPre={ path=/usr/bin/crowdsec ; argv[]=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml -t -error ; ignore_errors=no ; start_time=[Tue 2025-04-08 13:50:17 EDT] ; >
ExecStartPreEx={ path=/usr/bin/crowdsec ; argv[]=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml -t -error ; flags= ; start_time=[Tue 2025-04-08 13:50:17 EDT] ; stop_tim>
ExecStart={ path=/usr/bin/crowdsec ; argv[]=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null)>
ExecStartEx={ path=/usr/bin/crowdsec ; argv[]=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; statu>
ExecReload={ path=/usr/bin/crowdsec ; argv[]=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml -t -error ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; >
ExecReload={ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }
ExecReloadEx={ path=/usr/bin/crowdsec ; argv[]=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml -t -error ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(nu>
ExecReloadEx={ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }
Slice=system.slice
ControlGroupId=153758
MemoryCurrent=[not set]
MemoryPeak=257572864
MemorySwapCurrent=[not set]
MemorySwapPeak=0
MemoryZSwapCurrent=[not set]
MemoryAvailable=25582174208
EffectiveMemoryMax=33517797376
EffectiveMemoryHigh=33517797376
CPUUsageNSec=2363022000
TasksCurrent=[not set]
EffectiveTasksMax=38332
IPIngressBytes=[no data]
IPIngressPackets=[no data]
IPEgressBytes=[no data]
IPEgressPackets=[no data]
IOReadBytes=[not set]
IOReadOperations=[not set]
IOWriteBytes=[not set]
IOWriteOperations=[not set]
Delegate=no
CPUAccounting=yes
CPUWeight=[not set]
StartupCPUWeight=[not set]
CPUShares=[not set]
StartupCPUShares=[not set]
CPUQuotaPerSecUSec=infinity
CPUQuotaPeriodUSec=infinity
IOAccounting=no
IOWeight=[not set]
StartupIOWeight=[not set]
BlockIOAccounting=no
BlockIOWeight=[not set]
StartupBlockIOWeight=[not set]
MemoryAccounting=yes
DefaultMemoryLow=0
DefaultStartupMemoryLow=0
DefaultMemoryMin=0
MemoryMin=0
MemoryLow=0
StartupMemoryLow=0
MemoryHigh=infinity
StartupMemoryHigh=infinity
MemoryMax=infinity
StartupMemoryMax=infinity
MemorySwapMax=infinity
StartupMemorySwapMax=infinity
MemoryZSwapMax=infinity
StartupMemoryZSwapMax=infinity
MemoryZSwapWriteback=yes
MemoryLimit=infinity
DevicePolicy=auto
TasksAccounting=yes
TasksMax=38332
IPAccounting=no
ManagedOOMSwap=auto
ManagedOOMMemoryPressure=auto
ManagedOOMMemoryPressureLimit=0
ManagedOOMMemoryPressureDurationUSec=[not set]
ManagedOOMPreference=none
MemoryPressureWatch=auto
MemoryPressureThresholdUSec=200ms
CoredumpReceive=no
Environment=LC_ALL=C LANG=C
UMask=0022
LimitCPU=infinity
LimitCPUSoft=infinity
LimitFSIZE=infinity
LimitFSIZESoft=infinity
LimitDATA=infinity
LimitDATASoft=infinity
LimitSTACK=infinity
LimitSTACKSoft=8388608
LimitCORE=infinity
LimitCORESoft=infinity
LimitRSS=infinity
LimitRSSSoft=infinity
LimitNOFILE=524288
LimitNOFILESoft=1024
LimitAS=infinity
LimitASSoft=infinity
LimitNPROC=127775
LimitNPROCSoft=127775
LimitMEMLOCK=8388608
LimitMEMLOCKSoft=8388608
LimitLOCKS=infinity
LimitLOCKSSoft=infinity
LimitSIGPENDING=127775
LimitSIGPENDINGSoft=127775
LimitMSGQUEUE=819200
LimitMSGQUEUESoft=819200
LimitNICE=0
LimitNICESoft=0
LimitRTPRIO=0
LimitRTPRIOSoft=0
LimitRTTIME=infinity
LimitRTTIMESoft=infinity
RootEphemeral=no
OOMScoreAdjust=0
CoredumpFilter=0x33
Nice=0
IOSchedulingClass=2
IOSchedulingPriority=4
CPUSchedulingPolicy=0
CPUSchedulingPriority=0
CPUAffinityFromNUMA=no
NUMAPolicy=n/a
TimerSlackNSec=50000
CPUSchedulingResetOnFork=no
NonBlocking=no
StandardInput=null
StandardOutput=journal
StandardError=inherit
TTYReset=no
TTYVHangup=no
TTYVTDisallocate=no
SyslogPriority=30
SyslogLevelPrefix=yes
SyslogLevel=6
SyslogFacility=3
LogLevelMax=-1
LogRateLimitIntervalUSec=0
LogRateLimitBurst=0
SecureBits=0
CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_s>
DynamicUser=no
SetLoginEnvironment=no
RemoveIPC=no
PrivateTmp=no
PrivateTmpEx=no
PrivateDevices=no
ProtectClock=no
ProtectKernelTunables=no
ProtectKernelModules=no
ProtectKernelLogs=no
ProtectControlGroups=no
ProtectControlGroupsEx=no
PrivateNetwork=no
PrivateUsers=no
PrivateUsersEx=no
PrivateMounts=no
PrivateIPC=no
PrivatePIDs=no
ProtectHome=no
ProtectSystem=no
SameProcessGroup=no
UtmpMode=init
IgnoreSIGPIPE=yes
NoNewPrivileges=no
SystemCallErrorNumber=2147483646
LockPersonality=no
RuntimeDirectoryPreserve=no
RuntimeDirectoryMode=0755
StateDirectoryMode=0755
CacheDirectoryMode=0755
LogsDirectoryMode=0755
ConfigurationDirectoryMode=0755
TimeoutCleanUSec=infinity
MemoryDenyWriteExecute=no
RestrictRealtime=no
RestrictSUIDSGID=no
RestrictNamespaces=no
MountAPIVFS=no
BindLogSockets=no
KeyringMode=private
ProtectProc=default
ProcSubset=all
ProtectHostname=no
MemoryKSM=no
RootImagePolicy=root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotect>
MountImagePolicy=root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotec>
ExtensionImagePolicy=root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unpr>
KillMode=control-group
KillSignal=15
RestartKillSignal=15
FinalKillSignal=9
SendSIGKILL=yes
SendSIGHUP=no
WatchdogSignal=6
Id=crowdsec.service
Names=crowdsec.service
Requires=system.slice sysinit.target
WantedBy=multi-user.target
Conflicts=shutdown.target
Before=multi-user.target shutdown.target crowdsec-firewall-bouncer.service
After=syslog.target systemd-journald.socket nss-lookup.target network.target basic.target system.slice remote-fs.target sysinit.target
Description=Crowdsec agent
LoadState=loaded
ActiveState=activating
FreezerState=running
SubState=auto-restart
FragmentPath=/usr/lib/systemd/system/crowdsec.service
UnitFileState=enabled
UnitFilePreset=disabled
StateChangeTimestamp=Tue 2025-04-08 13:50:20 EDT
StateChangeTimestampMonotonic=107937679160
InactiveExitTimestamp=Tue 2025-04-08 13:50:20 EDT
InactiveExitTimestampMonotonic=107937679160
ActiveEnterTimestampMonotonic=0
ActiveExitTimestampMonotonic=0
InactiveEnterTimestamp=Tue 2025-04-08 13:50:20 EDT
InactiveEnterTimestampMonotonic=107937678631
CanStart=yes
CanStop=yes
CanReload=yes
CanIsolate=no
CanFreeze=yes
CanLiveMount=no
StopWhenUnneeded=no
RefuseManualStart=no
RefuseManualStop=no
AllowIsolate=no
DefaultDependencies=yes
SurviveFinalKillSignal=no
OnSuccessJobMode=fail
OnFailureJobMode=replace
IgnoreOnIsolate=no
NeedDaemonReload=no
JobTimeoutUSec=infinity
JobRunningTimeoutUSec=infinity
JobTimeoutAction=none
ConditionResult=yes
AssertResult=yes
ConditionTimestamp=Tue 2025-04-08 08:36:22 EDT
ConditionTimestampMonotonic=89099320666
AssertTimestamp=Tue 2025-04-08 08:36:22 EDT
AssertTimestampMonotonic=89099320669
Transient=no
Perpetual=no
StartLimitIntervalUSec=10s
StartLimitBurst=5
StartLimitAction=none
FailureAction=none
SuccessAction=none
InvocationID=e1b6e0c529194ec4a8c755ac5873624c
CollectMode=inactive
DebugInvocation=no

[root@mail mailcow-dockerized]# sudo systemctl list-dependencies crowdsec.service
crowdsec.service
● ├─system.slice
● └─sysinit.target
●   ├─dev-hugepages.mount
●   ├─dev-mqueue.mount
●   ├─kmod-static-nodes.service
●   ├─ldconfig.service
●   ├─lvm2-lvmpolld.socket
●   ├─lvm2-monitor.service
●   ├─proc-sys-fs-binfmt_misc.automount
●   ├─sys-fs-fuse-connections.mount
●   ├─sys-kernel-config.mount
●   ├─sys-kernel-debug.mount
●   ├─sys-kernel-tracing.mount
●   ├─systemd-ask-password-console.path
○   ├─systemd-binfmt.service
○   ├─systemd-boot-random-seed.service
○   ├─systemd-firstboot.service
○   ├─systemd-hibernate-clear.service
○   ├─systemd-hwdb-update.service
●   ├─systemd-journal-catalog-update.service
●   ├─systemd-journal-flush.service
●   ├─systemd-journald.service
○   ├─systemd-machine-id-commit.service
●   ├─systemd-modules-load.service
○   ├─systemd-pcrmachine.service
○   ├─systemd-pcrphase-sysinit.service
○   ├─systemd-pcrphase.service
●   ├─systemd-random-seed.service
○   ├─systemd-repart.service
●   ├─systemd-sysctl.service
●   ├─systemd-sysusers.service
●   ├─systemd-timesyncd.service
●   ├─systemd-tmpfiles-setup-dev-early.service
●   ├─systemd-tmpfiles-setup-dev.service
●   ├─systemd-tmpfiles-setup.service
○   ├─systemd-tpm2-setup-early.service
○   ├─systemd-tpm2-setup.service
●   ├─systemd-udev-trigger.service
●   ├─systemd-udevd.service
●   ├─systemd-update-done.service
●   ├─systemd-update-utmp.service
●   ├─cryptsetup.target
●   ├─integritysetup.target
●   ├─local-fs.target
●   │ ├─-.mount
●   │ ├─home.mount
○   │ ├─systemd-fsck-root.service
●   │ ├─systemd-remount-fs.service
●   │ └─tmp.mount
○   ├─swap.target
○   │ └─dev-disk-by\x2duuid-af44da39\x2d5edf\x2d4a16\x2db147\x2d5ec69630affe.swap
●   └─veritysetup.target

root@mail mailcow-dockerized]# sudo systemctl reset-failed crowdsec.service

[root@mail mailcow-dockerized]# sudo systemctl try-reload-or-restart crowdsec.service

[root@mail mailcow-dockerized]# sudo systemctl help crowdsec.service
Documentation for crowdsec.service not known.

Last edited by MAYBL8 (2025-04-08 18:58:56)

mackin_cheese · 2025-04-08 19:08:48

did you install the git version or the bin version?

MAYBL8 · 2025-04-08 19:14:51

1 aur/crowdsec 1.6.8-1 (+21 0.59) (Installed)

mackin_cheese · 2025-04-08 19:20:06

did you also install cs-firewall-bouncer?

MAYBL8 · 2025-04-08 20:22:04

6 aur/crowdsec-firewall-bouncer-iptables 0.0.31-3 (+2 0.57) (Installed)

mackin_cheese · 2025-04-08 20:39:11

and forgive me but this is a dumb question that I have to ask. What are you using as your firewall service?

MAYBL8 · 2025-04-08 20:56:12

That is not a dumb question.
The answer is a little tricky. On this computer I am just using iptables.
My router is a TP-Link Deco mesh system that is behind the ISP modem.
Not a specific hardware or software firewall.

WorMzy · 2025-04-08 22:18:42

Mod note: moving to AUR Issues.

Lone_Wolf · 2025-04-09 13:42:09

Apr 08 07:50:54 mail crowdsec-firewall-bouncer[1394820]: time="2025-04-08T07:50:54-04:00" level=fatal msg="process terminated with error: bouncer stream halted"
Apr 08 07:50:54 mail systemd[1]: crowdsec-firewall-bouncer.service: Main process exited, code=exited, status=1/FAILURE
Apr 08 07:50:54 mail systemd[1]: crowdsec-firewall-bouncer.service: Failed with result 'exit-code'.

What is the content of crowdsec-firewall-bouncer.service: ?

MAYBL8 · 2025-04-09 14:01:08

[Unit]
Description=The firewall bouncer for CrowdSec
After=syslog.target network.target remote-fs.target nss-lookup.target crowdsec.service

[Service]
Type=notify
ExecStart=/usr/bin/crowdsec-firewall-bouncer -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
ExecStartPre=/usr/bin/crowdsec-firewall-bouncer -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml -t
ExecStartPost=/bin/sleep 0.1
Restart=always
RestartSec=10
LimitNOFILE=65536
# don't send a termination signal to the children processes,
# because the iptables backend needs to run ipset multiple times to properly shutdown
KillMode=mixed

Lone_Wolf · 2025-04-09 15:18:35

Try running (from a root terminal)

# /usr/bin/crowdsec-firewall-bouncer -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml -t
# /usr/bin/crowdsec-firewall-bouncer -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml

manually and post the output they give.

MAYBL8 · 2025-04-09 16:09:15

[root@mail multi-user.target.wants]# /usr/bin/crowdsec-firewall-bouncer -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml -t
[root@mail multi-user.target.wants]#
[root@mail multi-user.target.wants]#
[root@mail multi-user.target.wants]#
[root@mail multi-user.target.wants]#  /usr/bin/crowdsec-firewall-bouncer -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml
time="2025-04-09T12:08:30-04:00" level=fatal msg="process terminated with error: bouncer stream halted"

Lone_Wolf · 2025-04-10 08:04:35

Is there more info in dmesg / journal ?

What does iptables -V output ?

Last edited by Lone_Wolf (2025-04-10 08:05:20)

MAYBL8 · 2025-04-10 11:00:00

I posted link to journal above.

dmesg returns nothing:

[root@mail multi-user.target.wants]# dmesg | grep crowdsec
[root@mail multi-user.target.wants]#
[root@mail multi-user.target.wants]# iptables -V
iptables v1.8.11 (legacy)
[

xerxes_ · 2025-04-10 16:59:35

Check your locale setup (to be UTF-8) and network setup, also for docker.

MAYBL8 · 2025-04-10 17:28:35

Locale.conf

LANG=en_US.UTF-8
LC_ADDRESS=en_US.UTF-8
LC_IDENTIFICATION=en_US.UTF-8
LC_MEASUREMENT=en_US.UTF-8
LC_MONETARY=en_US.UTF-8
LC_NAME=en_US.UTF-8
LC_NUMERIC=en_US.UTF-8
LC_PAPER=en_US.UTF-8
LC_TELEPHONE=en_US.UTF-8
LC_TIME=en_US.UTF-8

What network info do you want me check?

Again with Docker I have installed it to run my Mail server but I have not done much with it to find the info you want.
If you could point me to where I need to look I will get the info you want.
Sorry

xerxes_ · 2025-04-10 18:47:33

Post output of that command to check if you don't setup too much services for network:

find /etc/systemd -type l -exec test -f {} \; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f

MAYBL8 · 2025-04-10 20:09:42

[root@mail multi-user.target.wants]# find /etc/systemd -type l -exec test -f {} \; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f
avahi-daemon.service                     | multi-user.target.wants
avahi-daemon.socket                      | sockets.target.wants
cockpit.socket                           | sockets.target.wants
cronie.service                           | multi-user.target.wants
crowdsec-firewall-bouncer.service        | multi-user.target.wants
crowdsec.service                         | multi-user.target.wants
dbus-org.freedesktop.Avahi.service       | system
dbus-org.freedesktop.nm-dispatcher.service | system
dbus-org.freedesktop.timesync1.service   | system
default.target                           | system
display-manager.service                  | system
docker.service                           | multi-user.target.wants
gcr-ssh-agent.socket                     | sockets.target.wants
getty@tty1.service                       | getty.target.wants
grafana.service                          | multi-user.target.wants
ipset.service                            | multi-user.target.wants
iptables.service                         | multi-user.target.wants
NetworkManager-wait-online.service       | network-online.target.wants
NetworkManager.service                   | multi-user.target.wants
p11-kit-server.socket                    | sockets.target.wants
paccache.timer                           | multi-user.target.wants
pipewire-pulse.socket                    | sockets.target.wants
pipewire-session-manager.service         | user
pipewire.socket                          | sockets.target.wants
remote-fs.target                         | multi-user.target.wants
rustdesk.service                         | multi-user.target.wants
systemd-timesyncd.service                | sysinit.target.wants
tailscaled.service                       | multi-user.target.wants
wireplumber.service                      | pipewire.service.wants
xdg-user-dirs-update.service             | default.target.wants

Lone_Wolf · 2025-04-11 09:39:05

Docker is known to install its own set of firewall rules, try disabling/removing docker temporarily .

MAYBL8 · 2025-04-11 11:42:58

You are kinda correct here.
However this server is running a Mailcow email server and they have their own iptables rules as shown below.
uninstalling Docker scares me . I don't want to break this server right now.
You probably won't help me fix it if this action breaks it. You will tell me to go get help from Mailcow and I don't want to go down that path. I see days of down time.
At this point I would rather do without crowdsec if it involves removing a main component of the server. You see Mailcow doesn't support Arch Linux due to being a rolling release . I would be sure you understand that. It has been working fine for me for at least a year now. Not sure exactly when I installed it but it should be close to a year without any issues.
Well here is the iptables I am running as of today.

[root@mail multi-user.target.wants]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
MAILCOW    all  --  0.0.0.0/0            0.0.0.0/0
ts-input   all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP)
target     prot opt source               destination
MAILCOW    all  --  0.0.0.0/0            0.0.0.0/0
DOCKER-USER  all  --  0.0.0.0/0            0.0.0.0/0
DOCKER-FORWARD  all  --  0.0.0.0/0            0.0.0.0/0
ts-forward  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (2 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            172.22.1.250         tcp dpt:12345
ACCEPT     tcp  --  0.0.0.0/0            172.22.1.250         tcp dpt:4190
ACCEPT     tcp  --  0.0.0.0/0            172.22.1.250         tcp dpt:995
ACCEPT     tcp  --  0.0.0.0/0            172.22.1.250         tcp dpt:993
ACCEPT     tcp  --  0.0.0.0/0            172.22.1.250         tcp dpt:143
ACCEPT     tcp  --  0.0.0.0/0            172.22.1.250         tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            172.22.1.11          tcp dpt:3306
ACCEPT     tcp  --  0.0.0.0/0            172.22.1.253         tcp dpt:587
ACCEPT     tcp  --  0.0.0.0/0            172.22.1.253         tcp dpt:465
ACCEPT     tcp  --  0.0.0.0/0            172.22.1.253         tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            172.22.1.249         tcp dpt:6379
ACCEPT     tcp  --  0.0.0.0/0            172.22.1.9           tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            172.22.1.9           tcp dpt:80
DROP       all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain DOCKER-BRIDGE (1 references)
target     prot opt source               destination
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0

Chain DOCKER-CT (1 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED

Chain DOCKER-FORWARD (1 references)
target     prot opt source               destination
DOCKER-CT  all  --  0.0.0.0/0            0.0.0.0/0
DOCKER-ISOLATION-STAGE-1  all  --  0.0.0.0/0            0.0.0.0/0
DOCKER-BRIDGE  all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  0.0.0.0/0            0.0.0.0/0
DOCKER-ISOLATION-STAGE-2  all  --  0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain MAILCOW (2 references)
target     prot opt source               destination
REJECT     all  --  69.123.219.82        0.0.0.0/0            reject-with icmp-port-unreachable
LOG        all  --  0.0.0.0/0            0.0.0.0/0            match-set abuseipdb_blacklist_v4 src LOG flags 0 level 4 prefix "MAILCOW-DROP: "
DROP       all  --  0.0.0.0/0            0.0.0.0/0            match-set abuseipdb_blacklist_v4 src
REJECT     all  --  62.148.6.46          0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  65.20.204.34         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  65.20.153.169        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  24.131.254.182       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  68.39.171.124        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  65.20.213.111        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  180.158.100.49       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  73.13.220.220        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  12.150.243.18        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  73.50.13.166         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  69.121.199.203       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  65.20.251.110        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  102.53.15.180        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  166.195.197.32       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  31.14.20.78          0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  196.191.212.238      0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  65.20.167.184        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  185.207.214.234      0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  87.103.126.54        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  71.57.213.159        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  73.173.151.120       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  129.224.201.45       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  73.138.56.10         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  67.242.117.151       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  73.199.86.87         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  80.15.223.148        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  65.20.147.45         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  223.245.216.17       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  220.92.25.189        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  180.188.253.150      0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  41.220.3.101         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  122.187.228.248      0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  65.20.157.227        0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  86.101.129.155       0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  207.188.157.230      0.0.0.0/0            reject-with icmp-port-unreachable
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 3306,6379,8983,12345

Chain ts-forward (1 references)
target     prot opt source               destination
MARK       all  --  0.0.0.0/0            0.0.0.0/0            MARK xset 0x40000/0xff0000
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            mark match 0x40000/0xff0000
DROP       all  --  100.64.0.0/10        0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain ts-input (1 references)
target     prot opt source               destination
ACCEPT     all  --  100.75.47.103        0.0.0.0/0
RETURN     all  --  100.115.92.0/23      0.0.0.0/0
DROP       all  --  100.64.0.0/10        0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:41641

I do appreciate all the help you and others have given me so far. I think I will do a little more research on this before I proceed.
Thanks

So from looking at this error:

ob for crowdsec.service failed because the control process exited with error code.
See "systemctl status crowdsec.service" and "journalctl -xeu crowdsec.service" for details.
[root@mail multi-user.target.wants]# systemctl status crowdsec.service
● crowdsec.service - Crowdsec agent
     Loaded: loaded (/usr/lib/systemd/system/crowdsec.service; enabled; preset: disabled)
     Active: activating (auto-restart) (Result: exit-code) since Fri 2025-04-11 08:11:18 EDT; 53s ago
 Invocation: 3322acb3b8764fceab5c6eff43b70eab
    Process: 2197755 ExecStartPre=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml -t -error (code=exited, status=1/FAILURE)
   Mem peak: 243.8M
        CPU: 2.634s

It looks like it doesn't like something in this file: /etc/crowdsec/config.yaml

common:
  daemonize: true
  log_media: file
  log_level: info
  log_dir: /var/log/
  log_max_size: 20
  compress_logs: true
  log_max_files: 10
config_paths:
  config_dir: /etc/crowdsec/
  data_dir: /var/lib/crowdsec/data/
  simulation_path: /etc/crowdsec/simulation.yaml
  hub_dir: /etc/crowdsec/hub/
  index_path: /etc/crowdsec/hub/.index.json
  notification_dir: /etc/crowdsec/notifications/
  plugin_dir: /usr/lib/crowdsec/plugins/
crowdsec_service:
  #console_context_path: /etc/crowdsec/console/context.yaml
  acquisition_path: /etc/crowdsec/acquis.yaml
  acquisition_dir: /etc/crowdsec/acquis.d
  parser_routines: 1
cscli:
  output: human
  color: auto
db_config:
  log_level: info
  type: sqlite
  db_path: /var/lib/crowdsec/data/crowdsec.db
  #max_open_conns: 100
  #user:
  #password:
  #db_name:
  #host:
  #port:
  flush:
    max_items: 5000
    max_age: 7d
plugin_config:
  user: nobody # plugin process would be ran on behalf of this user
  group: nogroup # plugin process would be ran on behalf of this group
api:
  client:
    insecure_skip_verify: false
    credentials_path: /etc/crowdsec/local_api_credentials.yaml
  server:
    log_level: info
    listen_uri: 127.0.0.1:8080
    profiles_path: /etc/crowdsec/profiles.yaml
    console_path: /etc/crowdsec/console.yaml
    online_client: # Central API credentials (to push signals and receive bad IPs)
      credentials_path: /etc/crowdsec/online_api_credentials.yaml
    trusted_ips: # IP ranges, or IPs which can have admin API access
      - 127.0.0.1
      - ::1
#    tls:
#      cert_file: /etc/crowdsec/ssl/cert.pem
#      key_file: /etc/crowdsec/ssl/key.pem
prometheus:
  enabled: true
  level: full
  listen_addr: 127.0.0.1
  listen_port: 6060

This might be over my head but I will try to disect what is going on here.
Thanks

In the crowdsec log I see this:

time="2025-04-11T08:26:14-04:00" level=fatal msg="crowdsec init: while loading acquisition config: failed to parse /etc/crowdsec/acquis.yaml: yaml: unmarshal errors:\n  line 20: field labels already set in type configuration.DataSourceCommonCfg"

You guys can close this thread. After trying to troubleshoot this , I found it was way too complicated for me to figure out. I have uninstalled crowdsec. If I learn more about how crowdsec and Mailcow dockerized can work together in the future I might try this again.
Thanks to all of those who tried to help me.

Last edited by MAYBL8 (2025-04-12 12:26:53)

Arch Linux

#1 2025-04-08 12:48:44

[SOLVED] Having trouble getting crowdsec service to start

#2 2025-04-08 16:11:10

Re: [SOLVED] Having trouble getting crowdsec service to start

#3 2025-04-08 17:57:10

Re: [SOLVED] Having trouble getting crowdsec service to start

#4 2025-04-08 18:20:00

Re: [SOLVED] Having trouble getting crowdsec service to start

#5 2025-04-08 18:23:36

Re: [SOLVED] Having trouble getting crowdsec service to start

#6 2025-04-08 18:56:31

Re: [SOLVED] Having trouble getting crowdsec service to start

#7 2025-04-08 19:08:48

Re: [SOLVED] Having trouble getting crowdsec service to start

#8 2025-04-08 19:14:51

Re: [SOLVED] Having trouble getting crowdsec service to start

#9 2025-04-08 19:20:06

Re: [SOLVED] Having trouble getting crowdsec service to start

#10 2025-04-08 20:22:04

Re: [SOLVED] Having trouble getting crowdsec service to start

#11 2025-04-08 20:39:11

Re: [SOLVED] Having trouble getting crowdsec service to start

#12 2025-04-08 20:56:12

Re: [SOLVED] Having trouble getting crowdsec service to start

#13 2025-04-08 22:18:42

Re: [SOLVED] Having trouble getting crowdsec service to start

#14 2025-04-09 13:42:09

Re: [SOLVED] Having trouble getting crowdsec service to start

#15 2025-04-09 14:01:08

Re: [SOLVED] Having trouble getting crowdsec service to start

#16 2025-04-09 15:18:35

Re: [SOLVED] Having trouble getting crowdsec service to start

#17 2025-04-09 16:09:15

Re: [SOLVED] Having trouble getting crowdsec service to start

#18 2025-04-10 08:04:35

Re: [SOLVED] Having trouble getting crowdsec service to start

#19 2025-04-10 11:00:00

Re: [SOLVED] Having trouble getting crowdsec service to start

#20 2025-04-10 16:59:35

Re: [SOLVED] Having trouble getting crowdsec service to start

#21 2025-04-10 17:28:35

Re: [SOLVED] Having trouble getting crowdsec service to start

#22 2025-04-10 18:47:33

Re: [SOLVED] Having trouble getting crowdsec service to start

#23 2025-04-10 20:09:42

Re: [SOLVED] Having trouble getting crowdsec service to start

#24 2025-04-11 09:39:05

Re: [SOLVED] Having trouble getting crowdsec service to start

#25 2025-04-11 11:42:58

Re: [SOLVED] Having trouble getting crowdsec service to start

Board footer