Component inclusion: crowdsec-unifi-suite (one-command CrowdSec + UniFi stack installer) #1725
Description
Hello,
I would like to request inclusion of crowdsec-unifi-suite on the CrowdSec Hub.
Repository Info
- Source repository: https://github.com/wolffcatskyy/crowdsec-unifi-suite
- License: MIT (to be added before merge)
- Current status: Early release — functional installer, no versioned release yet
- Language: Shell
- Releases: Initial release planned shortly
What It Does
crowdsec-unifi-suite is a one-command installer that deploys the complete CrowdSec security stack on UniFi OS devices (UDM Pro, UDM SE, UDR, UCG Ultra). It orchestrates the installation and configuration of four complementary components into a cohesive defense-in-depth pipeline:
Detect → Decide → Enforce
| Stage | Component | Function |
|---|---|---|
| Detect | crowdsec-unifi-parser | Parse UniFi firewall logs for CrowdSec analysis |
| Decide | CrowdSec Engine | Apply scenarios, check community blocklists |
| Enforce | crowdsec-unifi-bouncer | Push ban decisions to UniFi firewall rules |
| Prioritize | bouncer sidecar | Score and filter decisions to fit device ipset capacity |
| Augment | crowdsec-blocklist-import | Import external threat intel (AbuseIPDB, Spamhaus, etc.) |
Category Note
This is a meta-installer/integration tool rather than a single remediation component. It ties together components that are (or will be) individually listed on the Hub. I'm happy for the CrowdSec team to categorize it as appropriate — "integration", "installer", or any other category that fits.
Documentation
- README: https://github.com/wolffcatskyy/crowdsec-unifi-suite/blob/main/README.md
- Covers installation, device compatibility, what gets installed (core and optional components), and per-component configuration
Features
One-Command Install
curl -sSL https://raw.githubusercontent.com/wolffcatskyy/crowdsec-unifi-suite/main/install.sh | bashDevice Compatibility
- UDM Pro / UDM SE / UDM Pro Max (arm64) — primary targets
- UDR (arm64) — tested
- UCG Ultra / Cloud Gateway Max (arm64) — experimental
- Requires UniFi OS 3.x+ with SSH access
What It Automates
- CrowdSec engine installation (if not already present)
- UniFi parser installation and configuration for UniFi log formats
- UniFi bouncer installation and firewall rule management
- Optional: sidecar proxy for decision capping on capacity-limited devices
- Optional: blocklist-import for external threat intelligence feeds
Defense-in-Depth Approach
Complements UniFi's built-in IDS/IPS: UniFi handles real-time inline traffic inspection, CrowdSec handles proactive blocking from global community threat intelligence (200K+ shared signals).
Short Description
One-command installer for the complete CrowdSec + UniFi security stack — deploys parser, bouncer, and optional blocklist-import on UDM/UDR/UCG devices
Social Preview Image
Not yet set on the repository.
Releases
No versioned release yet — initial release planned shortly after Hub review feedback is incorporated.