Installation Linux
Before getting started it is advised to read the prerequisites page to understand the requirements for running CrowdSec.
Repository Installation
The CrowdSec repository contains the latest stable version of CrowdSec and is the recommended way to install our packages.
We are using packagecloud.io service.
While curl | sudo shell
can be convenient for some, alternative installation methods are available.
curl -s https://install.crowdsec.net | sudo sh
Manual Repository Installation
If you prefer to manually add the repository, you can do so by following the instructions below.
Manual Repository Installation
- Deb
- RPM
Begin by refreshing your package cache by running
sudo apt update
If you are running Debian, install debian-archive-keyring so that official Debian repositories will be verified (Ubuntu users can skip this)
sudo apt install debian-archive-keyring
Ensure the required tools (curl, gpg, apt-transport-https) are installed before proceeding:
sudo apt install -y curl gnupg apt-transport-https
In order to install a deb repo, first you need to install the GPG key that used to sign repository metadata. This will change depending on whether or not your apt version is >= v.1.1. You can check this by running:
apt -v
For apt version >= v1.1:
(Equivalent to or later than Debian/Raspbian Stretch, Ubuntu Xenial, Linux Mint Sarah, Elementary OS Loki)
Create the directory to import the GPG key: From apt v2.4.0,
/etc/apt/keyrings/
is the designated directory for administrator imported keys. We will be using that for the following instructions, but you can replace/etc/apt/keyrings/
with any path of your choosing. If you need to create the directory, run:Then add the GPG key:mkdir -p /etc/apt/keyrings/
Create a file namedcurl -fsSL https://packagecloud.io/crowdsec/crowdsec/gpgkey | gpg --dearmor > /etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg
/etc/apt/sources.list.d/crowdsec_crowdsec.list
that contains the repository configuration below.deb [signed-by=/etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg] https://packagecloud.io/crowdsec/crowdsec/any any main deb-src [signed-by=/etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg] https://packagecloud.io/crowdsec/crowdsec/any any main
For apt version < v1.1:
(Equivalent to or older than Debian/Raspbian Jessie, Ubuntu Wily, Linux Mint Rosa, Elementary OS Freya)
Add the GPG key:
Create a file namedcurl -fsSL https://packagecloud.io/crowdsec/crowdsec/gpgkey | gpg --dearmor > /etc/apt/trusted.gpg.d/crowdsec_crowdsec.gpg
/etc/apt/sources.list.d/crowdsec_crowdsec.list
that contains the repository configuration below.deb https://packagecloud.io/crowdsec/crowdsec/any any main deb-src https://packagecloud.io/crowdsec/crowdsec/any any main
Run this command update your local APT cache:
sudo apt update
You can now install packages from your repository.
Install pygpgme, a package which allows yum to handle gpg signatures, and a package called yum-utils which contains the tools you need for installing source RPMs.
sudo yum install pygpgme yum-utils
You may need to install the EPEL repository for your system to install these packages. If you do not install pygpgme, GPG verification will not work.
Create a file named /etc/yum.repos.d/crowdsec_crowdsec.repo that contains the repository configuration below.
Make sure to replace el
and 6
in the config below with your Linux distribution and version:
[crowdsec_crowdsec]
name=crowdsec_crowdsec
baseurl=https://packagecloud.io/crowdsec/crowdsec/el/6/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://packagecloud.io/crowdsec/crowdsec/gpgkey
https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-EDE2C695EC9A5A5C.pub.gpg
https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-C822EDD6B39954A1.pub.gpg
https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=3600
[crowdsec_crowdsec-source]
name=crowdsec_crowdsec-source
baseurl=https://packagecloud.io/crowdsec/crowdsec/el/6/SRPMS
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://packagecloud.io/crowdsec/crowdsec/gpgkey
https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-EDE2C695EC9A5A5C.pub.gpg
https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-C822EDD6B39954A1.pub.gpg
https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=3600
Update your local yum cache by running
sudo yum -q makecache -y --disablerepo='*' --enablerepo='crowdsec_crowdsec'
You can now install packages from your repository.
Install Security Engine
Once the repository is added, you can install the Security Engine via:
- Debian/Ubuntu
- EL/Centos7/Amzn Linux 2
- EL/Centos Stream 8
- SUSE Linux
- OpenWRT
- CloudLinux
apt install crowdsec
yum install crowdsec
dnf install crowdsec
zypper install crowdsec
opkg install crowdsec
yum install crowdsec
Install Remediation Component
Security Engine by itself is a detection engine, it will not block anything. You need to install a Remediation Component to enforce decisions
For the quick start guide we will be installing the iptables firewall Remediation Component. (This may not be optimal for your environment, please refer to the Remediation Documentation for more information)
IPTables
- Debian/Ubuntu
- RHEL/Centos/Fedora
- SUSE Linux
sudo apt install crowdsec-firewall-bouncer-iptables
sudo yum install crowdsec-firewall-bouncer-iptables
sudo zypper install crowdsec-firewall-bouncer-iptables
Next Steps?
Great, you now have CrowdSec installed on your system. Within the post installation steps you will find the next steps to configure and optimize your installation.