Linux
For those that prefer hands-on approach, you can as well manually install crowdsec.
Install our repositories
Installing our repositories allows you to access the latest packages of the Security Engine and Remediation Components.
We are using packagecloud.io service.
While curl | sudo bash can be convenient for some, alternative installation methods are available.
- Debian/Ubuntu
- EL/Centos7
- EL/Centos Stream 8
- Amzn Linux 2
- OpenWRT
- CloudLinux
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash
OpenWRT packages are available in the official repositories.
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | os=el dist=7 sudo bash
Install the Security Engine
Before installing the package, you might want to check the ports that will be used.
- Debian/Ubuntu
- EL/Centos7
- EL/Centos Stream 8
- Amzn Linux 2
- OpenWRT
- CloudLinux
apt install crowdsec
yum install crowdsec
dnf install crowdsec
yum install crowdsec
opkg install crowdsec
yum install crowdsec
You now have the Security Engine running ! You can move forward and install a remediation component, or take a tour of the software beforehand !
Directories:
- The application lives in the folder
\etc\crowdsecusing less than 0.5 MBytes of storage. - The data is stored in the folder
\lib\crowdsec\dataand needs around 97 MBytes of storage.
Keep in mind that a CrowdSec package is only in charge of the "detection", and won't block anything on its own. You need to deploy a Remediation Component to enforce decisions.
Install a Remediation Component
While we're suggesting to install the firewall remediation component it may not be best suited for your setup.
Please refer to remediation components section about different components we have.
- Debian/Ubuntu
- EL/Fedora/Centos7
- EL/Fedora/Centos8
- Amzn Linux 2
- OpenWRT
- CloudLinux
apt install crowdsec-firewall-bouncer-iptables
yum install crowdsec-firewall-bouncer-iptables
dnf install crowdsec-firewall-bouncer-iptables
yum install crowdsec-firewall-bouncer-iptables
opkg install crowdsec-firewall-bouncer
yum install crowdsec-firewall-bouncer-iptables
Running CrowdSec on Raspberry Pi OS/Raspbian
Please keep in mind that Raspberry Pi OS is designed to work on all Raspberry Pi versions. Even if the port target is known as armhf, it's not exactly the same target as the debian named armhf port.
The best way to have a CrowdSec version for such an architecture is to do:
- install golang (all versions from 1.20 will do)
export GOARCH=armexport CGO=1- Update the GOARCH variable in the Makefile to
arm - install the arm gcc cross compiler (On debian the package is gcc-arm-linux-gnueabihf)
- Compile CrowdSec using the usual
makecommand
