Skip to main content

Installation Linux

Before getting started it is advised to read the prerequisites page to understand the requirements for running CrowdSec.

Repository Installation

The CrowdSec repository contains the latest stable version of CrowdSec and is the recommended way to install our packages.

info

We are using packagecloud.io service. While curl | sudo shell can be convenient for some, alternative installation methods are available.

curl -s https://install.crowdsec.net | sudo sh

Manual Repository Installation

If you prefer to manually add the repository, you can do so by following the instructions below.

Manual Repository Installation

Begin by refreshing your package cache by running

sudo apt update

If you are running Debian, install debian-archive-keyring so that official Debian repositories will be verified (Ubuntu users can skip this)

sudo apt install debian-archive-keyring

Ensure the required tools (curl, gpg, apt-transport-https) are installed before proceeding:

sudo apt install -y curl gnupg apt-transport-https

In order to install a deb repo, first you need to install the GPG key that used to sign repository metadata. This will change depending on whether or not your apt version is >= v.1.1. You can check this by running:

apt -v

For apt version >= v1.1:

(Equivalent to or later than Debian/Raspbian Stretch, Ubuntu Xenial, Linux Mint Sarah, Elementary OS Loki)

Create the directory to import the GPG key: From apt v2.4.0, /etc/apt/keyrings/ is the designated directory for administrator imported keys. We will be using that for the following instructions, but you can replace /etc/apt/keyrings/ with any path of your choosing. If you need to create the directory, run:

mkdir -p /etc/apt/keyrings/
Then add the GPG key:

curl -fsSL https://packagecloud.io/crowdsec/crowdsec/gpgkey | gpg --dearmor > /etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg
Create a file named /etc/apt/sources.list.d/crowdsec_crowdsec.list that contains the repository configuration below.

deb [signed-by=/etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg] https://packagecloud.io/crowdsec/crowdsec/any any main
deb-src [signed-by=/etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg] https://packagecloud.io/crowdsec/crowdsec/any any main

For apt version < v1.1:

(Equivalent to or older than Debian/Raspbian Jessie, Ubuntu Wily, Linux Mint Rosa, Elementary OS Freya)

Add the GPG key:

curl -fsSL https://packagecloud.io/crowdsec/crowdsec/gpgkey | gpg --dearmor > /etc/apt/trusted.gpg.d/crowdsec_crowdsec.gpg
Create a file named /etc/apt/sources.list.d/crowdsec_crowdsec.list that contains the repository configuration below.

deb https://packagecloud.io/crowdsec/crowdsec/any any main
deb-src https://packagecloud.io/crowdsec/crowdsec/any any main

Run this command update your local APT cache:

sudo apt update

You can now install packages from your repository.

Install Security Engine

Once the repository is added, you can install the Security Engine via:

apt install crowdsec

Install Remediation Component

warning

Security Engine by itself is a detection engine, it will not block anything. You need to install a Remediation Component to enforce decisions

For the quick start guide we will be installing the iptables firewall Remediation Component. (This may not be optimal for your environment, please refer to the Remediation Documentation for more information)

IPTables

sudo apt install crowdsec-firewall-bouncer-iptables

Next Steps?

Great, you now have CrowdSec installed on your system. Within the post installation steps you will find the next steps to configure and optimize your installation.

CrowdSec ConsoleCrowdSec Console