Skip to content

Installation methods

On debian / ubuntu :

On RHEL / CentOS :

On FreeBSD :

Generic *nix & containers :

Required resources

Crowdsec agent itself is rather light, and in a small to medium setup should use less than 100Mb of memory. During intensive logs processing, CPU is going to be the most used resource, and memory usage shouldn't really grow.

However, running metabase (the dashboard deployed by cscli dashboard setup) requires 1-2Gb of RAM.

Install on debian using crowdsec repository

On debian and ubuntu, packages are hosted on packagecloud.io.

Crowdsec distributes their own pragmatic debian packages that closely follow the development stream (packages are automatically published on release), and are suitable for those that want to keep up with the latest changes of crowdsec.

setup the repository

Instructions for adding repositories to your machine can be found in packagecloud's installation docs :

curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash

If you're not fond of curl ... | sudo bash, follow instruction bellow :

  1. Retrieve the signing key
curl -L https://packagecloud.io/crowdsec/crowdsec/gpgkey | sudo apt-key add -

2.Install the apt-transport-https package in order to be able to fetch packages over HTTPS:

sudo apt-get install -y apt-transport-https
  1. Add the appropriate repository to your source.list

debian:

echo "deb https://packagecloud.io/crowdsec/crowdsec/debian/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/crowdsec.list > /dev/null

ubuntu:

echo "deb https://packagecloud.io/crowdsec/crowdsec/ubuntu/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/crowdsec.list > /dev/null

install crowdsec

The following debian suites / architectures are available :

Suite Architecture
bionic amd64, arm64
bullseye amd64, arm64
buster amd64, arm64
focal amd64, arm64
stretch amd64, arm64
xenial amd64, arm64

sudo apt-get update
sudo apt-get install crowdsec

Manually install the debian package

Fetch your package from the public repository, and install it manually :

sudo dpkg -i ./crowdsec_1.0.7-4_amd64.deb

Install using debian official packages

Crowdsec is available for bullseye & sid and can be installed simply :

sudo apt-get install crowdsec

Install on redhat/centos using crowdsec repository

On redhat and centos, packages are hosted on packagecloud.io.

Crowdsec distributes their own pragmatic debian packages that closely follow the development stream (packages are automatically published on release), and are suitable for those that want to keep up with the latest changes of crowdsec.

setup the repository

Instructions for adding repositories to your machine can be found in packagecloud's installation docs :

curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash

If you're not fond of curl ... | sudo bash, you can look at the manual method to directly add the appropriate .repo to your configuration.

install crowdsec

The following rhel/centos suites / architectures are available :

Suite Architecture
el/7 amd64
el/8 amd64, arm64
fedora/33 amd64, arm64
fedora/34 amd64, arm64
amazon linux/2 amd64, arm64

centos/8 and fedora/33 and fedora/34 :

dnf install crowdsec

older versions :

yum install crowdsec

Install on FreeBSD

Crowdsec is available on FreeBSD:

sudo pkg install crowdsec

The crowdsec firewall bouncer is available as well:

sudo pkg install crowdsec-firewall-bouncer

Install from the release tarball

Fetch crowdsec-agent's latest version here.

tar xvzf crowdsec-release.tgz
cd crowdsec-v1.X.X

A wizard is provided to help you deploy crowdsec-agent and cscli.

Using the interactive wizard

sudo ./wizard.sh -i

crowdsec

The wizard is going to guide you through the following steps :

  • detect services that are present on your machine
  • detect selected services logs
  • suggest collections (parsers and scenarios) to deploy
  • deploy & configure crowdsec-agent in order to watch selected logs for selected scenarios

The process should take less than a minute, please report if there are any issues.

You are then ready to take a tour of your freshly deployed crowdsec-agent !

Info

Keep in mind the crowdsec-agent is only in charge of the "detection", and won't block anything on its own. You need to deploy a bouncers to "apply" decisions.

Binary installation

you of little faith

sudo ./wizard.sh --bininstall

This will only deploy the binaries, and some extra installation steps need to be completed for the software to be functional :

  • sudo cscli hub update : update the hub index
  • sudo cscli machines add -a : register crowdsec to the local API
  • sudo cscli capi register : register to the central API
  • sudo cscli collections install crowdsecurity/linux : install essential configs (syslog parser, geoip enrichment, date parsers)
  • configure your sources in your acquisition : /etc/crowdsec/acquis.yaml

You can now start & enable the crowdsec service :

  • sudo systemctl start crowdsec
  • sudo systemctl enable crowdsec

Using the unattended wizard

If your setup is standard and you've walked through the default installation without issues, you can win some time in case you need to perform a new install : sudo ./wizard.sh --unattended

This mode will emulate the interactive mode of the wizard where you answer yes to everything and stick with the default options.

Install from source

Requirements

  • Go v1.13+
  • git clone https://github.com/crowdsecurity/crowdsec
  • jq

Go in crowdsec-agent folder and build the binaries :

cd crowdsec
make release

This will create you a directory (crowdsec-vXXX/) and an archive (crowdsec-release.tgz) that are release built from your local code source.

Now, you can install either with interactive wizard or the unattended mode.

Build docker image

Crowdsec provides a docker image and can simply built like this :

git clone https://github.com/crowdsecurity/crowdsec.git && cd crowdsec
docker build -t crowdsec .