Skip to main content

Installation Linux

Before getting started it is advised to read the prerequisites page to understand the requirements for running CrowdSec.

Repository Installation

The CrowdSec repository contains the latest stable version of CrowdSec and is the recommended way to install our packages.

info

We are using packagecloud.io service. While curl | sudo shell can be convenient for some, alternative installation methods are available.

curl -s https://install.crowdsec.net | sudo sh

Manual Repository Installation

If you prefer to manually add the repository, you can do so by following the instructions below.

Manual Repository Installation

Begin by refreshing your package cache by running

sudo apt update

If you are running Debian, install debian-archive-keyring so that official Debian repositories will be verified (Ubuntu users can skip this)

sudo apt install debian-archive-keyring

Ensure the required tools (curl, gpg, apt-transport-https) are installed before proceeding:

sudo apt install -y curl gnupg apt-transport-https

In order to install a deb repo, first you need to install the GPG key that used to sign repository metadata. This will change depending on whether or not your apt version is >= v.1.1. You can check this by running:

apt -v

For apt version >= v1.1:

(Equivalent to or later than Debian/Raspbian Stretch, Ubuntu Xenial, Linux Mint Sarah, Elementary OS Loki)

Create the directory to import the GPG key: From apt v2.4.0, /etc/apt/keyrings/ is the designated directory for administrator imported keys. We will be using that for the following instructions, but you can replace /etc/apt/keyrings/ with any path of your choosing. If you need to create the directory, run:

mkdir -p /etc/apt/keyrings/
Then add the GPG key:

curl -fsSL https://packagecloud.io/crowdsec/crowdsec/gpgkey | gpg --dearmor > /etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg
Create a file named /etc/apt/sources.list.d/crowdsec_crowdsec.list that contains the repository configuration below.

deb [signed-by=/etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg] https://packagecloud.io/crowdsec/crowdsec/any any main
deb-src [signed-by=/etc/apt/keyrings/crowdsec_crowdsec-archive-keyring.gpg] https://packagecloud.io/crowdsec/crowdsec/any any main

For apt version < v1.1:

(Equivalent to or older than Debian/Raspbian Jessie, Ubuntu Wily, Linux Mint Rosa, Elementary OS Freya)

Add the GPG key:

curl -fsSL https://packagecloud.io/crowdsec/crowdsec/gpgkey | gpg --dearmor > /etc/apt/trusted.gpg.d/crowdsec_crowdsec.gpg
Create a file named /etc/apt/sources.list.d/crowdsec_crowdsec.list that contains the repository configuration below.

deb https://packagecloud.io/crowdsec/crowdsec/any any main
deb-src https://packagecloud.io/crowdsec/crowdsec/any any main

Run this command update your local APT cache:

sudo apt update

You can now install packages from your repository.

Install Security Engine

Once the repository is added, you can install the Security Engine via:

apt install crowdsec
warning

If you are using ESM/Pro Ubuntu you will need to alter the package weights to get the latest version see below

ESM/Pro Ubuntu

Check the current package policy

To see which version of CrowdSec is currently available via APT:

apt-cache policy crowdsec

You may see output like the following:

crowdsec:
  Installed: (none)
  Candidate: 1.4.6-6ubuntu0.24.04.1+esm1
  Version table:
  ....

If the Candidate version shown is 1.4.6, this means the default priority favors the Ubuntu-provided package. To ensure we retrieve the latest version from our repository, we need to adjust the package pinning.

Set CrowdSec repository priority

Open the preferences file with:

sudo vim /etc/apt/preferences.d/crowdsec

Then add the following content:

Package: crowdsec
Pin: origin packagecloud.io
Pin-Priority: 600

After saving the file, refresh your local package cache:

sudo apt update

Once the cache has been updated, check the policy again to confirm that the latest version is now selected:

apt-cache policy crowdsec
crowdsec:
  Installed: 1.6.X
  Candidate: 1.6.X
  Version table:
  ...

Install Remediation Component

warning

Security Engine by itself is a detection engine, it will not block anything. You need to install a Remediation Component to enforce decisions

For the quick start guide we will be installing the iptables firewall Remediation Component. (This may not be optimal for your environment, please refer to the Remediation Documentation for more information)

IPTables

sudo apt install crowdsec-firewall-bouncer-iptables

Next Steps?

Great, you now have CrowdSec installed on your system. Within the post installation steps you will find the next steps to configure and optimize your installation.

CrowdSec ConsoleCrowdSec Console