Skip to content

How To Setup CrowdSec on Debian

#debian

27/03/2023

:   Alexander

Information

CrowdSec is an open-source and powerful security tool that protects your infrastructure against cyber attacks and brute-force attempts. In this article, we will guide you through the process of setting up CrowdSec on Debian.

Step 1: Update the System

Before beginning the installation process of CrowdSec, you must first update your Debian system. This will ensure that you have the latest updates and dependencies required by CrowdSec.

To do this, open the terminal and run the following command: 

sudo apt update && sudo apt upgrade

Step 2: Install CrowdSec

After updating the system, the next step is to install CrowdSec on the Debian system. You can follow the steps below to install CrowdSec:

Add the CrowdSec repository to your Debian system. 

echo "deb https://dl.bintray.com/crowdsec/crowdsec-deb/ buster main" | sudo tee /etc/apt/sources.list.d/crowdsec.list
Install the key used for the CrowdSec repository. 
wget -O /tmp/cs-key.gpg https://bintray.com/user/downloadSubjectPublicKey?username=crowdsec

sudo apt-key add /tmp/cs-key.gpg
Update the system and install CrowdSec. 
sudo apt update && sudo apt install crowdsec

Step 3: Configure CrowdSec

After the installation process, you need to configure CrowdSec before you can use it on your system. You can do this by editing the configuration files located in the /etc/crowdsec directory.

Enable CrowdSec service and start it. 

sudo systemctl enable crowdsec && sudo systemctl start crowdsec
Check the status of CrowdSec service. 
sudo systemctl status crowdsec
Configure your desired profile by editing the configuration file. For example, to use the "ssh-bf" profile, run the following command: 
sudo cscli edit ssh-bf
Add your desired IP address to the whitelist. 
sudo cscli decisions add whitelist -I <IP-ADDRESS> -s 3600
Check the status of your profile and decisions. 
sudo cscli decisions list -p ssh-bf

Step 4: Test CrowdSec

The final step is to test CrowdSec to ensure that everything is working correctly. You can do this by attempting to log in to your system using a different IP address, which is not in the whitelist.

You should see that your login attempts are blocked, and the IP address is added to the blacklist by CrowdSec.

Conclusion

In summary, CrowdSec is a powerful security tool that protects your infrastructure against cyber attacks and brute-force attempts. By following the simple steps outlined in this article, you can quickly install and configure CrowdSec on your Debian system, helping to improve the security of your network.