How To Install crowdsec on Kali Linux

Introduction

In this tutorial we learn how to install crowdsec on Kali Linux.

What is crowdsec

crowdsec is:

CrowdSec is a lightweight security engine, able to detect and remedy
aggressive network behavior. It can leverage and also enrich a
global community-wide IP reputation database, to help fight online
cybersec aggressions in a collaborative manner.

CrowdSec can read many log sources, parse and also enrich them, in
order to detect specific scenarios, that usually represent malevolent
behavior. Parsers, Enrichers, and Scenarios are YAML files that can
be shared and downloaded through a specific Hub, as well as be created
or adapted locally.

Detection results are available for CrowdSec, its CLI tools and
bouncers via an HTTP API. Triggered scenarios lead to an alert, which
often results in a decision (e.g. IP banned for 4 hours) that can be
consumed by bouncers (software components enforcing a decision, such
as an iptables ban, an nginx lua script, or any custom user script).

The CLI allows users to deploy a Metabase Docker image to provide
simple-to-deploy dashboards of ongoing activity. The CrowdSec daemon
is also instrumented with Prometheus to provide observability.

CrowdSec can be used against live logs (??? la fail2ban??), but can
also work on cold logs to help, in a forensic context, to build an
analysis for past events.

On top of that, CrowdSec aims at sharing detection signals amongst
all participants, to pre-emptively allow users to block likely
attackers. To achieve this, minimal meta-information about the attack
is shared with the CrowdSec organization for further retribution.

Users can also decide not to take part into the collective effort via
the central API, but to register on a local API instead.

There are three methods to install crowdsec on Kali Linux. We can use apt-get, apt and aptitude. In the following sections we will describe each method. You can choose one of them.

Install crowdsec Using apt-get

Update apt database with apt-get using the following command.

sudo apt-get update

After updating apt database, We can install crowdsec using apt-get by running the following command:

sudo apt-get -y install crowdsec

Install crowdsec Using apt

Update apt database with apt using the following command.

sudo apt update

After updating apt database, We can install crowdsec using apt by running the following command:

sudo apt -y install crowdsec

Install crowdsec Using aptitude

If you want to follow this method, you might need to install aptitude on Kali Linux first since aptitude is usually not installed by default on Kali Linux. Update apt database with aptitude using the following command.

sudo aptitude update

After updating apt database, We can install crowdsec using aptitude by running the following command:

sudo aptitude -y install crowdsec

How To Uninstall crowdsec on Kali Linux

To uninstall only the crowdsec package we can use the following command:

sudo apt-get remove crowdsec

Uninstall crowdsec And Its Dependencies

To uninstall crowdsec and its dependencies that are no longer needed by Kali Linux, we can use the command below:

sudo apt-get -y autoremove crowdsec

Remove crowdsec Configurations and Data

To remove crowdsec configuration and data from Kali Linux we can use the following command:

sudo apt-get -y purge crowdsec

Remove crowdsec configuration, data, and all of its dependencies

We can use the following command to remove crowdsec configurations, data and all of its dependencies, we can use the following command:

sudo apt-get -y autoremove --purge crowdsec

Dependencies

crowdsec have the following dependencies:

• ca-certificates
• libc6
• libsqlite3-0

References

• crowdsec website

Summary

In this tutorial we learn how to install crowdsec package on Kali Linux using different package management tools: apt, apt-get and aptitude.