Outnumbering cybercriminals all together

CrowdSec is an open-source and collaborative IPS for Linux.
Analyze behaviors, respond to attacks & share signals across the community.

Get Started
We would love to know your feedback

Your opinion matters, please share it with us.

Take our poll
  • 01

    Parse logs

    Acquire data from any source (syslog, cloudtrails, SIEM, etc.)
  • 02

    Set up your own intrusion detection system

    Apply behavior scenarios to identify cyberthreats
  • 03

    Automate your security

    Define the type of remediation you want to apply and where
  • 04

    Leverage the community’s IP blacklist

    Share and benefit from a crowdsourced and curated cyber threat intelligence system

The open-source and participative IPS

CrowdSec is designed to run seamlessly on virtual machines, bare-metal servers, containers or to be called directly from your code with our API.

Read the Documentation

Collaborative Security

Our strength comes from our cybersecurity community that is burning cybercriminals’ anonymity. By sharing IP addresses that aggressed you, you help us curate and redistribute a qualified IP blacklist to protect everyone.

Stateless & Decoupled

By decoupling detection (agent) and remediation (bouncer), CrowdSec doesn’t interrupt your data streams nor creates any single point of failure. It can fit any serverless, cloud-based, VM or bare-metal context in one (agent) to one (bouncer), one to many, many to one, and many to many typologies.

High performance

Written in Golang, CrowdSec is 60x faster than tools like Fail2ban and can parse massive amounts of logs in no time. Agents can read log files, SIEM events, through a network socket and can be used in high throughput networks. For CPU & RAM-constrained assets, bouncers can just make very light API calls.

Observability

Dashboards are great steering tools. CrowdSec is instrumented with Metabase & Prometheus to help you make smarter investments of both time & money and better defend yourself. Compliance reporting like PCI-DSS, ISO, GDPR  are also on our roadmap.

Multilayer & IPV6 ready

No matter if your servers or attackers are using IPV4 or IPV6 addresses, CrowdSec will do the job. This next-gen HIDS has been designed to not only deal with IPs but also with user sessions and more business-oriented layers.

Ease of use

CrowdSec is designed and developed by former pentesters, SecOps & DevOps, to be a fire-and-forget, easy-to-deploy, automate, configure and maintain software. This is what CrowdSec is about: bringing security to the largest number.

GDPR Compliant

Sharing is caring but privacy matters even more. We collect the very strict minimum in order to be GDPR compliant. Hence, we never export your logs and the only data sent for curation are a timestamp, the aggressive IP, and the scenario used in the attack.

Read the Documentation

Where to use it

  • OS
    • app.logo.alt
      Linux
    • app.logo.alt
      FreeBSD
    • app.logo.alt
      Macos
      Coming soon
    • app.logo.alt
      Windows
      Coming soon
    • app.logo.alt
      Open WRT
      Coming soon
  • Services
    • app.logo.alt
      IP Tables
    • app.logo.alt
      NFTables
    • app.logo.alt
      Nginx
    • app.logo.alt
      Apache
    • app.logo.alt
      Caddy
    • app.logo.alt
      PF
  • Languages & frameworks
    • app.logo.alt
      Wordpress
    • app.logo.alt
      PHP
    • app.logo.alt
      JS
    • app.logo.alt
      GO
      Coming soon
    • app.logo.alt
      Symfony
      Coming soon
    • app.logo.alt
      Python
      Coming soon
    • app.logo.alt
      Arduino
      Coming soon
  • Platforms
    • app.logo.alt
      Docker
    • app.logo.alt
      AWS
    • app.logo.alt
      Google Cloud
    • app.logo.alt
      Cloudflare
    • app.logo.alt
      Envoy
      Coming soon
    • app.logo.alt
      Traefik
      Coming soon
    • app.logo.alt
      Azure
      Coming soon
Find your best setup on the Hub
Join the crowd

Cybercriminals constantly collaborate together, on a world scale. Each IP they control are anonymity tokens to hide their hacktivities. Our only chance is to stand as a crowd and act in a coordinated way, as they do. When you, Sysadmins, Devops & Secops join forces, you outnumber them and can burn their IPs one by one, crippling this precious anonymity.

  • 0B089598-964A-4610-8424-5B9BA76E04EF

    900k rogue IPs detected

  • DB3489A0-E3FC-4AF5-BFC0-C20F5E521A89

    3.9k stars on GitHub

  • Icon/KeyNumbers/countries

    110 countries

False positive & Poisoning resilient

  • Minimum necessary remediation
  • 3-day probing mechanism (auto-deban)
  • Self-unban
  • Consensus involving range qualification
  • Tailor-made lists to avoid broadcasting all IPs blindy

Get Started

Install the Agent

Debian/Ubuntu
RHEL/CentOS/Amazon Linux
Debian (Official)
Docker
FreeBSD
Tarball
  • Debian/Ubuntu
    $ curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
    $ sudo apt-get install crowdsec
    Copy code
  • RHEL/CentOS/Amazon Linux
    $ curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash
    $ sudo yum install crowdsec
    Copy code
  • Debian (Official)
    $ sudo apt-get install crowdsec
    Copy code
  • Docker
    $ docker run -d -v acquis.yaml:/etc/crowdsec/acquis.yaml -e COLLECTIONS="crowdsecurity/sshd" -v /var/log/auth.log:/var/log/auth.log -v /path/mycustom.log:/var/log/mycustom.log --name crowdsec crowdsecurity/crowdsec
    Copy code
  • FreeBSD
    $ pkg install crowdsec
    Copy code
  • Tarball
    $ wget -qO - https://github.com/crowdsecurity/crowdsec/releases/latest/download/crowdsec-release.tgz | tar zxvf -
    $ cd crowdsec-v* && sudo ./wizard.sh -i
    Copy code

Install a Bouncer

Firewall: Debian/Ubuntu
Firewall: RHEL/CentOS/Amazon Linux
Custom: Debian/Ubuntu
Custom: RHEL/CentOS/Amazon Linux
AWS/GCP
Nginx: Debian/Ubuntu
Wordpress
  • Firewall: Debian/Ubuntu
    $ curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
    $ sudo apt install crowdsec-firewall-bouncer-iptables
    Copy code
  • Firewall: RHEL/CentOS/Amazon Linux
    $ curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash
    $ sudo yum install crowdsec-firewall-bouncer-iptables
    Copy code
  • Custom: Debian/Ubuntu
    $ curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
    $ sudo apt install crowdsec-custom-bouncer
    Copy code
  • Custom: RHEL/CentOS/Amazon Linux
    $ curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash
    $ sudo yum install crowdsec-custom-bouncer
    Copy code
  • AWS/GCP
    https://hub.crowdsec.net/author/fallard84/bouncers/cs-cloud-firewall-bouncer
    Copy code
  • Nginx: Debian/Ubuntu
    $ curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
    $ sudo apt install crowdsec-nginx-bouncer
    Copy code
  • Wordpress
    Click here to download the official plugin
    Copy code
AFEB9F8A-65D8-49C4-BF47-4958C484D8C8
Download v1.2.0