FreeBSD packages are available in the official repositories.
By default, the command
pkg install should use the quarterly releases (January, April, July and October, updated with security fixes).
You can check
/etc/pkg/FreeBSD.conf and change quarterly to latest if you feel comfortable upgrading your system.
The CrowdSec package itself can be installed with:
$ sudo pkg install crowdsec
If the command installs the legacy v1.1.1, you will have a couple more steps to do, please have a look at the related blog post.
You'll see a message that tells you how to activate the agent:
$ sudo sysrc crowdsec_enable="YES"crowdsec_enable: -> YES$ sudo service crowdsec startFetching hub inventoryINFO[21-12-2021 03:13:35 PM] Wrote new 197364 bytes index to /usr/local/etc/crowdsec/hub/.index.json [...]
The service registers itself with the Central API on crowdsec.net, updates the plugin registry and downloads the "crowdsecurity/freebsd" collection of plugins. This includes, for instance, a parsers for sshd logs and a database to correlate IP addresses with geographical information.
As opposed to its Linux counterparts, the FreeBSD package does not automatically detect the software that is running on the machine; please refer to our documentation to add parsers, scenarios and more.
Keep in mind that the crowdsec package is only in charge of the "detection", and won't block anything on its own. You need to deploy a bouncer to "apply" decisions.
If all this sounds confusing, it might be a good moment to take a tour of the software before continuing.
This is a package that receives decisions to ban IP addresses and whole address ranges, if they are the source of verified attacks.
To install and enable it:
$ sudo pkg install crowdsec-firewall-bouncer[...]$ sudo sysrc crowdsec_firewall_enable=YEScrowdsec_firewall_enable: -> YES$ sudo service crowdsec_firewall startRegistered: cs-firewall-bouncer-ZjpcXlUx
The firewall bouncer is now running. It applies rules via the Packet Filter.
Create the required tables by creating or appending this to
table <crowdsec-blacklists> persisttable <crowdsec6-blacklists> persistblock drop in quick from <crowdsec-blacklists> to anyblock drop in quick from <crowdsec6-blacklists> to any
If Packet Filter is not enabled, you can do it now:
$ sudo sysrc pf_enable=YESpf_enable: NO -> YES$ sudo service pf startEnabling pf.
Reload the rules with:
$ sudo pfctl -f /etc/pf.conf
You can check the configuration with:
$ sudo pfctl -srblock drop in quick from <crowdsec-blacklists> to anyblock drop in quick from <crowdsec6-blacklists> to any$ sudo service pf checkChecking pf rules.$ sudo service pf statusStatus: Enabled for 0 days 00:00:02 Debug: Urgent[...]
Another option - and the only one if you have a Tier-2 or unsupported platform whose binaries are harder to find or seldom updated - is to build the packages yourself by using our FreeBSD ports.
If you are not familiar with how ports work, be aware that mixing ports and binary packages might break your system. Please read the FreeBSD documentation and decide for yourself if it's the best method for your case.
If you are already familiar with ports, running
make install in
will compile and install the packages and all their dependencies. Then configure them as you would normally do with
In some case, Crowdsec is unable to generate the machine id.
/etc/rc.d/hostid start/etc/rc.d/hostid_save start
Then start again the Crowdsec' service
service crowdsec start.