Skip to main content

Install on macOS

We do not compile the Security Engine for macOS. Use a container runtime like Docker to run the Linux container on macOS.

If you want a quick, guided test, use our online sandbox. It includes a preinstalled application to generate logs.

Find it here

New to CrowdSec? Start with the introduction to understand the components and prerequisites.

Running CrowdSec on MacOS

Open a terminal and verify that Docker is running on your macOS machine.

docker version
Command Output
Client: Docker Engine - Community
 Version:           20.10.7
 API version:       1.41
 Go version:        go1.13.15
 Git commit:        f0df350
 Built:             Wed Jun  2 11:56:35 2021
 OS/Arch:           darwin/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.7
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       b0f5bc3
  Built:            Wed Jun  2 11:54:58 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.4.6
  GitCommit:        d71fcd7d8303cbf684402823e425e9dd2e99285d
 runc:
  Version:          1.0.0-rc95
  GitCommit:        b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Once Docker is running, pull the CrowdSec image.

docker pull crowdsecurity/crowdsec
Command Output
Using default tag: latest
latest: Pulling from crowdsecurity/crowdsec
Digest: sha256:
Status: Image is up to date for crowdsecurity/crowdsec:latest
docker.io/crowdsecurity/crowdsec:latest

Now run the CrowdSec container.

docker run -d --name crowdsec -v /var/run/docker.sock:/var/run/docker.sock -v /etc/crowdsec:/etc/crowdsec -v /var/log:/var/log crowdsecurity/crowdsec

On macOS you may not have local services generating logs, so detections might not trigger. Use the online sandbox to test end-to-end behavior.

To stop and remove the container:

docker rm --force crowdsec