How to install Crowdsec on Proxmox VE 8 correct

This article describes how to install crowdsec on an proxmox ve environment. Only 5 Steps are required.

Crowdsec is the new Fail2ban and should be preferred today due to decentralization alone. Fail2ban has been on the market for a long time and is therefore indispensable for Proxmox installations, but the good new alternative Crowdsec is a bit better.

Here now follows the instructions how to add Crowdsec on a Proxmox VE 8.0 installation.

NOTE: Even if Fail2ban is already installed on your system, you can easily add Crowdsec. For new installations please use Crowdsec only.

How to install

  1. Crowdsec Repository

    The first thing to do is to add the Crowdsec repository.

curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash

  1. Install Crowdsec

    Crowdsec will be installed on the system

sudo apt install crowdsec

  1. Add firewall IPTables bouncer

    The bouncer is responsible for keeping the lists for the IPTables up to date.

sudo apt install crowdsec-firewall-bouncer

  1. Small change in the configuration for the SQLite database

    Add the "use_wal: true" in the area "db_config".

File: nano /etc/crowdsec/config.yaml
db_config:
  log_level: info
  type: sqlite
  db_path: /var/lib/crowdsec/data/crowdsec.db
  use_wal: true

  1. Ready

    Start the software with the following command. Autostart is already enabled here.

service crowdsec start

  1. Optional - Crowdsec Dashboard

    Additionally you can add the agent to the Crowdsec Dashboard. To do this, log in to Crowdsec on the website and create a new engine. There you will get an enroll code which you have to execute on the console. Here is an example:

sudo cscli console enroll cljpek1420011mn088ta9y2xn
CrowdsecProxmox-VE-8ProxmoxFail2ban
Vote poor 0 Vote Helpfull 1
2023-07-13  
 A DynDNS Service from IPv64.net

The DynDNS service of IPv64.net is free of charge and usable in all common routers and systems. You have the choice between many different domain names.

  Healthcheck und Monitoring Service

The IPv64.net Healthchecks monitor your services, servers and endpoints. Receive notifications when your services fail. This monitoring service is free with all features.

IPv64 Mini Logo Register now

Registration with IPv64 is free of charge and immediately available for you.

Our Homelab recommendation

MikroTik RouterBOARD RB5009 Router, 8x RJ-45, 1x SFP+ (RB5009UG+S+IN) MikroTik RouterBOARD RB5009 Router, 8x RJ-45, 1x SFP+ (RB5009UG+S+IN)
~ 190.45 € Show me
MikroTik Cloud Router Switch CRS326 Dual Boot Rackmount Gigabit Managed Switch, 24x RJ-45, 2x SFP+, PoE PD (CRS326-24G-2S+RM) MikroTik Cloud Router Switch CRS326 Dual Boot Rackmount Gigabit Managed Switch, 24x RJ-45, 2x SFP+, PoE PD (CRS326-24G-2S+RM)
~ 186.21 € Show me