From fa18685c8bbf3d2fdc0f872fbfdbc95dee2fd658 Mon Sep 17 00:00:00 2001
From: Remco <Remcojandijkstra@ziggo.nl>
Date: Thu, 6 Nov 2025 19:06:43 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=86=99=20Add=20more=20tuts=20=F0=9F=86=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 extra tuts/crowdsecinstall ubuntu.md | 119 +++++++++++++++++++++++++++
 1 file changed, 119 insertions(+)
 create mode 100644 extra tuts/crowdsecinstall ubuntu.md

diff --git a/extra tuts/crowdsecinstall ubuntu.md b/extra tuts/crowdsecinstall ubuntu.md
new file mode 100644
index 0000000000..49763e51eb
--- /dev/null
+++ b/extra tuts/crowdsecinstall ubuntu.md	
@@ -0,0 +1,119 @@
+## 🚀 How to Install CrowdSec on Ubuntu
+
+This tutorial will guide you through installing the **CrowdSec Agent** (which detects threats) and the **Firewall Bouncer** (which blocks them) on an Ubuntu system.
+
+### Prerequisites
+
+  * An Ubuntu server (e.g., 20.04, 22.04).
+  * Access to a user account with `sudo` privileges.
+  * Internet access to download the packages.
+
+-----
+
+### Step 1: Add the CrowdSec Repository
+
+First, you need to add the official CrowdSec package repository to your system.
+
+1.  Update your package lists to ensure you have the latest information:
+    ```bash
+    sudo apt update
+    ```
+2.  Install the `curl` utility if it's not already present:
+    ```bash
+    sudo apt install curl
+    ```
+3.  Run the official CrowdSec installation script. This script will automatically detect your OS and add the correct repository:
+    ```bash
+    curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
+    ```
+
+-----
+
+### Step 2: Install the CrowdSec Agent
+
+Now that the repository is added, you can install the **CrowdSec agent**. This is the core component that reads your logs (like SSH, web server, etc.) to detect malicious behavior.
+
+1.  Install the `crowdsec` package:
+    ```bash
+    sudo apt install crowdsec
+    ```
+2.  The service should start automatically. You can verify that it's running:
+    ```bash
+    sudo systemctl status crowdsec
+    ```
+    You should see `active (running)` in the output.
+
+-----
+
+### Step 3: Install a Bouncer
+
+The agent *detects* threats, but it doesn't *block* them by default. For that, you need a **Bouncer**. The most common bouncer integrates with your server's firewall.
+
+1.  Install the CrowdSec firewall bouncer. This example uses `iptables`, which is common.
+
+    ```bash
+    sudo apt install crowdsec-firewall-bouncer-iptables
+    ```
+
+    > **Note:** If your system uses `nftables` (common on newer Ubuntu versions), you might prefer `sudo apt install crowdsec-firewall-bouncer-nftables` instead.
+
+2.  After installation, the bouncer service should also start automatically.
+
+-----
+
+### Step 4: Verify the Installation
+
+Let's check if the agent and the bouncer are communicating correctly using the CrowdSec command-line interface, `cscli`.
+
+1.  **Check bouncer status:**
+
+    ```bash
+    sudo cscli bouncers list
+    ```
+
+    You should see your `crowdsec-firewall-bouncer-iptables` listed, and it should show as **validated** (`✔`).
+
+2.  **Check agent metrics:** This command shows if the agent is reading logs and parsing them.
+
+    ```bash
+    sudo cscli metrics
+    ```
+
+    You'll see counters for things like "lines read" and "lines parsed." This confirms the agent is working.
+
+-----
+
+### Step 5: Install Collections (Important\!)
+
+By default, CrowdSec installs basic collections (like for `sshd`). To protect other services, you must **install collections** for them. A collection is a set of parsers (to understand logs) and scenarios (to detect attacks).
+
+1.  **List installed collections:**
+
+    ```bash
+    sudo cscli collections list
+    ```
+
+    You will likely see `crowdsec/linux` and `crowdsec/sshd`.
+
+2.  **Install new collections:** You *must* install collections for the software you run. For example, if you run an Nginx web server:
+
+    ```bash
+    sudo cscli collections install crowdsec/nginx
+    ```
+
+    Or for an Apache web server:
+
+    ```bash
+    sudo cscli collections install crowdsec/apache2
+    ```
+
+    You can find all available collections on the [CrowdSec Hub](https://hub.crowdsec.net/).
+
+### ✅ Installation Complete\!
+
+Your CrowdSec agent is now monitoring your logs, and the firewall bouncer is ready to block any IPs that trigger a security scenario. You can monitor active decisions (blocks) at any time by running:
+
+```bash
+sudo cscli decisions list
+```
+