Crowdsec auto update script

[vk6xebec]

If anyone is interested, I have created an autoupdate script and I have tested it and it works with the latest update. I've used AI to create the script for automation. Use at your convenience.

---

CrowdSec GitHub Auto-Upgrade Script for pfSense Plus 26.03

Warning

This script was AI-assisted and has been tested on pfSense Plus 26.03 running the fixed FreeBSD 16 base.
Review, validate, and test in your own environment before production deployment.

---

CrowdSec GitHub Auto-Upgrade Script

Script location

/usr/local/sbin/crowdsec-github-auto-upgrade.sh

---

Create the script

Run as root on pfSense:

cat > /usr/local/sbin/crowdsec-github-auto-upgrade.sh <<'EOF'
#!/bin/sh

PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin"
LOG="/var/log/crowdsec-github-auto-upgrade.log"
SCRIPT="/tmp/install-crowdsec.sh"
URL="https://raw.githubusercontent.com/crowdsecurity/pfSense-pkg-crowdsec/refs/heads/main/install-crowdsec.sh"

DATE="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
BEFORE="$(pkg info -x crowdsec 2>/dev/null | sort | tr '\n' '; ')"

echo "[$DATE] Starting CrowdSec GitHub package check" >> "$LOG"

fetch -q -o "$SCRIPT" "$URL" >> "$LOG" 2>&1
chmod 700 "$SCRIPT"

yes y | sh "$SCRIPT" >> "$LOG" 2>&1

cscli hub update >> "$LOG" 2>&1
cscli hub upgrade >> "$LOG" 2>&1

service crowdsec onerestart >> "$LOG" 2>&1
service crowdsec_firewall onerestart >> "$LOG" 2>&1

AFTER="$(pkg info -x crowdsec 2>/dev/null | sort | tr '\n' '; ')"

if [ "$BEFORE" != "$AFTER" ]; then
  MSG="CrowdSec upgraded on pfSense. Before: $BEFORE After: $AFTER"
  logger -t crowdsec-auto-upgrade "$MSG"

  env MSG="$MSG" /usr/local/bin/php -r 'require_once("/etc/inc/notices.inc"); file_notice("crowdsec_upgrade", getenv("MSG"), "CrowdSec", "", 1, false);' >> "$LOG" 2>&1
else
  echo "[$(date -u +%Y-%m-%dT%H:%M:%SZ)] No CrowdSec package version change detected" >> "$LOG"
fi

echo "[$(date -u +%Y-%m-%dT%H:%M:%SZ)] Finished CrowdSec GitHub package check" >> "$LOG"
EOF

---

Set permissions

chmod 700 /usr/local/sbin/crowdsec-github-auto-upgrade.sh
chown root:wheel /usr/local/sbin/crowdsec-github-auto-upgrade.sh

---

Manual test

Run the script manually:

/usr/local/sbin/crowdsec-github-auto-upgrade.sh

View the log:

tail -n 80 /var/log/crowdsec-github-auto-upgrade.log

---

Cron configuration

Command-line method

Example: run every Friday at 02:30.

Append to /etc/crontab:

echo '30 2 * * 5 root /usr/local/sbin/crowdsec-github-auto-upgrade.sh' >> /etc/crontab

Restart cron:

service cron restart

---

pfSense GUI method

Requires the Cron package.

Install Cron package

1. Navigate to:

   • System > Package Manager > Available Packages

2. Install:

   • cron

---

Create scheduled task

Navigate to:

Services > Cron

Click:

Add

Configure the following:

Field	Value
Minute	30
Hour	2
Day of Month	*
Month	*
Day of Week	5
User	root
Command	/usr/local/sbin/crowdsec-github-auto-upgrade.sh

Save and apply changes.

---

Logging

Log file location:

/var/log/crowdsec-github-auto-upgrade.log

View live logs:

tail -f /var/log/crowdsec-github-auto-upgrade.log

---

What the script does

This script:

• Downloads the latest CrowdSec pfSense installer from GitHub
• Automatically answers yes to installer prompts
• Updates the CrowdSec hub
• Upgrades installed CrowdSec collections/scenarios/parsers
• Restarts:
  • crowdsec
  • crowdsec_firewall
• Logs all output
• Creates a pfSense notification if the CrowdSec package version changes

---

Recommended precautions

• Test manually before enabling cron
• Keep pfSense configuration backups
• Review CrowdSec changes before production rollout
• Consider running first on a non-production firewall
• Review:
  • /var/log/crowdsec-github-auto-upgrade.log
  • pfSense notifications
  • CrowdSec service status

---

Useful verification commands

Check CrowdSec service status:

service crowdsec onestatus
service crowdsec_firewall onestatus

Check installed CrowdSec packages:

pkg info -x crowdsec

Check CrowdSec hub status:

cscli hub list

Check decisions:

cscli decisions list

Check metrics:

cscli metrics