Skip to content

How to install or upgrade fail2ban manually

Jump to bottom Edit New page
Sergey G. Brester edited this page Apr 26, 2024 · 8 revisions

Many distributions already provide fail2ban packages, so better you'd install this built from your maintainers version of fail2ban, especially if you are not familiar with linux.

You don't need install fail2ban for the test attempts or to try some new functionality, so firstly read How to test newer fail2ban version resp. use fail2ban standalone instance.

Required pre-installation steps

If you already have fail2ban installed from your distribution:

  • backup your current configuration /etc/fail2ban and run-time database /var/lib/fail2ban/fail2ban.sqlite3
  • you can also store the dump of your current configuration to be able to compare it later:
    fail2ban-client -d > /tmp/f2b-dump-of-prev-version.txt
  • if your fail2ban version departs significantly or you decided install from source, stop and uninstall obsolete version of fail2ban

Manual installation of debian upstream-package (released here)

If you have debian-based distribution, you could try to install debian packages from newest releases. This upstream package is very similar the package maintaining for the latest debian stable version, but can also work for the most other debian-based distributions.

Read more ...

To install the deb-package manually following steps are necessary (here is an example for 1.1.0):

cd /tmp/
# 1) download deb package and signature:
wget -O fail2ban.deb https://github.com/fail2ban/fail2ban/releases/download/1.1.0/fail2ban_1.1.0-1.upstream1_all.deb
wget -O fail2ban.deb.asc https://github.com/fail2ban/fail2ban/releases/download/1.1.0/fail2ban_1.1.0-1.upstream1_all.deb.asc

# 2) check signature (if you want to be sure file is unmodified):
gpg --verify fail2ban.deb.asc fail2ban.deb

# 3) view details of the package:
dpkg -I fail2ban.deb

# 4) to ensure the upgrade run gentler (protocol of previous version may be incompatible), stop fail2ban before install:
# using service:
sudo service fail2ban stop
# using client:
sudo fail2ban-client stop

# 5a) either install package using dpkg (standalone package, don't regard dependencies):
sudo dpkg -i fail2ban.deb
# if the package introduces some "broken" dependencies (I don't think so in case of fail2ban which has few dependencies),
# to fix the unmet dependency issue, run this:
sudo apt -f install

# 5b) alternatively install package using gdebi (that will take care of installation of dependencies):
sudo gdebi fail2ban.deb
# if you want to check anyway whether there are some broken packages and fix them automatically, you can run:
sudo apt -f install

Same is valid for 0.11.2 (if you want to try that, it is totally compatible with a small exception regarding database if you need back to 0.10, see Compatibility section in https://github.com/fail2ban/fail2ban/blob/0.11.2/ChangeLog#L12).

Note: although in opposite to installation from source, it would also install service units, man-files, bash-completion etc, the package configuration can also deviate from configuration provided by maintainers of your distribution. Additionally note that the upstream packages are provided without the test-suite (fail2ban-testcases, fail2ban.test python module).

Manual installation from source

Manual install/upgrade is very similar to aforementioned testing of standalone instance, just you have to do more steps to install it, like copy and enable service units, copy man-files etc pp.

Read more ...

Firstly download fail2ban from releases or from source (select branch master or 1.0, 0.11, 0.10 and click "clone or download" button) and unpack it (or clone it with git) into some temporary directory (e. g. /tmp/f2b).

In order to install it, you have to execute several of following commands as root (or sudoer), so you can start shell as root (e. g. sudo -s) or use sudo before corresponding command that expecting administrator permissions.

- for fail2ban versions before or equal 1.0
  • install prerequirements you need (see README.md); for example:
    • for python2:
      apt install python-pyinotify python-systemd
    • for python3:
      apt install python3-pyinotify python3-systemd 2to3
  • if you want to use python3, enter cd /tmp/f2b and execute ./fail2ban-2to3 (and then use python3 in command below)
- for fail2ban versions 1.1 or higher
  • install prerequirements you need (see README.md); for example: apt install python3-pyinotify python3-systemd
  • enter your (cloned) interim fail2ban directory:
    cd /tmp/f2b
  • now install it:
    sudo python setup.py install --without-tests
  • note that the system init/service script is not automatically installed, so you have to copy it and enable the service manually; for example with init.d-script see readme, to install systemd-unit file use:
sudo cp ./build/fail2ban.service /etc/systemd/system/fail2ban.service
sudo systemctl enable fail2ban

Now we have to configure fail2ban (also see Proper fail2ban configuration):

  • copy your .local files from backup to /etc/fail2ban (or create new jail.local and set-up jails you need to enable).
  • take a look in your backup copy of /etc/fail2ban/jail.conf for includes made for your distribution:
[INCLUDES]
before = paths-debian.conf
  • copy this file and set the same line in new jail.conf or jail.local in /etc/fail2ban.
  • test it
    sudo fail2ban-client --test

Now you can start fail2ban via service:

sudo service fail2ban start
Add a custom footer

Best practice
How fail2ban works

HowTo's

FAQ

Clone this wiki locally