diff --git a/0.10.2/README.apt-install b/0.10.2/README.apt-install new file mode 100644 index 0000000..1c03ac0 --- /dev/null +++ b/0.10.2/README.apt-install @@ -0,0 +1,14 @@ + +# - Debian stretch: +# - Download via package system +# - +#echo "deb tor+http://ncomputers.org/debian stretch main" > /etc/apt/sources.list.d/ncomputers.org-stretch.list +echo "deb http://ncomputers.org/debian stretch main" > /etc/apt/sources.list.d/ncomputers.org-stretch.list + +# - Debian stretch: +# - Install via package system +# - +apt-get update +apt-get install ncomputers.org-keyring +apt-get update +apt-get install fail2ban diff --git a/0.10.2/README.install b/0.10.2/README.install deleted file mode 100644 index 95e436e..0000000 --- a/0.10.2/README.install +++ /dev/null @@ -1,7 +0,0 @@ - -echo "deb tor+http://ncomputers.org/debian stretch main" > /etc/apt/sources.list.d/ncomputers.org-stretch.list -echo "deb http://ncomputers.org/debian stretch main" > /etc/apt/sources.list.d/ncomputers.org-stretch.list -apt-get update -apt-get install ncomputers.org-keyring -apt-get update - diff --git a/0.10.2/README.logrotate b/0.10.2/README.logrotate new file mode 100644 index 0000000..57380bc --- /dev/null +++ b/0.10.2/README.logrotate @@ -0,0 +1,22 @@ +# - Configure logrotate +# - +cat << EOF > /etc/logrotate.d/fail2ban +/var/log/fail2ban.log { + + daily + rotate 7 + compress + + delaycompress + missingok + postrotate + fail2ban-client flushlogs 1>/dev/null + endscript + + # If fail2ban runs as non-root it still needs to have write access + # to logfiles. + # create 640 fail2ban adm + create 640 root adm +} +EOF + diff --git a/0.10.2/README.src-install b/0.10.2/README.src-install new file mode 100644 index 0000000..a037198 --- /dev/null +++ b/0.10.2/README.src-install @@ -0,0 +1,70 @@ +# - Install required debian packages +# - +apt-get update +apt-get install python3 +apt-get install python3-pyinotify python-pyinotify +apt-get install gamin +apt-get install python-dnspython python3-dnspython + +# - Download sources via git +# - +mkdir -p /usr/local/src/install +cd /usr/local/src/install +git clone -b 0.10 https://github.com/fail2ban/fail2ban.git + +# - Install fail2ban +# - +cd fail2ban +python setup.py install + + +# - Configure logrotate +# - +cat << EOF > /etc/logrotate.d/fail2ban +/var/log/fail2ban.log { + + daily + rotate 7 + compress + + delaycompress + missingok + postrotate + fail2ban-client flushlogs 1>/dev/null + endscript + + # If fail2ban runs as non-root it still needs to have write access + # to logfiles. + # create 640 fail2ban adm + create 640 root adm +} +EOF + + +# - Configure fail2ban as systemd service +# - +cat << EOF > /etc/systemd/system/fail2ban.service +[Unit] +Description=Fail2Ban Service +Documentation=man:fail2ban(1) +After=network.target iptables.service firewalld.service ip6tables.service ipset.service +PartOf=iptables.service firewalld.service ip6tables.service ipset.service + +[Service] +Type=simple +ExecStartPre=/bin/mkdir -p /var/run/fail2ban +ExecStart=/usr/local/bin/fail2ban-server -xf start +# if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local +# ExecStart=/usr/local/bin/fail2ban-server -xf --logtarget=sysout start +ExecStop=/usr/local/bin/fail2ban-client stop +ExecReload=/usr/local/bin/fail2ban-client reload +PIDFile=/var/run/fail2ban/fail2ban.pid +Restart=on-failure +RestartPreventExitStatus=0 255 + +[Install] +WantedBy=multi-user.target +EOF + +systemctl daemon-reload +systemctl enable fail2ban.service diff --git a/0.10.2/README.sytemd b/0.10.2/README.sytemd index 34af2c0..8c9126a 100644 --- a/0.10.2/README.sytemd +++ b/0.10.2/README.sytemd @@ -26,3 +26,24 @@ EOF systemctl daemon-reload systemctl enable fail2ban.service + +# - An alternative systemd configuration +# - +cat << EOF > /etc/systemd/system/fail2ban.service +[Unit] +Description=Fail2Ban Service +Documentation=man:fail2ban(1) +After=network.target iptables.service firewalld.service +PartOf=iptables.service firewalld.service + +[Service] +Type=forking +ExecStart=/usr/bin/fail2ban-client -x start +ExecStop=/usr/bin/fail2ban-client stop +ExecReload=/usr/bin/fail2ban-client reload +PIDFile=/var/run/fail2ban/fail2ban.pid +Restart=always + +[Install] +WantedBy=multi-user.target +EOF