# - Install required debian packages
# -
apt-get update
apt-get install python3
apt-get install python3-pyinotify python-pyinotify
apt-get install gamin
apt-get install python-dnspython python3-dnspython

# - Download sources via git
# -
mkdir -p /usr/local/src/install
cd /usr/local/src/install
git clone -b 0.10 https://github.com/fail2ban/fail2ban.git

# - Install fail2ban
# -
cd fail2ban
python setup.py install


# - Configure logrotate
# -
cat << EOF > /etc/logrotate.d/fail2ban
/var/log/fail2ban.log {

    daily
    rotate 7
    compress

    delaycompress
    missingok
    postrotate
      fail2ban-client flushlogs 1>/dev/null
    endscript

    # If fail2ban runs as non-root it still needs to have write access
    # to logfiles.
    # create 640 fail2ban adm
    create 640 root adm
}
EOF


# - Configure  fail2ban as systemd service
# -
cat << EOF > /etc/systemd/system/fail2ban.service
[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service ipt-firewall.service ip6t-firewall.service
PartOf=iptables.service firewalld.service ip6tables.service ipset.service ipt-firewall.service ip6t-firewall.service

[Service]
Type=simple
ExecStartPre=/bin/mkdir -p /var/run/fail2ban
ExecStart=/usr/local/bin/fail2ban-server -xf start
# if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
# ExecStart=/usr/local/bin/fail2ban-server -xf --logtarget=sysout start
ExecStop=/usr/local/bin/fail2ban-client stop
ExecReload=/usr/local/bin/fail2ban-client reload
PIDFile=/var/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable fail2ban.service