[HowTo] install fail2ban 0.8.2 -last version- in debian etch

[truzone]

Hello

If you have fail2ban installed by apt-get you have the 0.7.5 version, this version doesn't have PID file (important if you use the monit).

First purge fail2ban

Code:

# /etc/init.d/fail2ban stop
# aptitude purge fail2ban

We go to install the last version (0.8.2). In Debian is necessary run aptitude with the sid reposit so:

Code:

# vi /etc/apt/sources.list

change

Code:

deb http://ftp.fr.debian.org/debian/ etch main contrib non-free

to

Code:

deb http://ftp.fr.debian.org/debian/ sid main contrib non-free

save and exit

Code:

# aptitude update
# aptitude install fail2ban

with the install, will be upgraded the python-central

Code:

# vi /etc/apt/sources.list

change

Code:

deb http://ftp.fr.debian.org/debian/ sid main contrib non-free

to

Code:

deb http://ftp.fr.debian.org/debian/ etch main contrib non-free

Code:

# aptitude update

Open /etc/fail2ban/jail.conf

Code:

# vi /etc/fail2ban/jail.conf

change

Code:

enable = false

to

Code:

enable = true

at:

Code:

[apache]
[proftpd]
[postfix]
[couriersmtp]
[courierauth]
[sasl]

Save and exit.

Code:

# /etc/init.d/fail2ban start

[Quemeros]

// ESP
No es mejor usar paquetes adaptados para etch como los backports (creo q se llamaba), etc que son paquetes de sid/lenny adaptados para su instalacion en etch?

Muy bueno igual el how-to ... actualmente hay uno en los docs pero para el 0.7... yo lo segui pero con el paquete nuevo adaptado

//ENG
Isn't better to use adapted packages from sid/lenny to etch like backports (i think that call it)?

Good how-to ... actually, there are one in the docs but for v0.7... im use that, but with the last package adapted.

[truzone]

Buenas

Es posible, yo preferí utilizar el paquete de lenny porque se trata del repositorio oficial y requería actualizar también el python-central en una versión superior a la que viene en la etch y me pareció mejor no arriesgarme con un backport (tuve problemas en el pasado con ellos), además al no actualizar nada más que el python-central me pareció mejor.

Y sí, existe un manual en la zona de documentación sobre la versión que lleva por defecto debian, pero este howto lo hice más bien porque si se quiere agregar el servicio al monit, la versión 0.7 no genera el archivo .pid que tiene el número del proceso proceso y lo necesitaba para agregar la comprobación del servicio. No me parecía correcto incluirlo en ese post y tampoco editar el howto ya existente.

Un saludo

Hi

It's possible. I'm prefer to use the sid packages because it's the official repository and aldo it's necessary upgrade the python-central version. I thought it best not to risk a backport (I had problems in the past with them).

Yes, here is a manual in the area of documentation. I did this howato because If we want to add the service in Monit, version 0.7 does not generate the file .pid that has the number process and I need it to add the verification of service. I do not seem correct to include this howto in the monit post and also edit the existing howto about fail2ban.

[fulltilt]

thanks - working fine,
did you checked out the following parts and could you suggest to use it in ispCP (about using heavy resources) .. ?

[apache-overflows]
[ssh-ddos]
[named-refused-udp]
[named-refused-tcp]

changes for the log path for apache and (apache-overflows?)
logpath = /var/log/apache2/users/*access.log

and FTP > logpath = /var/log/auth.log

am i right?

if i use [ssh-ddos] i get:
WARNING Unable to find a corresponding IP address for UNKNOWN

[truzone]

Hello

Yes, I activated it and all runs fine. When I protect "Securing Open DNS server (BIND 9)" I loosed the apt so when I wrote this howto only checked out the parts that I'm sure. I do your changes and all is ok.

I activated ssh-ddos and I haven't got the warning with root login, do you use the ssh with the username?

Code:

ssh username@ip -p port

[fulltilt]

truzone Wrote:I activated ssh-ddos and I haven't got the warning with root login, do you use the ssh with the username?

Code:

ssh username@ip -p port

no i have to try it - could it be that warning depends on using other port than 22 ?
Other parts running fine - also postfix ... blocking many bad IPs und system load is going down :-)
This version of fail2ban realy runs more stable.

[truzone]

My ssh not use the port 22