fail2ban 升级版本
备份
备份现有配置和数据库以便回滚
备份配置
sudo mkdir -p /opt/fail2ban-bak
sudo cp -R /etc/fail2ban /opt/fail2ban-bak备份数据库
sudo cp /var/lib/fail2ban/fail2ban.sqlite3 /opt/fail2ban-bak
使用报管理器自动更新
该方案使用系统自带包管理器更新,会自动更新相关依赖。
查看最新版:
sudo apt update
sudo apt-cache madison fail2ban
fail2ban | 0.11.2-6 | http://mirrors.tencentyun.com/ubuntu jammy/universe amd64 Packages更新命令:
sudo apt upgrade fail2ban -y
等待完成安装即可
使用包管理器手动更新(官方方案)
切换到临时目录
cd /tmp/
下载安装文件和文件的验签信息
wget -O fail2ban.deb https://github.com/fail2ban/fail2ban/releases/download/1.1.0/fail2ban_1.1.0-1.upstream1_all.deb
wget -O fail2ban.deb.asc https://github.com/fail2ban/fail2ban/releases/download/1.1.0/fail2ban_1.1.0-1.upstream1_all.deb.asc提示:你也可以手动下载好了上传上去
检查文件是否完好(胆大可以忽略)
检查文件是否原样,是否被修改,验证签名信息:
gpg --verify fail2ban.deb.asc fail2ban.deb可能会报错:
gpg: Signature made Fri 26 Apr 2024 08:34:59 AM CST
gpg: using RSA key 8738559E26F671DF9E2C6D9E683BF1BEBD0A882C
gpg: Can't check signature: No public key报key没找到,国内好像访问不了公钥库,直接去备份库下载一个
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 8738559E26F671DF9E2C6D9E683BF1BEBD0A882C注意最后面的 8738559E26F671DF9E2C6D9E683BF1BEBD0A882C 就是上面的key
下载完成后再次校验
ubuntu@dev:/tmp$ gpg --verify fail2ban.deb.asc fail2ban.deb
gpg: Signature made Fri 26 Apr 2024 08:34:59 AM CST
gpg: using RSA key 8738559E26F671DF9E2C6D9E683BF1BEBD0A882C
gpg: Good signature from "Serg G. Brester (sebres) <info@sebres.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8738 559E 26F6 71DF 9E2C 6D9E 683B F1BE BD0A 882C有个Good即可
查看软件包内容
dpkg -I fail2ban.deb
停止现有版本服务
sudo service fail2ban stop安装新版本
sudo dpkg -i fail2ban.deb安装完成后查看版本:
ubuntu@dev:/tmp$ fail2ban-client --version
Fail2Ban v1.1.0.1正常情况下,配置都还在,直接就用了。
如果安装被缺少依赖打断,请使用下面命令强行安装
sudo apt -f install fail2ban.deb
源码安装更新
Manual install/upgrade is very similar to aforementioned testing of standalone instance, just you have to do more steps to install it, like copy and enable service units, copy man-files etc pp.
Read more ...
Firstly download fail2ban from releases or from source (select branch master or 1.0, 0.11, 0.10 and click "clone or download" button) and unpack it (or clone it with git) into some temporary directory (e. g. )./tmp/f2b
In order to install it, you have to execute several of following commands as root (or sudoer), so you can start shell as root (e. g. ) or use before corresponding command that expecting administrator permissions.sudo -ssudo
- for fail2ban versions before or equal 1.0
- install prerequirements you need (see README.md); for example:
- for :
python2apt install python-pyinotify python-systemd - for :
python3apt install python3-pyinotify python3-systemd 2to3
- for :
- if you want to use , enter and execute (and then use in command below)
python3cd /tmp/f2b./fail2ban-2to3python3
- for fail2ban versions 1.1 or higher
- enter your (cloned) interim fail2ban directory:
cd /tmp/f2b - now install it:
sudo python setup.py install --without-tests - note that the system init/service script is not automatically installed, so you have to copy it and enable the service manually; for example with init.d-script see readme, to install systemd-unit file use:
sudo cp ./build/fail2ban.service /etc/systemd/system/fail2ban.service
sudo systemctl enable fail2banNow we have to configure fail2ban (also see Proper fail2ban configuration):
- copy your files from backup to (or create new and set-up jails you need to enable).
.local/etc/fail2banjail.local - take a look in your backup copy of for includes made for your distribution:
/etc/fail2ban/jail.conf
[INCLUDES] before = paths-debian.conf
- copy this file and set the same line in new or in .
jail.confjail.local/etc/fail2ban - test it
sudo fail2ban-client --test
Now you can start fail2ban via service:
sudo service fail2ban starthttps://blog.xqlee.com/article/250424192607538.html
评论
相关文章
