From 0518c517bc73601009fe152ddf93ce0f80fb7e64 Mon Sep 17 00:00:00 2001
From: "Sergey G. Brester" <github@sebres.de>
Date: Mon, 25 May 2020 16:44:04 +0200
Subject: [PATCH] how-to for install or manual upgrade

---
 Home.md                                       |  1 +
 ...to-install-or-upgrade-fail2ban-manually.md | 51 +++++++++++++++++++
 _Sidebar.md                                   |  1 +
 3 files changed, 53 insertions(+)
 create mode 100644 How-to-install-or-upgrade-fail2ban-manually.md

diff --git a/Home.md b/Home.md
index cf6c08a..308839b 100644
--- a/Home.md
+++ b/Home.md
@@ -7,6 +7,7 @@
 
 ---
 ### HowTo's
+* [Install or upgrade fail2ban manually](How-to-install-or-upgrade-fail2ban-manually)
 * [Test newer fail2ban version](How-to-test-newer-fail2ban-version-resp.-use-fail2ban-standalone-instance)
 * [Create standalone instance](How-to-test-newer-fail2ban-version-resp.-use-fail2ban-standalone-instance)
 * [Ban something other as host/IP, like user or e-mail](How-to-ban-something-other-as-host-(IP-address),-like-user-or-mail,-etc.)
diff --git a/How-to-install-or-upgrade-fail2ban-manually.md b/How-to-install-or-upgrade-fail2ban-manually.md
new file mode 100644
index 0000000..08b6d26
--- /dev/null
+++ b/How-to-install-or-upgrade-fail2ban-manually.md
@@ -0,0 +1,51 @@
+*Many distributions already provide fail2ban packages, so better you'd install this built from your maintainers version of fail2ban, especially if you are not familiar with linux.*
+
+You don't need install fail2ban for the test attempts or to try some new functionality, so firstly read [How to test newer fail2ban version resp. use fail2ban standalone instance](How-to-test-newer-fail2ban-version-resp.-use-fail2ban-standalone-instance).
+
+Manual install/upgrade is very similar, just you have to do more steps to install it, like copy and enable service units, copy man-files etc pp.
+
+Firstly download fail2ban from [releases](https://github.com/fail2ban/fail2ban/releases) or from [source](https://github.com/fail2ban/fail2ban) (select branch 0.10, 0.11 or master and click "clone or download" button) and unpack it (or clone it with git) into some temporary directory (e. g. `/tmp/f2b`).
+
+In order to install it, you have to execute several of following commands as root (or sudoer), so you can start shell as root (e. g. `sudo -s`) or use `sudo` before corresponding command that expecting administrator permissions.
+
+If you already have fail2ban installed from your distribution:
+- backup your current configuration `/etc/fail2ban` and run-time database `/var/lib/fail2ban/fail2ban.sqlite3`
+- you can also store the dump of your current configuration to be able to compare it later:<br/>
+`fail2ban-client -d > /tmp/f2b-dump-of-prev-version.txt`
+- **stop and uninstall** obsolete version of fail2ban
+
+Then:
+
+- install prerequirements you need (see [README.md](https://github.com/fail2ban/fail2ban/blob/0.11/README.md));
+for example:
+  * for `python2`:<br/>
+    `apt install python-pyinotify python-systemd`
+  * for `python3`:<br/>
+    `apt install python3-pyinotify python3-systemd`
+- enter your (cloned) interim fail2ban directory:<br/>
+`cd /tmp/f2b`
+- if you want to use `python3` execute `./fail2ban-2to3` (and then use `python3` in command below)
+- now install it:<br/>
+`sudo python setup.py install --without-tests`
+- note that the system init/service script is not automatically installed, so you have to copy it and enable the service manually; for example with init.d-script see readme, to install systemd-unit file use:
+```
+sudo cp ./files/fail2ban.service /etc/systemd/system/fail2ban.service
+sudo systemctl enable fail2ban
+```
+
+Now we have to configure fail2ban (also see [Proper fail2ban configuration](Proper-fail2ban-configuration)):
+
+- copy your `.local` files from backup to `/etc/fail2ban` (or create new `jail.local` and set-up jails you need to enable).
+- take a look in your backup copy of `/etc/fail2ban/jail.conf` for includes made for your distribution:
+```ini
+[INCLUDES]
+before = paths-debian.conf
+```
+- copy this file and set the same line in new `jail.conf` or `jail.local` in `/etc/fail2ban`.
+- test it<br/>
+`sudo fail2ban-client --test`
+
+Now you can start fail2ban via service:
+```
+sudo service fail2ban start
+```
\ No newline at end of file
diff --git a/_Sidebar.md b/_Sidebar.md
index 48d94ca..52017b4 100644
--- a/_Sidebar.md
+++ b/_Sidebar.md
@@ -2,6 +2,7 @@
 [How fail2ban works](How-fail2ban-works)
 
 ### HowTo's
+* [Manually install or upgrade](How-to-install-or-upgrade-fail2ban-manually)
 * [Test newer fail2ban version](How-to-test-newer-fail2ban-version-resp.-use-fail2ban-standalone-instance)
 * [Create standalone instance](How-to-test-newer-fail2ban-version-resp.-use-fail2ban-standalone-instance)
 * [Ban something other as host/IP, like user or e-mail](How-to-ban-something-other-as-host-(IP-address),-like-user-or-mail,-etc.)