Howto install Fail2ban from Stretch repository on Debian Jessie

  • - IMSCP: 1.4.3
    - Distribution: Debian 8.6
    - Proftpd
    - MariaDB 10.0
    - Courier
    - Roundcube
    - Pydio
    - Plugins:
    PanelRedirect 1.1.5, PMA Captcha 1.1.1, RoundCubePlugins 2.0.1, SpamAssassin 1.1.1 , LetsEncrypt 3.2.1

    I would like to use a newer Version of Fail2ban due to improvements and Fake Googlebots filter ...
    Is it safe to use these packages w/ IMSCP - especially gamin >= 0.0.21 and systemd >= 204?



  • @fulltilt

    Regarding systemd: No problem. Systemd version on Debian Jessie is 215.
    Regarding gamin: No problem. gamin version on Debian Jessie is 0.1.10

    About Installing Fail2ban package from Sid

    No need to use Sid repository, Fail2ban version in Stretch (testing) repository is 0.9.6 ;)

    How to process

    1. You need to add required APT pinning to prevent full dist-upgrade to Debian Stretch:


    1. # Prevent full dist-upgrade to Stretch (testing)Package: *Pin: release a=testing,n=stretchPin-Priority: -10# Prefer Fail2ban package from Stretch (testing)Package: fail2banPin: release a=testing,n=stretchPin-Priority: 600

    2. You need to add Stretch repository in your /etc/apt/sources.list:

    1. deb stretch main non-free contribdeb-src stretch main non-free contrib

    3. You must ensure that all is correct:

    • Update your APT index: apt-get update
    • Check APT pinning: apt-cache policy. So here, any Stretch (testing) repository MUST have priority -10.
    • Check that selected fail2ban package is the one from Stretch: apt-cache policy fail2ban. Here, the fail2ban version from Stretch should be the selected one (candidate):
    1. root@devuan:~# LANG=C apt-cache policy fail2ban
    2. fail2ban:
    3. Installed: (none)
    4. Candidate: 0.9.6-2
    5. Package pin: 0.9.6-2
    6. Version table:
    7. 0.9.6-2 600
    8. -10 stretch/main amd64 Packages
    9. 0.8.13-1 600
    10. 500 jessie/main amd64 Packages

    Once done, you can do: apt-get install fail2ban or apt-get upgrade if fail2ban was already installed on your system.

    Note that here, I made the test using Devuan Jessie but that is the same for Debian Jessie ;)