How to: Secure Raspberry Pi with Fail2Ban

Secure your Raspberry Pi with this very easy tool: Fail2Ban.
If you, like me, like to use the Raspberry Pi for i.e. WordPress and let other people access it from the World Wide Web, it’s a good idea to make the Raspberry Pi more secure.

Step 1: Update your System

sudo apt-get update
sudo apt-get upgrade
sudo rpi-update

Step 2: Install Fail2Ban

sudo apt-get install fail2ban

Step 3: Configure Fail2Ban

sudo nano /etc/fail2ban/jail.conf

You can setup fail2ban with any service that uses logfile like Apache, FTP etc. As you can see in the image below, the default setting from /etc/fail2ban/jail.conf is max 3 retries and you get banned for 600 seconds.

Step 4: Change Fail2Ban Settings

sudo nano /etc/fail2ban/jail.local

Lets say, for example you want to permanently ban the IP address after 5 unsuccesfull attempts on all ports, you can then input the following code in the /etc/fail2ban/jail.local file. Save and exit.

[ssh]
banaction = iptables-allports
bantime = -1
maxretry = 5

Step 5: Restart the Fail2Ban Service

sudo service fail2ban restart

Step 6: Inspect Banned IP Addressess

If you have some traffic to your Raspberry Pi server you can after a couple of days input the following command in the SSH terminal, to see the banned IP in your iptables:

sudo iptables -L -n --line 

Leave a Comment

Your email address will not be published. Required fields are marked *