How to install fail2ban on a Raspberry Pi

Fail2ban scans log files and bans IPs that show malicious signs, such as too many password failures, seeking for exploits, etc. More information can be found at http://www.fail2ban.org/wiki/index.php/Main_Page

Install and configure fail2ban

  • Install the fail2ban package:


    sudo apt-get update ; sudo apt-get install fail2ban

  • Open the configuration file for editing:


    sudo vi /etc/fail2ban/jail.local

    …and paste the content below (assuming you private IP addresses are in the range 192.168.0.*):

    # SSH
    # 3 failed retry: Ban for 15 minutes
    [ssh]
    enabled = true
    port = ssh
    filter = sshd
    action = iptables[name=SSH, port=ssh, protocol=tcp]
    mail-whois-lines[name=%(__name__)s, dest=%(destemail)s, logpath=%(logpath)s]
    logpath = /var/log/auth.log
    maxretry = 3
    bantime = 900
    ignoreip = 192.168.0.0/16

    [ssh-ddos]
    enabled = true
    port = ssh
    filter = sshd-ddos
    action = iptables[name=SSH, port=ssh, protocol=tcp]
    logpath = /var/log/auth.log
    maxretry = 10
    ignoreip = 192.168.0.0/16

  • Restart the fail2ban service:

    sudo /etc/init.d/fail2ban restart

  • Check the log file to ensure it is working:

    sudo tail -f /var/log/fail2ban.log

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s