How to install fail2ban on a Raspberry Pi

Fail2ban scans log files and bans IPs that show malicious signs, such as too many password failures, seeking for exploits, etc. More information can be found at

Install and configure fail2ban

  • Install the fail2ban package:

    sudo apt-get update ; sudo apt-get install fail2ban

  • Open the configuration file for editing:

    sudo vi /etc/fail2ban/jail.local

    …and paste the content below (assuming you private IP addresses are in the range 192.168.0.*):

    # SSH
    # 3 failed retry: Ban for 15 minutes
    enabled = true
    port = ssh
    filter = sshd
    action = iptables[name=SSH, port=ssh, protocol=tcp]
    mail-whois-lines[name=%(__name__)s, dest=%(destemail)s, logpath=%(logpath)s]
    logpath = /var/log/auth.log
    maxretry = 3
    bantime = 900
    ignoreip =

    enabled = true
    port = ssh
    filter = sshd-ddos
    action = iptables[name=SSH, port=ssh, protocol=tcp]
    logpath = /var/log/auth.log
    maxretry = 10
    ignoreip =

  • Restart the fail2ban service:

    sudo /etc/init.d/fail2ban restart

  • Check the log file to ensure it is working:

    sudo tail -f /var/log/fail2ban.log


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s