Secure the Raspberry Pi

Install Fail2Ban

Fail2Ban prevents brute-force attacks against your SSH port, so a script can’t try a zillion username/password combinations – they can only try 3 at a time before being banned.

$ sudo apt-get update
$ sudo apt-get install fail2ban

The initial settings are located at /etc/fail2ban/jail.conf. However do not edit any of these settings in your /etc/fail2ban/jail.conf file. Instead, edit the /etc/fail2ban/jail.local file and add your configurations there.

Create a new file, /etc/fail2ban/jail.local:

$ sudo nano /etc/fail2ban/jail.local

And add the following:

[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
bantime = 900
banaction = iptables-allports
findtime = 900
maxretry = 3

It’s enabled. It’s watching the SSH port. Ban time is 15min. Three tries.

Restart the service:

$ sudo service fail2ban restart

At this point Fail2Ban is configured. Note that all bans will be cleared upon restarting Fail2Ban or rebooting your server. If you ban yourself, you can simply restart your Raspberry Pi.

You can check your IPTables list with the following command to see all your banned IP Addresses:

$ sudo iptables -L -n --line
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s