This page describes how to install fail2ban onto your Raspberry Pi
fail2ban is an easy to install application that checks for brute force login attempts. It detects dictionary attacks and bans the IP address if found.
Fail2ban works by continually scanning your log files and looking for signs of potential attacks. These include attacks such as too many password failures as well as scanning for exploits and much more. Once it finds unusual activity it then automatically updates your firewall to ban that IP address. Installation is straight forward and only requires you to copy the main configuration file to a local file.
During the installation process, fail2ban will generate a file called “jail.conf“.
We don’t normally touch this file but we copy it and name it “jail.local“, fail2ban will automatically detect this file and load in its configuration for it.
First copy the file by running the following command on the terminal on the Raspberry Pi.
Now open up the file that we just copied and take a look at the default configuration that fail2ban loads in with.
Open up the file using the nano editor by running the following command on your Raspberry Pi.
Locate the section called [apache-badbots], you can use CTRL +W to find it.
It should not be necessary to make changes to this file but you may want to change values such as bantime or maxretry.
Once you’re done editing the jail.local file, save the file by pressing CTRL + X then Y and finally ENTER.
Lastly, remember to restart fail2ban on the Raspberry Pi whenever you make a change.
You can check if fail2ban has been set up and is running as a service by entering the following in the terminal:
The symbol [+] indicates if the service is running and [-] indicates if it is not running.
fail2ban should automatically start when you restart the Raspberry Pi.