1. Update your Raspberry Pi:
sudo apt-get update
2. Install Fail2ban:
sudo apt-get install fail2ban
3. Configure Fail2ban:
sudo nano /etc/fail2ban/jail.conf
4. Start Fail2ban:
sudo service fail2ban start
When you use a Raspberry Pi in a company or have open ports on it, it’s a good idea to think a little about security.
You may not be worried about a Raspberry Pi compromised, but it can become a door to access your entire network.
Fail2ban is a software that detect malicious access attempts to a computer, and block them.
Fail2ban can be installed with apt, as for any Raspberry Pi OS package. Then, the configuration files are under /etc/fail2ban. Editing them will allow defining rules for each service hosted on the Raspberry Pi.
I will show you exactly how to do this in this post, from the theory about Fail2ban to the configuration of the main services you can monitor.
If you’re looking to quickly progress on Raspberry Pi, you can check out my e-book here. It’s a 30-day challenge where you learn one new thing every day until you become a Raspberry Pi expert. The first third of the book teaches you the basics, but the following chapters include projects you can try on your own.
An introduction to Fail2ban
Fail2ban is mainly an intrusion prevention tool, but not only.
It works on the services log file, and use pattern to detect malicious activities.
For example, you can check the SSH log file to list bad login and password attempts, and then block the IP address in your firewall.
Everything is done automatically, with a list of things to monitor, and actions to take depending on how many log lines there are in the file.
But you can detect intrusion on any service, like Apache, Postfix or Asterisk.
If there is a log file where you can spot attacks attempts, you can manage it with Fail2ban.
At my work, I install it each time I prepare a new Linux server, as even with the default configuration Fail2ban can do a decent job.
But it becomes a compelling tool when you exactly know what to configure on it ?
I will introduce this to you in this post, but don’t forget there is no limit.
Install Fail2Ban on Raspberry Pi OS
Let’s start with the Fail2ban installation on Raspberry Pi.
As I said in the introduction, it’s easy, but I will take the time in this part to also show you the configuration path and the commands you need to know.
Install RPI OS on Raspberry Pi
As often, the first step to test Fail2ban on your Raspberry Pi is to install Raspberry Pi OS on it.
I’m using Raspberry Pi OS Buster Lite, and you can install it by following this tutorial if needed.
But I don’t think the Raspberry Pi OS version will change anything about this post.
You can also use another distribution if you prefer, as it’s available in most Linux systems.
After the first start (or if you already have Raspberry Pi OS installed), make sure to do these steps before going further:
- Change the default password: you can’t worry about security and leave the default password ?
passwd
- Update your system: same reason, make sure to be up-to-date:
sudo apt update && sudo apt upgrade
- Enable SSH : you can create the /boot/ssh file or just start the service:
sudo service ssh start
Ok, you can now move to the Fail2ban installation.
Are you a bit lost in the Linux command line? Check this article first for the most important commands to remember, and a free downloadable cheat sheet so you can have the commands at your fingertips.
Install the Fail2ban package
Fail2ban is available in the apt repository.
To install it, use this command:sudo apt install fail2ban
That’s all ?
Fail2ban will start automatically with the default configuration.
Check the configuration
To complete this part, the configuration files location is :
/etc/failban
You’ll find here all the default configuration files :
We’ll go into details later, but for now here is what you need to know:
- fail2ban.conf: It’s the main configuration file with default options for the fail2ban service. You’ll probably never change this.
- jail.conf: In this file, you’ll find the things you want to monitor (fail2ban call this “jails”). Basically, you define here the main configuration for a future test, like the service port and log file.
- jail.d folder: You’ll create here a new file for each log file to monitor, with specific options like IP whitelist and ban duration.
- filter.d folder: Finally, in this folder, you create or edit a filter for each service to monitor. A filter is the definition of what you are looking for in the service log file.
It’s hard to give you an overview without giving more details, but it’s an important step before the configuration part where we’ll look at this in detail ?
Use these commands to manage Fail2ban
To finish this, here are a few commands to know about Fail2ban:
- sudo service fail2ban start | stop | restart | status | reload : Manage the Fail2ban service.
- sudo fail2ban-server start | stop | restart | status | reload : Same thing, but the status command gives you additional information like the current jails enabled.
- sudo fail2ban-client <COMMAND> : I can’t give you all the commands available here, but you can use it to get or set the configuration in command line (commands list here).
That’s all for the basic information.
Fail2ban is easy to install, but there are many things you can do with it that I can’t give you in a short post like this.
Edit the Fail2ban configuration files
Now that you know files to check and commands to use, I’ll give teach you how to do this.
I’ll show you a basic sample, and give you ideas about other things you can secure with Fail2ban.
SSH configuration with Fail2ban
The first thing I always use on my servers is the SSH protection.
If your Raspberry Pi is open to the internet or even on a large network, basics security tips about SSH are not always enough to prevent attacks.
Fail2ban can help you to detect excessive login attempts and block corresponding IP addresses.
By default, it’s enabled as soon as you install Fail2ban.
But it’s a good exercise to check what they have done in the configuration.
- In jail.conf
- There are defaults values for bantime, findtime and maxretry.
You can find an explanation of each one in the screenshot below.
You can change it at the beginning of the file to apply them to all jails, or specify them for each jail if needed. - The name of the SSH configuration is “sshd”.
It fits in 3 lines :
For a basic configuration with all parameters, you just need to specify port to check, logpath and backend.
- There are defaults values for bantime, findtime and maxretry.
- For a new custom jail, you can set logpath and backend variable to the path-common.conf file, or simply use the entire path here.
- To enable it, create a new file in jail.d, or add it to the defaults one (/etc/fail2ban/jail.d/defaults-debian.conf)
After the installation, you just have the sshd jail here : - I will not include it here because it’s too long, but the regular expressions to look for is available in the filter.d/sshd.conf file.
So for a custom check, you have to use a file from filter.d/ or add a new one.
That’s everything you need to know about a basic configuration.
Other services you can configure on Fail2ban
Once you understand how Fail2ban works, you can try to enable or implement it for other services.
I recommend to check directly in the jail and filter folder, as there are already many existing files you can use easily :
Except if you have a very specific service you want to add, you’ll most of the time find what you need here (NginX, Asterisk, FTP server, …)
You can also check the web for specific ideas other people may have already done and shared.
For example, you can find HOWTO guides on the Fail2ban wiki for many additional services .
You can also find more help about Fail2ban on this wiki.
Want to chat with other Raspberry Pi enthusiasts? Join the community, share your current projects and ask for help directly in the forums.
Conclusion
That’s the end of my introduction about Fail2ban.
As many services on Linux and Raspberry Pi, you’ll need to try it to know exactly how it works, and add your first services to gain experience.
If security is an important topic for you (on Raspberry Pi or Linux), I also recommend checking my 17 security tips to secure Linux systems
Additional Resources
Not sure where to start?
Understand everything about the Raspberry Pi, stop searching for help all the time, and finally enjoy completing your projects.
Watch the Raspberry Pi Bootcamp course now.
Master your Raspberry Pi in 30 days
Don’t want the basic stuff only? If you are looking for the best tips to become an expert on Raspberry Pi, this book is for you. Learn useful Linux skills and practice multiple projects with step-by-step guides.
Download the e-book.
VIP Community
If you just want to hang out with me and other Raspberry Pi fans, you can also join the community. I share exclusive tutorials and behind-the-scenes content there. Premium members can also visit the website without ads.
More details here.
Need help building something with Python?
Create, understand, and improve any Python script for your Raspberry Pi.
Learn the essentials step-by-step without losing time understanding useless concepts.
Get the e-book now.
You can also find all my recommendations for tools and hardware on this page.
How to Install Fail2ban on Your Raspberry Pi
Fail2ban is a powerful security tool that can help protect your Raspberry Pi from malicious attacks. It works by monitoring log files and blocking IP addresses that are attempting to access your system in an unauthorized manner. In this tutorial, we will show you how to install and configure Fail2ban on your Raspberry Pi.
Prerequisites
- A Raspberry Pi running Raspbian OS
- A secure SSH connection to your Raspberry Pi
Step 1: Install Fail2ban
The first step is to install Fail2ban on your Raspberry Pi. To do this, open a terminal window and run the following command:
sudo apt-get install fail2ban
Once the installation is complete, you can check the version of Fail2ban installed on your system by running the following command:
fail2ban-client --version
Step 2: Configure Fail2ban
The next step is to configure Fail2ban. To do this, open the configuration file with your favorite text editor:
sudo nano /etc/fail2ban/jail.conf
In this file, you can configure various settings such as the ban time, the log file to monitor, and the ports to monitor. Once you have made your changes, save the file and exit the text editor.
Step 3: Start Fail2ban
Once you have configured Fail2ban, you can start the service by running the following command:
sudo service fail2ban start
You can also check the status of the service by running the following command:
sudo service fail2ban status
Conclusion
In this tutorial, we have shown you how to install and configure Fail2ban on your Raspberry Pi. With Fail2ban, you can protect your Raspberry Pi from malicious attacks and keep your system secure.