After posting my 10 step guide to your own blog I was reminded about hardening your pi setup, so it felt as though this was a natural step from here. I’ll be starting with fail2ban and working through some other changes to try to minimise the risk of somebody breaching your pi.

#fail2ban

fail2ban automatically bans suspicious IP address with. This is a relatively simple process that should be a quick win.

SSH onto your pi

ssh pi@<your-pi-ip-address>

Check for updates:

sudo apt-get update
sudo apt-get install fail2ban

The default configuration monitors SSH and bans any suspicious IP addresses after 6 unsuccessful attempts. It bans them for 600 seconds. After doing some more reading on fail2ban, it seems that it would be best to ban the suspicious IPs, after 6 unsuccessful attempts, on all ports (not just SSH).

sudo vi /etc/fail2ban/jail.local

Add the following lines to the file:

[ssh]
banaction = iptables-allports

Save the changes and the run:

sudo service fail2ban restart