After posting my 10 step guide to your own blog I was reminded about hardening your pi setup, so it felt as though this was a natural step from here. I’ll be starting with fail2ban and working through some other changes to try to minimise the risk of somebody breaching your pi.
fail2ban automatically bans suspicious IP address with. This is a relatively simple process that should be a quick win.
SSH onto your pi
Check for updates:
sudo apt-get update sudo apt-get install fail2ban
The default configuration monitors SSH and bans any suspicious IP addresses after 6 unsuccessful attempts. It bans them for 600 seconds. After doing some more reading on fail2ban, it seems that it would be best to ban the suspicious IPs, after 6 unsuccessful attempts, on all ports (not just SSH).
sudo vi /etc/fail2ban/jail.local
Add the following lines to the file:
[ssh] banaction = iptables-allports
Save the changes and the run:
sudo service fail2ban restart