Home
Non-daily weblog
Exchange | Board
Files for download
Workshop tutorials
W3 Directory resourcesSetup & config options
Suitable power supply
RasPi & sFTP file transfer
Home network print server
Home network scan server
Mesh : home Lan USB drive
Explore hard & software
UFW firewall explained
Secured by fail2ban server
Software packaging & PPA
Apache 2.4+ LAMP server
https web server : port 443
Varnish caching proxy
Module : cgi & perl
Module : geoip
Modules : php & mysql
http*s error handling
Server : conditional logging
TL-domain & dynamic DNS
Webalizer log analyser
Defeat referrer spam
robots.txt & xml sitemaps
Server : .htaccess handling
The game & not the islands
Setup & config options
North Atlantic : Macaronésia
Nine Azorean islands
Madeiran archipelago
POI on Madeira island
Streaming media
Contact details
Privacy policy & terms
Host traffic elicitation🚫 No ads & tracking
The prologue
Most of the articles, descriptions and instructions written here are applicable to the most common Debian-based Linux derivatives. Depending on the respective operating system, there may be minor or major discrepancies. 
This website is for educational purposes only. Please do not deploy anything in manufacturing plants.
No warranty or compensation is given for loss of data or hardware.
It should be also mentioned that this modest web server is hosted on a Raspberry Pi type 4B at home.
The Raspberry Pi mini-computer board as multi-purpose server deployed
A competent allrounder for domestic purposes and micro-enterprises
Raspberry Pi is a series of small single-board computers (SBCs) developed in the United Kingdom by the Raspberry Pi Foundation in association with Broadcom. The mini-computer with its armv7l processor has quickly become the favourite of hobbyists. Projects can be started with suitable Linux distributions. Even an aged RasPi e.g. the models 2B and 2B+ can definitely serve to simple tasks quite well.
Raspberry Pi | »fail2ban« installation
If you operate these days a web server on the internet / world wide web, you will already have noticed how the number of attacks has skyrocketed over the last few years. Where you had twenty failed login attempts in the logfile ten years ago, today it's twohundred plus. That's a terrifying twist and should make any administrator or website owner think about how secure his data is.
There are many ways to secure a server on the internet / world wide web against intrusions from the outside, which is probably the most popular, because at the same time simplest method is: »fail2ban«.
The program does nothing else but to monitor failed login attempts and lock the IP at a certain number. Totally simple, very good. »fail2ban« has been around for about ten years and it is compatible with known services such as web server, FTP server and SSH servers compatible. It also brings dozens of pre-made filters with it. Thus, the installation and configuration is relatively simple and easy to implement even for expecting administrators.
Here is more or less the standard configuration only descripted. Suitable to operate for any web server.
Set up and configure »fail2ban«
Here we go from a Raspbian Debian system. The installation should also run on any Linux systems just as easily, since actually each of the larger distributions has the package in the package sources.
The command to install »fail2ban« is :
user@raspberry:~ $ sudo su
root@raspberrypi:# apt install fail2ban
After the installation, »fail2ban« can be found in the directory /etc/fail2ban. The configuration file is named jail.conf. This is also edited by us. But first an explanation of the parameters.
The »jails« are actually self-explanatory:
enabled true / false = active / inactive rule
filter name of the filter from /etc/fail2ban/filter.d
port specification of the port on which to listen
logpath path to the logfile
maxretry how often can you try to access before being locked
findtime time period in seconds that is taken into account
bantime time in seconds how long an IP is blocked. A negative value (-1) applies permanently
To create your own »jails«, we make a copy of jail.conf and name it jail.local.
Hot note: every .conf file can be overridden with a file named .local. The .conf file is read first, then .local, with later settings overriding earlier ones. Modifications should take place in the .local and not in the .conf. This avoids merging problem when updating or upgrading the program.
root@raspberrypi:# cd /etc/fail2ban
root@raspberrypi:# cp jail.conf jail.local
root@raspberrypi:# nano /etc/fail2ban/jail.local
So. Now two examples.
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 4
[apache]
enabled = true
port = http,https
filter = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 3
findtime = 600
This protects our sshd and apache2. The log information is redirected to auth.log errror.log,
but can also be stored in any other file.
To start the rule we have to start our »fail2ban« service or reload it for new rules.
root@raspberrypi:# service fail2ban start
root@raspberrypi:# service fail2ban reload
How to terminate the »fail2ban« service?
root@raspberrypi:# service fail2ban stop
The output and whether your service also does its work you get displayed with the following command.
root@raspberrypi:# tail -100f /var/log/fail2ban.log
Quit Crtl C
That should have been it. Of course, the program offers much more complex configuration options,
but I will not go into that here.
https://www.fail2ban.org/wiki/index.php/Main_Page
24-Aug 2018
Updated 28-May 2021