Fail2Ban Pi

DISCLAIMER

Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. Cyber Security Associates Limited, will not be held responsible for any criminal charges brought against any individuals misusing the information in these projects to break the law. 

Teacher Overview

Raspbian is a Debian-based computer operating system for the Raspberry Pi computer. There are several versions of Raspbian including: Raspbian Stretch and Raspbian Jessie. Raspbian was created by Mike Thompson and Peter Green as an independent project, with an initial build completed in June 2012. Since 2015, Raspbian has been officially provided by the Raspberry Pi Foundation as its primary operating system for the family of Raspberry Pi single-board computers and is highly optimized for the Raspberry Pi line's low-performance ARM CPUs. 

The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. 

IoT devices could be a person with a heart monitor implant, a farm animal with a biochip transponder, an automobile that has built-in sensors to alert the driver when tire pressure is low or any other natural or man-made object that can be assigned an IP address and is able to transfer data over a network. Increasingly, organisations in a variety of industries are using IoT to operate more efficiently, better understand customers to deliver enhanced customer service, improve decision-making and increase the value of the business. 

Fail2Ban is a ‘daemon’ (background process) that scans defined log files and bans IP Addresses that show the malicious signs. It protects your Raspberry Pi from too many password failures or hackers seeking for exploits. Moreover, it is a strong capability to protect your network from cyber attackers especially if you allow outside SSH traffic or any traffics from an outside network to your Raspberry Pi. Fail2Ban supports a loT of services (sshd, apache, qmail, proftpd, sasl, asterisk, etc) and can be integrated with your IPTables. 

Fail2Ban is very easy to install and setup and will drastically improve security on your Raspberry Pi. It is a great tool and a must have tool to protect you from brute-force attacks. Apache is one of the most widely used and popular web servers in the world, so it is important to protect your website and users from Brute-force attacks. Fail2ban is an open-source intrusion prevention software written in Python which continuously analyses various services’ log files (like Apache, ssh, postfix …), and if it detects malicious attacks, then it creates rules on the firewall to block hackers IP addresses for a specified amount of time. Fail2Ban also informs a system admin with an email of its activity. 

In this project you will learn how to install fail2ban and configure it to monitor your Apache logs for malicious authentication failure attempts. 

Suggested Year Group  

The suggested age group is 16+, due to the nature of this project and the skills it is developing.  

 

Learning Outcomes 

  • Learn the basics of IoT; 

  • Understand the concepts of Fail2Ban; 

  • Learn how Fail2Ban can be used.  

 

Hardware Required

Component Number (Box Case) 

Slot 1 

Slot 10 

Slot 2 

Slot 11 

Slot 11 

Slot 12 

Slot 13 

Component 

Raspberry Pi + Case 

Raspbian SD Card 

TFT Screen 

HDMI 

Wireless Keyboard 

Wireless Mouse 

Power Supply Unit 

 

Video Guide

 

Conclusion

This project has been designed to introduce you to Fail2Ban and the applications it has within IoT. You will have run multiple commands and written a small python script that will configure the raspberry pi to be able to run as an IPS. Fail2ban is a good and easy way to stop flooding (Brute-force attacks) and is also a good way to limit the number of bad requests you receive on your Apache web server.