GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sous-chefs → Fail2ban

sous-chefs / Fail2ban

Licence: apache-2.0
Development repository for the fail2ban cookbook

Programming Languages

ruby
36898 projects - #4 most used programming language

Labels

chefchef-cookbookchef-resource

Projects that are alternatives of or similar to Fail2ban

Ruby rbenv
Development repository for the ruby_rbenv cookbook
Stars: ✭ 339 (+455.74%)
Mutual labels:  chef, chef-cookbook, chef-resource
maven
Development repository for the maven cookbook
Stars: ✭ 35 (-42.62%)
Mutual labels:  chef-cookbook, chef, chef-resource
elixir
Development repository for the elixir cookbook
Stars: ✭ 16 (-73.77%)
Mutual labels:  chef-cookbook, chef, chef-resource
Redisio
Development repository for the redisio cookbook
Stars: ✭ 296 (+385.25%)
Mutual labels:  chef, chef-cookbook, chef-resource
Nginx
Development repository for the nginx cookbook
Stars: ✭ 528 (+765.57%)
Mutual labels:  chef, chef-cookbook, chef-resource
Postgresql
Development repository for the postgresql cookbook
Stars: ✭ 326 (+434.43%)
Mutual labels:  chef, chef-cookbook, chef-resource
Jenkins
Development repository for the jenkins cookbook
Stars: ✭ 416 (+581.97%)
Mutual labels:  chef, chef-cookbook, chef-resource
keepalived
Development repository for the keepalived cookbook
Stars: ✭ 29 (-52.46%)
Mutual labels:  chef-cookbook, chef, chef-resource
Rvm
Development repository for the rvm cookbook
Stars: ✭ 525 (+760.66%)
Mutual labels:  chef, chef-cookbook, chef-resource
certificate
Development repository for the certificate cookbook
Stars: ✭ 71 (+16.39%)
Mutual labels:  chef-cookbook, chef, chef-resource
Apache2
Development repository for the apache2 cookbook
Stars: ✭ 262 (+329.51%)
Mutual labels:  chef, chef-cookbook, chef-resource
Java
Development repository for the java cookbook
Stars: ✭ 365 (+498.36%)
Mutual labels:  chef, chef-cookbook, chef-resource
vagrant
Development repository for the vagrant cookbook
Stars: ✭ 54 (-11.48%)
Mutual labels:  chef-cookbook, chef, chef-resource
Mysql
Sous Chefs MySQL Cookbook
Stars: ✭ 325 (+432.79%)
Mutual labels:  chef, chef-cookbook, chef-resource
reprepro
Development repository for the reprepro cookbook
Stars: ✭ 11 (-81.97%)
Mutual labels:  chef-cookbook, chef, chef-resource
Php
Development repository for the php cookbook
Stars: ✭ 347 (+468.85%)
Mutual labels:  chef, chef-cookbook, chef-resource
smartmontools
Development repository for the smartmontools cookbook
Stars: ✭ 12 (-80.33%)
Mutual labels:  chef-cookbook, chef, chef-resource
sql server
Development repository for the sql_server cookbook
Stars: ✭ 60 (-1.64%)
Mutual labels:  chef-cookbook, chef, chef-resource
postfix
Development repository for the postfix cookbook
Stars: ✭ 102 (+67.21%)
Mutual labels:  chef-cookbook, chef, chef-resource
passenger apache2
Development repository for the passenger_apache2 cookbook
Stars: ✭ 37 (-39.34%)
Mutual labels:  chef-cookbook, chef, chef-resource
View All Similar Projects ➔

fail2ban Cookbook

Cookbook Version CI State OpenCollective OpenCollective License

Installs and configures fail2ban, a utility that watches logs for failed login attempts and blocks repeat offenders with firewall rules. On Redhat systems this cookbook will enable the EPEL repository in order to retrieve the fail2ban package.

Requirements

Platforms

  • Debian/Ubuntu
  • RHEL/CentOS/Scientific/Amazon/Oracle
  • Fedora
  • OpenSUSE

Chef

  • Chef 13.0+

Cookbooks

  • yum-epel

Recipes

default

Installs the fail2ban package, manages 2 templates: /etc/fail2ban/fail2ban.conf and /etc/fail2ban/jail.conf, and manages the fail2ban service.

Attributes

This cookbook has a set of configuration options for fail2ban

  • default['fail2ban']['loglevel'] = 'INFO'
  • default['fail2ban']['logtarget'] = '/var/log/fail2ban.log'
  • default['fail2ban']['syslogsocket'] = 'auto'
  • default['fail2ban']['socket'] = '/var/run/fail2ban/fail2ban.sock'
  • default['fail2ban']['pidfile'] = '/var/run/fail2ban/fail2ban.pid'
  • default['fail2ban']['dbfile'] = '/var/lib/fail2ban/fail2ban.sqlite3'
  • default['fail2ban']['dbpurgeage'] = 86_400

The CRITICAL and NOTICE log levels are only available on fail2ban >= 0.9.x. If they are used on a system with an older version of fail2ban, they will be mapped to ERROR and INFO respectively.

The syslogsocket, dbfile, and dbpurgeage options are only applicable to fail2ban >= 0.9.x

This cookbook has a set of configuration options for jail.conf

  • default['fail2ban']['ignoreip'] = '127.0.0.1/8'
  • default['fail2ban']['findtime'] = 600
  • default['fail2ban']['bantime'] = 300
  • default['fail2ban']['maxretry'] = 5
  • default['fail2ban']['backend'] = 'polling'
  • default['fail2ban']['email'] = '[email protected]'
  • default['fail2ban']['sendername'] = 'Fail2Ban'
  • default['fail2ban']['action'] = 'action_'
  • default['fail2ban']['banaction'] = 'iptables-multiport'
  • default['fail2ban']['mta'] = 'sendmail'
  • default['fail2ban']['protocol'] = 'tcp'
  • default['fail2ban']['chain'] = 'INPUT'

This cookbook makes use of a hash to compile the jail.local-file and filter config files:

default['fail2ban']['services'] = {
  'ssh' => {
        "enabled" => "true",
        "port" => "ssh",
        "filter" => "sshd",
        "logpath" => node['fail2ban']['auth_log'],
        "maxretry" => "6"
     },
  'smtp' => {
        "enabled" => "true",
        "port" => "smtp",
        "filter" => "smtp",
        "logpath" => node['fail2ban']['auth_log'],
        "maxretry" => "6"
     }
}

The following attributes can be used per service:

  • enabled
  • port
  • filter
  • logpath
  • maxretry
  • protocol
  • banaction
  • bantime

Creating custom fail2ban filters:

default['fail2ban']['filters'] = {
  'nginx-proxy' => {
        "failregex" => ["^<HOST> -.*GET http.*"],
        "ignoreregex" => []
     },
}

In the case you would like to get Slack notifications on IP addresses banned/unbanned, this cookbook supports it by setting the following attributes:

# A Slack webhook looks like this:
# https://hooks.slack.com/services/A123BCD4E/FG5HI6KLM/7n8opqrsT9UVWxyZ0AbCdefG
default['fail2ban']['slack_webhook'] = nil
# Then setting the Slack channel name without the hashtag (#)
default['fail2ban']['slack_channel'] = 'general'

Then you will get notifications like this:

[hostname] Banned 🇳🇬 217.117.13.12 in the jail sshd after 5 attempts

Issues related to rsyslog

If you are using rsyslog parameter "$RepeatedMsgReduction on" in rsyslog.conf file then you can get "Last message repeated N times" in system log file (for example auth.log). Fail2ban will not work because the internal counter maxretry will not expand the repeated messages. Change parameter "$RepeatedMsgReduction off" in rsyslog.conf file for maximum accuracy of failed login attempts.

This rsyslog parameter is default ON for ubuntu 12.04 LTS for example.

License and Author

Author:: Joshua Timberman (<[email protected]>)

Copyright:: 2009-2016, Chef Software, Inc

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].