https://github.com/sous-chefs/fail2ban
Development repository for the fail2ban cookbook
Science Score: 36.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
✓Committers with academic emails
1 of 39 committers (2.6%) from academic institutions -
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (6.7%) to scientific vocabulary
Keywords
Repository
Development repository for the fail2ban cookbook
Basic Info
- Host: GitHub
- Owner: sous-chefs
- License: apache-2.0
- Language: Ruby
- Default Branch: main
- Homepage: https://supermarket.chef.io/cookbooks/fail2ban
- Size: 330 KB
Statistics
- Stars: 61
- Watchers: 42
- Forks: 63
- Open Issues: 1
- Releases: 36
Topics
Metadata Files
README.md
fail2ban Cookbook
Installs and configures fail2ban, a utility that watches logs for failed login attempts and blocks repeat offenders with firewall rules. On Redhat systems this cookbook will enable the EPEL repository in order to retrieve the fail2ban package.
Maintainers
This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit sous-chefs.org or come chat with us on the Chef Community Slack in #sous-chefs.
Requirements
Platforms
- Debian/Ubuntu
- RHEL/CentOS/Scientific/Amazon/Oracle
- Fedora
- OpenSUSE
Chef
- Chef 15.3+
Cookbooks
- yum-epel
Recipes
default
Installs the fail2ban package, manages 2 templates: /etc/fail2ban/fail2ban.conf and /etc/fail2ban/jail.conf, and manages the fail2ban service.
Attributes
This cookbook has a set of configuration options for fail2ban
default['fail2ban']['loglevel'] = 'INFO'default['fail2ban']['logtarget'] = '/var/log/fail2ban.log'default['fail2ban']['syslogsocket'] = 'auto'default['fail2ban']['socket'] = '/var/run/fail2ban/fail2ban.sock'default['fail2ban']['pidfile'] = '/var/run/fail2ban/fail2ban.pid'default['fail2ban']['dbfile'] = '/var/lib/fail2ban/fail2ban.sqlite3'default['fail2ban']['dbpurgeage'] = 86_400
This cookbook has a set of configuration options for jail.conf
default['fail2ban']['ignoreip'] = '127.0.0.1/8'default['fail2ban']['findtime'] = 600default['fail2ban']['bantime'] = 300default['fail2ban']['maxretry'] = 5default['fail2ban']['backend'] = 'polling'default['fail2ban']['email'] = 'root@localhost'default['fail2ban']['sendername'] = 'Fail2Ban'default['fail2ban']['action'] = 'action_'default['fail2ban']['banaction'] = 'iptables-multiport'default['fail2ban']['mta'] = 'sendmail'default['fail2ban']['protocol'] = 'tcp'default['fail2ban']['chain'] = 'INPUT'
This cookbook makes use of a hash to compile the jail.local-file and filter config files:
ruby
default['fail2ban']['services'] = {
'ssh' => {
"enabled" => "true",
"port" => "ssh",
"filter" => "sshd",
"logpath" => node['fail2ban']['auth_log'],
"maxretry" => "6"
},
'smtp' => {
"enabled" => "true",
"port" => "smtp",
"filter" => "smtp",
"logpath" => node['fail2ban']['auth_log'],
"maxretry" => "6"
}
}
The following attributes can be used per service:
- backend
- banaction
- bantime
- enabled
- filter
- findtime
- ignorecommand
- logpath
- maxretry
- port
- protocol
Creating custom fail2ban filters:
ruby
default['fail2ban']['filters'] = {
'nginx-proxy' => {
"failregex" => ["^<HOST> -.*GET http.*"],
"ignoreregex" => []
},
}
In the case you would like to get Slack notifications on IP addresses banned/unbanned, this cookbook supports it by setting the following attributes:
```ruby
A Slack webhook looks like this:
https://hooks.slack.com/services/A123BCD4E/FG5HI6KLM/7n8opqrsT9UVWxyZ0AbCdefG
default['fail2ban']['slack_webhook'] = nil
Then setting the Slack channel name without the hashtag (#)
default['fail2ban']['slack_channel'] = 'general' ```
Then you will get notifications like this:
[hostname] Banned 🇳🇬 217.117.13.12 in the jail sshd after 5 attempts
Resources
fail2ban_filter
Manages fail2ban filters in /etc/fail2ban/filters.d/.
Actions
create- Default. Creates a fail2ban filter.delete- Deletes a fail2ban filter.
Properties
filter- Specifies the name of the filter. This is the name property.source- Specifies the template source. By default, this is set tofilter.erb.cookbook- Specifies the template cookbook. By default, this is set tofail2ban.failregex- Specifies one or multiple regular expressions matching the failure.ignoreregex- Specifies one or multiple regular expressions to ignore.
Examples
Configure a file for webmin authentication with multiple regular expressions matching the failure.
ruby
fail2ban_filter 'webmin-auth' do
failregex ["^%(__prefix_line)sNon-existent login as .+ from <HOST>\s*$",
"^%(__prefix_line)sInvalid login as .+ from <HOST>\s*$"]
end
fail2ban_jail
Manages fail2ban jails in /etc/fail2ban/jail.d/.
Actions
create- Default. Creates a fail2ban jail.delete- Deletes a fail2ban jail.
Properties
jail- Specifies the jail name. This is the name property.source- Specifies the template source. By default, this is set tojail.erb.cookbook- Specifies the template cookbook. By default, this is set tofail2ban.filter- Specifies the name of the filter to be used by the jail to detect matches.logpath- Specifies the path to the log file which is provided to the filter.protocol- Specifies the protocol type, e.g. tcp, udp or all.ports- Specifies an array of port(s) to watch.maxretry- Specifies the number of matches which triggers ban action.ignoreips- Specifies an array of IP addresses to ignore.
Examples
Create a new fail2ban jail for SSH that uses existing filter sshd and which bans client after 3 tries.
ruby
fail2ban_jail 'ssh' do
ports %w(ssh)
filter 'sshd'
logpath node['fail2ban']['auth_log']
maxretry 3
end
Issues related to rsyslog
If you are using rsyslog parameter "$RepeatedMsgReduction on" in rsyslog.conf file then you can get "Last message repeated N times" in system log file (for example auth.log). Fail2ban will not work because the internal counter maxretry will not expand the repeated messages. Change parameter "$RepeatedMsgReduction off" in rsyslog.conf file for maximum accuracy of failed login attempts.
This rsyslog parameter is default ON for ubuntu 12.04 LTS for example.
Contributors
This project exists thanks to all the people who contribute.
Backers
Thank you to all our backers!
Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website.
Owner
- Name: Sous Chefs
- Login: sous-chefs
- Kind: organization
- Location: Worldwide
- Website: https://sous-chefs.org
- Twitter: souschefsorg
- Repositories: 180
- Profile: https://github.com/sous-chefs
Community of @chef cookbook maintainers
GitHub Events
Total
- Release event: 3
- Watch event: 3
- Delete event: 3
- Issue comment event: 7
- Push event: 22
- Pull request review comment event: 2
- Pull request review event: 8
- Pull request event: 11
- Fork event: 2
- Create event: 6
Last Year
- Release event: 3
- Watch event: 3
- Delete event: 3
- Issue comment event: 7
- Push event: 22
- Pull request review comment event: 2
- Pull request review event: 8
- Pull request event: 11
- Fork event: 2
- Create event: 6
Committers
Last synced: 8 months ago
Top Committers
| Name | Commits | |
|---|---|---|
| Tim Smith | t****h@c****o | 143 |
| Sous Chefs Bot | 3****r | 104 |
| jtimberman | j****a@o****m | 28 |
| Xorima Bot | x****t@a****k | 20 |
| Sean OMeara | s****a@o****m | 15 |
| Jennifer Davis | i****e@g****m | 15 |
| Dan Webb | d****b@d****o | 10 |
| renovate[bot] | 2****] | 10 |
| Andy Thompson | me@a****m | 9 |
| Mark E. Schill | M****l@c****t | 9 |
| EZ Bardeguez | e****z@t****m | 8 |
| Jason Field | j****n@a****k | 8 |
| Lance Albertson | l****e@o****g | 7 |
| Seth Vargo | s****o@g****m | 4 |
| Rob Chekaluk | r****k@p****g | 4 |
| djessich | d****h@c****t | 3 |
| Peter Walz | p****w@u****u | 3 |
| Federico Castagnini | f****i@g****m | 3 |
| Guillaume Hain | z****x@z****g | 2 |
| Christopher Webber | c****r@g****m | 2 |
| Charles Johnson | c****s@o****m | 2 |
| Michael Bumann | m****l@r****m | 2 |
| vskubriev | v****r@s****u | 1 |
| mbaitelman | m****y@b****m | 1 |
| axelrtgs | j****e@a****m | 1 |
| Joshua Timberman | j****n@c****l | 1 |
| Nathen Harvey | n****y@c****m | 1 |
| Sean OMeara | s****n@c****o | 1 |
| Thomas Meeus | t****s@k****e | 1 |
| Restless-ET | r****6@g****m | 1 |
| and 9 more... | ||
Committer Domains (Top 20 + Academic)
Issues and Pull Requests
Last synced: 6 months ago
All Time
- Total issues: 21
- Total pull requests: 99
- Average time to close issues: almost 2 years
- Average time to close pull requests: about 1 month
- Total issue authors: 18
- Total pull request authors: 39
- Average comments per issue: 2.67
- Average comments per pull request: 1.67
- Merged pull requests: 71
- Bot issues: 1
- Bot pull requests: 16
Past Year
- Issues: 0
- Pull requests: 10
- Average time to close issues: N/A
- Average time to close pull requests: about 1 month
- Issue authors: 0
- Pull request authors: 5
- Average comments per issue: 0
- Average comments per pull request: 0.7
- Merged pull requests: 7
- Bot issues: 0
- Bot pull requests: 2
Top Authors
Issue Authors
- djessich (2)
- tas50 (2)
- mduggan (2)
- jimwise (1)
- ouafnico (1)
- leonsp (1)
- rgooler (1)
- renovate[bot] (1)
- nrasakatla (1)
- resmonit (1)
- aried3r (1)
- ramereth (1)
- idistech (1)
- wndhydrnt (1)
- damacus (1)
Pull Request Authors
- kitchen-porter (19)
- renovate[bot] (15)
- xorimabot (10)
- tas50 (6)
- xorima (4)
- damacus (4)
- ramereth (3)
- rchekaluk (3)
- Restless-ET (3)
- bkonick (2)
- igolman (2)
- ketank-new (2)
- charlesjohnson (2)
- pwalz (2)
- axelrtgs (1)
Top Labels
Issue Labels
Pull Request Labels
Dependencies
- actions/checkout v2 composite
- actionshub/chef-install main composite
- actionshub/test-kitchen main composite
- actions/checkout v3 composite
- gaurav-nelson/github-action-markdown-link-check v1 composite
- actions/stale v3 composite