Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

The bastion cookbook has been deprecated

Author provided reason for deprecation:

The bastion cookbook has been deprecated and is no longer being maintained by its authors. Use of the bastion cookbook is no longer recommended.


bastion (15) Versions 1.1.0

Configures a node to be a bastion host

cookbook 'bastion', '= 1.1.0', :supermarket
cookbook 'bastion', '= 1.1.0'
knife supermarket install bastion
knife supermarket download bastion
Quality 100%

Bastion Cookbook

Cookbook Version
Build Status
Code Climate
Coverage Status

A Chef cookbook for configuring a server to be used as a bastion host for
remote access to and administration of an otherwise walled-off network.


This cookbook is written to hopefully work on, or be expandable to, other
distros, but is currently only tested against Ubuntu Linux.

Some of the dependencies are pinned to older versions in order to maintain
compatibility--for now--with Chef 11.


Override any included attributes as needed and add bastion to your run_list.



Refreshes the APT cache and configures the firewall and remote desktop (below).


Installs certain base dev tools--currently Git and Ruby.


If the firewall enabled attribute is set to true (the default), enables the
system firewall and pokes holes in it for SSH (port 22) from an
attribute-specified set of trusted networks.

If the firewall is not set to enabled, it disables it.


Installs X2go, Google Chrome, and Firefox.


Installs + enables + starts Auditd, using rules based on the base STIG


Adds a configurable MOTD for users of the system.



default['bastion']['firewall']['enabled'] = true

Whether or not the system firewall should be enabled. This can be overridden to
false if, for example, port access is instead being handled solely in your
cloud provider's security configuration.

default['bastion']['firewall']['trusted_networks'] = %w(

The set of CIDR ranges to allow access from in the system firewall.

default['bastion']['motd']  = '...'

The MOTD can be customized as you see fit.


  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Add tests for the new feature; ensure they pass (rake)
  4. Commit your changes (git commit -am 'Add some feature')
  5. Push to the branch (git push origin my-new-feature)
  6. Create a new Pull Request

License & Authors

Copyright 2015-2016, Socrata, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.

Dependent cookbooks

apt ~> 2.0
firewall ~> 1.1.0
x2go-server ~> 0.1
snoopy ~> 1.0
java ~> 1.35
motd ~> 0.6

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Bastion Cookbook CHANGELOG

v1.1.0 (2016-05-06)

  • Add a configurable MOTD

v1.0.0 (2015-10-26)

  • Replace Auditd with Snoopy for logging execve calls
  • Install Oracle Java with the other dev tools

v0.3.0 (2015-10-08)

  • Install a limited set of dev tools--Git and Ruby

v0.2.0 (2015-09-25)

  • Install auditd and log all of the things

v0.1.0 (2015-09-16)

  • Initial release; Ubuntu only

v0.0.1 (2015-09-04)

  • Development started

Foodcritic Metric

1.1.0 passed this metric