New Supermarket Announcements!

The Chef Community Cookbooks Survey

We would love to know more about what you think about community cookbooks and are runnning a quick survey. This will help us understand the role they play in your use of Chef. As a community member, you are invited to participate. You have a unique understanding of the role community cookbooks have in your work, and we value your opinion. Most people take about 5 minutes to complete this survey. There are no right or wrong answers; we are interested in your opinions.
Chef Community Cookbooks Survey

Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the supermarket mailing list or in Gitter.

Select Supported Platforms


fail2ban (14) Versions 2.2.1

Installs and configures fail2ban

cookbook 'fail2ban', '~> 2.2.1'
cookbook 'fail2ban', '~> 2.2.1'
knife cookbook site install fail2ban
knife cookbook site download fail2ban


Installs and configures fail2ban, a utility that watches logs for failed login attempts and blocks repeat offenders with firewall rules. On Redhat systems this cookbook will enable the EPEL repository in order to retrieve the fail2ban package.


Chef version 0.10.10+ and Ohai 0.6.12+ are required.


  • Debian, Ubuntu
  • Red Hat Enterprise Linux (CentOS/Amazon/Scientific/Oracle)
  • Fedora


  • yum



Installs the fail2ban package, manages 2 templates: /etc/fail2ban/fail2ban.conf and /etc/fail2ban/jail.conf, and manages the fail2ban service.


Typically, include recipe[fail2ban] in a base role applied to all nodes.


This cookbook makes use of a hash to compile the jail.local-file and filter config files:

default['fail2ban']['services'] = {
  'ssh' => {
        "enabled" => "true",
        "port" => "ssh",
        "filter" => "sshd",
        "logpath" => node['fail2ban']['auth_log'],
        "maxretry" => "6"
  'smtp' => {
        "enabled" => "true",
        "port" => "smtp",
        "filter" => "smtp",
        "logpath" => node['fail2ban']['auth_log'],
        "maxretry" => "6"

The following attributes can be used per service:

  • enabled
  • port
  • filter
  • logpath
  • maxretry
  • protocol
  • banaction

Creating custom fail2ban filters:

default['fail2ban']['filters'] = {
  'nginx-proxy' => {
        "failregex" => ["^<HOST> -.*GET http.*"],
        "ignoreregex" => []

Particular those related to rsyslog

If you are using rsyslog parameter "$RepeatedMsgReduction on" in rsyslog.conf file then you can get "Last message repeated N times" in system log file (for example auth.log). And it will affect the work of fail2ban, so that fail2ban will not work because the internal counter maxretry will not extend their Then you can change parameter "$RepeatedMsgReduction off" in rsyslog.conf file for maximum accuracy of maximum failed login attempts

This rsyslog parameter is default ON for ubuntu 12.04 LTS for example.

License and Author

Author:: Joshua Timberman

Copyright:: 2009-2013, Opscode, Inc

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

v2.2.1 (2014-10-15)

  • [#24] Add default value for pidfile


  • #15 - Fix small typo in for smtp
  • #16 - Support custom fail2ban filters
  • #21 - Service and defaults improvements, Fedora support



  • COOK-3899 - Allow action override in service block


Updating for cookbook yum ~> 3.0 Fixing style or rubocop Updating test bits


fixing metadata version error. locking to 3.0


Locking yum dependency to '< 3'


[COOK-2530] Allow customisation of jail.local


New Feature

  • COOK-3383 - Add clarifying caveat about rsyslog in README


  • COOK-3249 - Fix default jail.conf on CentOS


  • COOK-2748 - Handle /etc.init.d/fail2ban status for older versions



  • [COOK-2588]: Fail2ban needs to store the socket in the correct location
  • [COOK-2592]: fail2ban: Update jail file template to match current config file


  • [COOK-2292] - Add fail2ban support for RHEL using EPEL
  • [COOK-2426] - Fail2ban cookbook needs syslog tunables in config file
  • Development repository only: test kitchen 1.0.alpha support


  • [COOK-2291] - Add additional tunables to the fail2ban cookbook


  • [COOK-2217] - Users should be able to configure the email address fail2ban uses to send messages


  • Current public release.

2.2.1 passed Foodcritic.