O'Reilly logo

Chef Infrastructure Automation Cookbook by Matthias Marschall

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Managing fail2ban to ban malicious IP addresses

Brute-force attacks against any of your password-protected services like SSH or break-in attempts against your web server are happening frequently for every public-facing system.

The fail2ban tool monitors your logfiles and acts as soon as it discovers malicious behavior in the way you told it to. One common use case is blocking malicious IP addresses by establishing firewall rules on the fly using iptables.

In this section, we'll have a look at how to set up a basic protection for SSH using fail2ban and iptables.

Getting ready

Make sure you've a cookbook named my_cookbook and run_list of your node includes my_cookbook as described in the Creating and using cookbooks section in Chapter1, Chef Infrastructure ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required