Mercurial > prosody-modules
annotate mod_log_auth/mod_log_auth.lua @ 4877:adc6241e5d16
mod_measure_process: Report the enforced limit
The soft limit is what the kernel actually enforces, while the hard
limit is is how far you can change the soft limit without privileges.
Unless the process dynamically adjusts the soft limit, knowing the hard
limit is not as useful as knowing the soft limit.
Reporting the soft limit and the number of in-use FDs allows placing
alerts on expressions like 'process_open_fds / process_max_fds >= 0.95'
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 18 Jan 2022 18:55:20 +0100 |
| parents | 6d1ec8099315 |
| children |
| rev | line source |
|---|---|
|
1427
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
1 local mode = module:get_option_string("log_auth_ips", "failure"); |
|
2695
8b21f13b08c5
mod_log_auth: Split some long lines
Kim Alvefur <zash@zash.se>
parents:
2084
diff
changeset
|
2 assert(({ all = true, failure = true, success = true })[mode], |
|
8b21f13b08c5
mod_log_auth: Split some long lines
Kim Alvefur <zash@zash.se>
parents:
2084
diff
changeset
|
3 "Unknown log mode: "..tostring(mode).." - valid modes are 'all', 'failure', 'success'"); |
|
407
41feaf7fd8ac
mod_auth_log: New module (currently) to log failed auth attempts and their IP address, requires trunk
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
|
1427
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
5 if mode == "failure" or mode == "all" then |
|
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
6 module:hook("authentication-failure", function (event) |
|
2695
8b21f13b08c5
mod_log_auth: Split some long lines
Kim Alvefur <zash@zash.se>
parents:
2084
diff
changeset
|
7 local session = event.session; |
|
2698
88205b77e385
mod_log_auth: Handle missing sasl handler
Kim Alvefur <zash@zash.se>
parents:
2696
diff
changeset
|
8 local username = session.username or session.sasl_handler and session.sasl_handler.username or "?"; |
|
3941
6d1ec8099315
mod_log_auth: log hostname, too
tmolitor <thilo@eightysoft.de>
parents:
2699
diff
changeset
|
9 session.log("info", "Failed authentication attempt (%s) for user %s@%s from IP: %s", |
|
6d1ec8099315
mod_log_auth: log hostname, too
tmolitor <thilo@eightysoft.de>
parents:
2699
diff
changeset
|
10 event.condition or "unknown-condition", username, module.host, session.ip or "?"); |
|
1427
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
11 end); |
|
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
12 end |
|
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
13 |
|
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
14 if mode == "success" or mode == "all" then |
|
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
15 module:hook("authentication-success", function (event) |
|
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
16 local session = event.session; |
|
3941
6d1ec8099315
mod_log_auth: log hostname, too
tmolitor <thilo@eightysoft.de>
parents:
2699
diff
changeset
|
17 session.log("info", "Successful authentication as %s@%s from IP: %s", session.username, module.host, session.ip or "?"); |
|
1427
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
18 end); |
|
322a076f53e8
mod_log_auth: Add ability to log IPs of successful authentications too
Matthew Wild <mwild1@gmail.com>
parents:
1097
diff
changeset
|
19 end |