Mercurial > prosody-modules
comparison mod_log_auth/README.wiki @ 1782:29f3d6b7ad16
Import wiki pages
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 24 Aug 2015 16:43:56 +0200 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 1781:12ac88940fe3 | 1782:29f3d6b7ad16 |
|---|---|
| 1 #summary Log failed authentication attempts with their IP address | |
| 2 #labels Stage-Stable | |
| 3 | |
| 4 = Introduction = | |
| 5 | |
| 6 Prosody doesn't write IP addresses to its log file by default for privacy reasons (unless debug logging is enabled). | |
| 7 | |
| 8 This module enables logging of the IP address in a failed authentication attempt so that those trying to break into accounts for example can be blocked. | |
| 9 | |
| 10 = fail2ban configuration = | |
| 11 | |
| 12 fail2ban is a utility for monitoring log files and automatically blocking "bad" IP addresses at the firewall level. | |
| 13 | |
| 14 With this module enabled in Prosody you can use the following example configuration for fail2ban: | |
| 15 | |
| 16 {{{ | |
| 17 # /etc/fail2ban/filter.d/prosody-auth.conf | |
| 18 # Fail2Ban configuration file for prosody authentication | |
| 19 [Definition] | |
| 20 failregex = Failed authentication attempt \(not-authorized\) from IP: <HOST> | |
| 21 ignoreregex = | |
| 22 }}} | |
| 23 | |
| 24 And at the appropriate place (usually the bottom) of /etc/fail2ban/jail.conf add these lines: | |
| 25 | |
| 26 {{{ | |
| 27 [prosody] | |
| 28 enabled = true | |
| 29 port = 5222 | |
| 30 filter = prosody-auth | |
| 31 logpath = /var/log/prosody/prosody*.log | |
| 32 maxretry = 6 | |
| 33 }}} | |
| 34 | |
| 35 == Compatibility == | |
| 36 || trunk || Works || | |
| 37 || 0.9 || Works || | |
| 38 || 0.8 || Doesn't work || |