Mercurial > prosody-modules
comparison mod_log_auth/README.markdown @ 1803:4d73a1a6ba68
Convert all wiki pages to Markdown
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 28 Aug 2015 18:03:58 +0200 |
| parents | mod_log_auth/README.wiki@29f3d6b7ad16 |
| children | a47520a2c59d |
comparison
equal
deleted
inserted
replaced
| 1802:0ab737feada6 | 1803:4d73a1a6ba68 |
|---|---|
| 1 --- | |
| 2 labels: | |
| 3 - 'Stage-Stable' | |
| 4 summary: Log failed authentication attempts with their IP address | |
| 5 ... | |
| 6 | |
| 7 Introduction | |
| 8 ============ | |
| 9 | |
| 10 Prosody doesn't write IP addresses to its log file by default for | |
| 11 privacy reasons (unless debug logging is enabled). | |
| 12 | |
| 13 This module enables logging of the IP address in a failed authentication | |
| 14 attempt so that those trying to break into accounts for example can be | |
| 15 blocked. | |
| 16 | |
| 17 fail2ban configuration | |
| 18 ====================== | |
| 19 | |
| 20 fail2ban is a utility for monitoring log files and automatically | |
| 21 blocking "bad" IP addresses at the firewall level. | |
| 22 | |
| 23 With this module enabled in Prosody you can use the following example | |
| 24 configuration for fail2ban: | |
| 25 | |
| 26 # /etc/fail2ban/filter.d/prosody-auth.conf | |
| 27 # Fail2Ban configuration file for prosody authentication | |
| 28 [Definition] | |
| 29 failregex = Failed authentication attempt \(not-authorized\) from IP: <HOST> | |
| 30 ignoreregex = | |
| 31 | |
| 32 And at the appropriate place (usually the bottom) of | |
| 33 /etc/fail2ban/jail.conf add these lines: | |
| 34 | |
| 35 [prosody] | |
| 36 enabled = true | |
| 37 port = 5222 | |
| 38 filter = prosody-auth | |
| 39 logpath = /var/log/prosody/prosody*.log | |
| 40 maxretry = 6 | |
| 41 | |
| 42 Compatibility | |
| 43 ------------- | |
| 44 | |
| 45 ------- -------------- | |
| 46 trunk Works | |
| 47 0.9 Works | |
| 48 0.8 Doesn't work | |
| 49 ------- -------------- |