Mercurial > prosody-modules

view mod_log_auth/README.markdown @ 3656:3e0f4d727825

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_vcard_muc: Add an alternative method of signaling avatar change When the avatar has been changed, a signal is sent that the room configuration has changed. Clients then do a disco#info query to find the SHA-1 of the new avatar. They can then fetch it as before, or not if they have it cached already. This is meant to be less disruptive than signaling via presence, which caused problems for some clients. If clients transition to the new method, the old one can eventually be removed. The namespace is made up while waiting for standardization. Otherwise it is very close to what's described in https://xmpp.org/extensions/inbox/muc-avatars.html
author Kim Alvefur <zash@zash.se>
date Sun, 25 Aug 2019 20:46:43 +0200
parents a47520a2c59d
children
line wrap: on
line source

---
labels:
- 'Stage-Stable'
summary: Log failed authentication attempts with their IP address
...

Introduction
============

Prosody doesn't write IP addresses to its log file by default for
privacy reasons (unless debug logging is enabled).

This module enables logging of the IP address in a failed authentication
attempt so that those trying to break into accounts for example can be
blocked.

fail2ban configuration
======================

fail2ban is a utility for monitoring log files and automatically
blocking "bad" IP addresses at the firewall level.

With this module enabled in Prosody you can use the following example
configuration for fail2ban:

    # /etc/fail2ban/filter.d/prosody-auth.conf
    # Fail2Ban configuration file for prosody authentication
    [Definition]
    failregex = Failed authentication attempt \(not-authorized\) for user .* from IP: <HOST>
    ignoreregex =

And at the appropriate place (usually the bottom) of
/etc/fail2ban/jail.conf add these lines:

    [prosody]
    enabled = true
    port    = 5222
    filter  = prosody-auth
    logpath = /var/log/prosody/prosody*.log
    maxretry = 6

Compatibility
-------------

  ------- --------------
  trunk   Works
  0.9     Works
  0.8     Doesn't work
  ------- --------------