Mercurial > prosody-modules
view mod_log_auth/README.markdown @ 4738:5aee8d86629a
mod_bookmarks2: Fix handling of nick and password elements
This form of child retrieval fails when the stanza elements internally
don't have an 'xmlns' attribute, which can happen sometimes for some
reason, including when they have been constructed via the stanza builder
API. When that is the case then the explicit namespace arguemnt does not
match the nil value of the internal attribute. Calling `:get_child()`
without the namespace argument does the right thing here, with both nil
and the parent namespace as valid values for the internal attribute.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 03 Nov 2021 21:11:55 +0100 |
| parents | a47520a2c59d |
| children |
line wrap: on
line source
--- labels: - 'Stage-Stable' summary: Log failed authentication attempts with their IP address ... Introduction ============ Prosody doesn't write IP addresses to its log file by default for privacy reasons (unless debug logging is enabled). This module enables logging of the IP address in a failed authentication attempt so that those trying to break into accounts for example can be blocked. fail2ban configuration ====================== fail2ban is a utility for monitoring log files and automatically blocking "bad" IP addresses at the firewall level. With this module enabled in Prosody you can use the following example configuration for fail2ban: # /etc/fail2ban/filter.d/prosody-auth.conf # Fail2Ban configuration file for prosody authentication [Definition] failregex = Failed authentication attempt \(not-authorized\) for user .* from IP: <HOST> ignoreregex = And at the appropriate place (usually the bottom) of /etc/fail2ban/jail.conf add these lines: [prosody] enabled = true port = 5222 filter = prosody-auth logpath = /var/log/prosody/prosody*.log maxretry = 6 Compatibility ------------- ------- -------------- trunk Works 0.9 Works 0.8 Doesn't work ------- --------------