annotate mod_log_auth.wiki @ 469:da42de0ae310

Created wiki page through web user interface. Sorry Link Mauve.
author MWild1@gmail.com
date Sat, 26 Jul 2014 21:51:40 +0000
parents 3f94f7728cb4
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
201
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
1 #summary Log failed authentication attempts with their IP address
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
2 #labels Stage-Stable
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
3
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
4 = Introduction =
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
5
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
6 Prosody doesn't write IP addresses to its log file by default for privacy reasons (unless debug logging is enabled).
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
7
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
8 This module enables logging of the IP address in a failed authentication attempt so that those trying to break into accounts for example can be blocked.
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
9
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
10 = fail2ban configuration =
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
11
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
12 fail2ban is a utility for monitoring log files and automatically blocking "bad" IP addresses at the firewall level.
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
13
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
14 With this module enabled in Prosody you can use the following example configuration for fail2ban:
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
15
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
16 {{{
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
17 # /etc/fail2ban/filter.d/prosody-auth.conf
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
18 # Fail2Ban configuration file for prosody authentication
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
19 [Definition]
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
20 failregex = Failed authentication attempt \(not-authorized\) from IP: <HOST>
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
21 ignoreregex =
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
22 }}}
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
23
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
24 And at the appropriate place (usually the bottom) of /etc/fail2ban/jail.conf add these lines:
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
25
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
26 {{{
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
27 [prosody]
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
28 enabled = true
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
29 port = 5222
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
30 filter = prosody-auth
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
31 logpath = /var/log/prosody/prosody*.log
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
32 maxretry = 6
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
33 }}}
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
34
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
35 == Compatibility ==
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
36 || trunk || Works ||
357
3f94f7728cb4 Update compatibility... trunk is now 0.9
MWild1@gmail.com
parents: 201
diff changeset
37 || 0.9 || Works ||
201
d8b897e87cd7 Created wiki page through web user interface.
MWild1
parents:
diff changeset
38 || 0.8 || Doesn't work ||