Mercurial > prosody-wiki
comparison mod_log_auth.wiki @ 201:d8b897e87cd7
Created wiki page through web user interface.
| author | MWild1 |
|---|---|
| date | Tue, 30 Aug 2011 17:44:27 +0000 |
| parents | |
| children | 3f94f7728cb4 |
comparison
equal
deleted
inserted
replaced
| 200:41800325d778 | 201:d8b897e87cd7 |
|---|---|
| 1 #summary Log failed authentication attempts with their IP address | |
| 2 #labels Stage-Stable | |
| 3 | |
| 4 = Introduction = | |
| 5 | |
| 6 Prosody doesn't write IP addresses to its log file by default for privacy reasons (unless debug logging is enabled). | |
| 7 | |
| 8 This module enables logging of the IP address in a failed authentication attempt so that those trying to break into accounts for example can be blocked. | |
| 9 | |
| 10 = fail2ban configuration = | |
| 11 | |
| 12 fail2ban is a utility for monitoring log files and automatically blocking "bad" IP addresses at the firewall level. | |
| 13 | |
| 14 With this module enabled in Prosody you can use the following example configuration for fail2ban: | |
| 15 | |
| 16 {{{ | |
| 17 # /etc/fail2ban/filter.d/prosody-auth.conf | |
| 18 # Fail2Ban configuration file for prosody authentication | |
| 19 [Definition] | |
| 20 failregex = Failed authentication attempt \(not-authorized\) from IP: <HOST> | |
| 21 ignoreregex = | |
| 22 }}} | |
| 23 | |
| 24 And at the appropriate place (usually the bottom) of /etc/fail2ban/jail.conf add these lines: | |
| 25 | |
| 26 {{{ | |
| 27 [prosody] | |
| 28 enabled = true | |
| 29 port = 5222 | |
| 30 filter = prosody-auth | |
| 31 logpath = /var/log/prosody/prosody*.log | |
| 32 maxretry = 6 | |
| 33 }}} | |
| 34 | |
| 35 == Compatibility == | |
| 36 || trunk || Works || | |
| 37 || 0.8 || Doesn't work || |