|
1782
|
1 #summary Log failed authentication attempts with their IP address
|
|
|
2 #labels Stage-Stable
|
|
|
3
|
|
|
4 = Introduction =
|
|
|
5
|
|
|
6 Prosody doesn't write IP addresses to its log file by default for privacy reasons (unless debug logging is enabled).
|
|
|
7
|
|
|
8 This module enables logging of the IP address in a failed authentication attempt so that those trying to break into accounts for example can be blocked.
|
|
|
9
|
|
|
10 = fail2ban configuration =
|
|
|
11
|
|
|
12 fail2ban is a utility for monitoring log files and automatically blocking "bad" IP addresses at the firewall level.
|
|
|
13
|
|
|
14 With this module enabled in Prosody you can use the following example configuration for fail2ban:
|
|
|
15
|
|
|
16 {{{
|
|
|
17 # /etc/fail2ban/filter.d/prosody-auth.conf
|
|
|
18 # Fail2Ban configuration file for prosody authentication
|
|
|
19 [Definition]
|
|
|
20 failregex = Failed authentication attempt \(not-authorized\) from IP: <HOST>
|
|
|
21 ignoreregex =
|
|
|
22 }}}
|
|
|
23
|
|
|
24 And at the appropriate place (usually the bottom) of /etc/fail2ban/jail.conf add these lines:
|
|
|
25
|
|
|
26 {{{
|
|
|
27 [prosody]
|
|
|
28 enabled = true
|
|
|
29 port = 5222
|
|
|
30 filter = prosody-auth
|
|
|
31 logpath = /var/log/prosody/prosody*.log
|
|
|
32 maxretry = 6
|
|
|
33 }}}
|
|
|
34
|
|
|
35 == Compatibility ==
|
|
|
36 || trunk || Works ||
|
|
|
37 || 0.9 || Works ||
|
|
|
38 || 0.8 || Doesn't work || |
