Comparison

mod_log_auth/README.markdown @ 1803:4d73a1a6ba68

Convert all wiki pages to Markdown
author Kim Alvefur <zash@zash.se>
date Fri, 28 Aug 2015 18:03:58 +0200
parent 1782:mod_log_auth/README.wiki@29f3d6b7ad16
child 2347:a47520a2c59d
comparison
equal deleted inserted replaced
1802:0ab737feada6 1803:4d73a1a6ba68
1 ---
2 labels:
3 - 'Stage-Stable'
4 summary: Log failed authentication attempts with their IP address
5 ...
6
7 Introduction
8 ============
9
10 Prosody doesn't write IP addresses to its log file by default for
11 privacy reasons (unless debug logging is enabled).
12
13 This module enables logging of the IP address in a failed authentication
14 attempt so that those trying to break into accounts for example can be
15 blocked.
16
17 fail2ban configuration
18 ======================
19
20 fail2ban is a utility for monitoring log files and automatically
21 blocking "bad" IP addresses at the firewall level.
22
23 With this module enabled in Prosody you can use the following example
24 configuration for fail2ban:
25
26 # /etc/fail2ban/filter.d/prosody-auth.conf
27 # Fail2Ban configuration file for prosody authentication
28 [Definition]
29 failregex = Failed authentication attempt \(not-authorized\) from IP: <HOST>
30 ignoreregex =
31
32 And at the appropriate place (usually the bottom) of
33 /etc/fail2ban/jail.conf add these lines:
34
35 [prosody]
36 enabled = true
37 port = 5222
38 filter = prosody-auth
39 logpath = /var/log/prosody/prosody*.log
40 maxretry = 6
41
42 Compatibility
43 -------------
44
45 ------- --------------
46 trunk Works
47 0.9 Works
48 0.8 Doesn't work
49 ------- --------------