Software /
code /
prosody-modules
Comparison
mod_log_auth/README.markdown @ 1803:4d73a1a6ba68
Convert all wiki pages to Markdown
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 28 Aug 2015 18:03:58 +0200 |
parent | 1782:mod_log_auth/README.wiki@29f3d6b7ad16 |
child | 2347:a47520a2c59d |
comparison
equal
deleted
inserted
replaced
1802:0ab737feada6 | 1803:4d73a1a6ba68 |
---|---|
1 --- | |
2 labels: | |
3 - 'Stage-Stable' | |
4 summary: Log failed authentication attempts with their IP address | |
5 ... | |
6 | |
7 Introduction | |
8 ============ | |
9 | |
10 Prosody doesn't write IP addresses to its log file by default for | |
11 privacy reasons (unless debug logging is enabled). | |
12 | |
13 This module enables logging of the IP address in a failed authentication | |
14 attempt so that those trying to break into accounts for example can be | |
15 blocked. | |
16 | |
17 fail2ban configuration | |
18 ====================== | |
19 | |
20 fail2ban is a utility for monitoring log files and automatically | |
21 blocking "bad" IP addresses at the firewall level. | |
22 | |
23 With this module enabled in Prosody you can use the following example | |
24 configuration for fail2ban: | |
25 | |
26 # /etc/fail2ban/filter.d/prosody-auth.conf | |
27 # Fail2Ban configuration file for prosody authentication | |
28 [Definition] | |
29 failregex = Failed authentication attempt \(not-authorized\) from IP: <HOST> | |
30 ignoreregex = | |
31 | |
32 And at the appropriate place (usually the bottom) of | |
33 /etc/fail2ban/jail.conf add these lines: | |
34 | |
35 [prosody] | |
36 enabled = true | |
37 port = 5222 | |
38 filter = prosody-auth | |
39 logpath = /var/log/prosody/prosody*.log | |
40 maxretry = 6 | |
41 | |
42 Compatibility | |
43 ------------- | |
44 | |
45 ------- -------------- | |
46 trunk Works | |
47 0.9 Works | |
48 0.8 Doesn't work | |
49 ------- -------------- |