Software /
code /
prosody-modules
Diff
mod_log_auth/README.markdown @ 1803:4d73a1a6ba68
Convert all wiki pages to Markdown
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 28 Aug 2015 18:03:58 +0200 |
parent | 1782:29f3d6b7ad16 |
child | 2347:a47520a2c59d |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_log_auth/README.markdown Fri Aug 28 18:03:58 2015 +0200 @@ -0,0 +1,49 @@ +--- +labels: +- 'Stage-Stable' +summary: Log failed authentication attempts with their IP address +... + +Introduction +============ + +Prosody doesn't write IP addresses to its log file by default for +privacy reasons (unless debug logging is enabled). + +This module enables logging of the IP address in a failed authentication +attempt so that those trying to break into accounts for example can be +blocked. + +fail2ban configuration +====================== + +fail2ban is a utility for monitoring log files and automatically +blocking "bad" IP addresses at the firewall level. + +With this module enabled in Prosody you can use the following example +configuration for fail2ban: + + # /etc/fail2ban/filter.d/prosody-auth.conf + # Fail2Ban configuration file for prosody authentication + [Definition] + failregex = Failed authentication attempt \(not-authorized\) from IP: <HOST> + ignoreregex = + +And at the appropriate place (usually the bottom) of +/etc/fail2ban/jail.conf add these lines: + + [prosody] + enabled = true + port = 5222 + filter = prosody-auth + logpath = /var/log/prosody/prosody*.log + maxretry = 6 + +Compatibility +------------- + + ------- -------------- + trunk Works + 0.9 Works + 0.8 Doesn't work + ------- --------------