prosody-modules
3f3b672b7616
mod_log_auth/README.markdown

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_log_auth/README.markdown @ 4300:3f3b672b7616

mod_vcard_muc: Pass room object around instead of JID, hopefully fixing traceback More efficient to pass the object around instead of using the JID and looking up the object when needed. It seems in some (undetermined) cases get_room_from_jid(room.jid) is nil.
author Matthew Wild <mwild1@gmail.com>
date Tue, 15 Dec 2020 10:49:11 +0000
parent 2347:a47520a2c59d
line wrap: on
line source

---
labels:
- 'Stage-Stable'
summary: Log failed authentication attempts with their IP address
...

Introduction
============

Prosody doesn't write IP addresses to its log file by default for
privacy reasons (unless debug logging is enabled).

This module enables logging of the IP address in a failed authentication
attempt so that those trying to break into accounts for example can be
blocked.

fail2ban configuration
======================

fail2ban is a utility for monitoring log files and automatically
blocking "bad" IP addresses at the firewall level.

With this module enabled in Prosody you can use the following example
configuration for fail2ban:

    # /etc/fail2ban/filter.d/prosody-auth.conf
    # Fail2Ban configuration file for prosody authentication
    [Definition]
    failregex = Failed authentication attempt \(not-authorized\) for user .* from IP: <HOST>
    ignoreregex =

And at the appropriate place (usually the bottom) of
/etc/fail2ban/jail.conf add these lines:

    [prosody]
    enabled = true
    port    = 5222
    filter  = prosody-auth
    logpath = /var/log/prosody/prosody*.log
    maxretry = 6

Compatibility
-------------

  ------- --------------
  trunk   Works
  0.9     Works
  0.8     Doesn't work
  ------- --------------