nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-28 08:03:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

matrix: Add fail2ban jail

Browse Source 
Test:

- Setup Matrix on a VPS with a FQDN and a valid LE certificate, then add these
configs to fail2ban.

- On a production server apply the changes of MR !2296

- Setup the fail2ban filter and jail, then restart fail2ban

- Trying to log in unsuccessfully from FluffyChat leads to a 10 min ban

Result:

`sudo fail2ban-client status matrix-synapse-auth-freedombox` returns the
following output, but the server actually remains accessible in every way.

```
Status for the jail: matrix-synapse-auth-freedombox
|- Filter
|  |- Currently failed: 1
|  |- Total failed:     11
|  `- Journal matches:
`- Actions
   |- Currently banned: 1
   |- Total banned:     1
   `- Banned IP list:   MY IP
```
Signed-off-by: nbenedek <contact@nbenedek.me>
This commit is contained in:
nbenedek 2022-09-24 17:43:22 +02:00 committed by Sunil Mohan Adapa
parent ecb4ce0733
commit 95f2d372d8
No known key found for this signature in database
GPG Key ID: 43EA1CFF0AA7C5F2
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
plinth/modules/matrixsynapse/data/etc/fail2ban/filter.d/matrix-auth-freedombox.conf Normal file
View File

@ -0,0 +1,7 @@
[INCLUDES]
before = common.conf
[Definition]
_daemon = apache-access
prefregex = %(__prefix_line)s
failregex = \S+ <HOST> - \S+ \[[^\]]*\] "POST /_matrix/client/.*/login HTTP/\S+" 403

4
plinth/modules/matrixsynapse/data/etc/fail2ban/jail.d/matrix-auth-freedombox.conf Normal file
View File

@ -0,0 +1,4 @@
[matrix-auth-freedombox]
enabled = true
port = http,https
journalmatch = SYSLOG_IDENTIFIER=apache-access