docs: add password regulation fail2ban docs (#4630)

Adds lines to fail2ban regex to catch password reset attempts and email spam.
2022-12-22 14:39:41 -06:00 · 2022-12-22 14:39:41 -06:00 · 7663a68a2b
parent 9400b1c54d
commit 7663a68a2b
1 changed files with 6 additions and 3 deletions
--- a/docs/content/en/overview/security/measures.md
+++ b/docs/content/en/overview/security/measures.md
@ -346,14 +346,17 @@ typically located at `/etc/fail2ban/filter.d`.

 # the failregex rule counts every failed 1FA attempt (first line, wrong username or password) and failed 2FA attempt
 # second line) as a failure.
-# the ignoreregex rule ignores debug, info and warning messages as all authentication failures are flagged as errors
+# the ignoreregex rule ignores info and warning messages as all authentication failures are flagged as errors
+# the third line catches incorrect usernames entered at the password reset form
+# the fourth line catches attempts to spam via the password reset form or 2fa device reset form. This requires debug logging to be enabled

 [Definition]
 failregex = ^.*Unsuccessful 1FA authentication attempt by user .*remote_ip="?<HOST>"? stack.*
            ^.*Unsuccessful (TOTP|Duo|U2F) authentication attempt by user .*remote_ip="?<HOST>"? stack.*
+            ^.*user not found.*path=/api/reset-password/identity/start remote_ip="?<HOST>"? stack.*
+            ^.*Sending an email to user.*path=/api/.*/start remote_ip="?<HOST>"?

-ignoreregex = ^.*level=debug.*
-              ^.*level=info.*
+ignoreregex = ^.*level=info.*
              ^.*level=warning.*
 ```