docs: add password regulation fail2ban docs (#4630)

Adds lines to fail2ban regex to catch password reset attempts and email spam.
pull/4631/head
Ohelig 2022-12-22 14:39:41 -06:00 committed by GitHub
parent 9400b1c54d
commit 7663a68a2b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 3 deletions

View File

@ -346,14 +346,17 @@ typically located at `/etc/fail2ban/filter.d`.
# the failregex rule counts every failed 1FA attempt (first line, wrong username or password) and failed 2FA attempt # the failregex rule counts every failed 1FA attempt (first line, wrong username or password) and failed 2FA attempt
# second line) as a failure. # second line) as a failure.
# the ignoreregex rule ignores debug, info and warning messages as all authentication failures are flagged as errors # the ignoreregex rule ignores info and warning messages as all authentication failures are flagged as errors
# the third line catches incorrect usernames entered at the password reset form
# the fourth line catches attempts to spam via the password reset form or 2fa device reset form. This requires debug logging to be enabled
[Definition] [Definition]
failregex = ^.*Unsuccessful 1FA authentication attempt by user .*remote_ip="?<HOST>"? stack.* failregex = ^.*Unsuccessful 1FA authentication attempt by user .*remote_ip="?<HOST>"? stack.*
^.*Unsuccessful (TOTP|Duo|U2F) authentication attempt by user .*remote_ip="?<HOST>"? stack.* ^.*Unsuccessful (TOTP|Duo|U2F) authentication attempt by user .*remote_ip="?<HOST>"? stack.*
^.*user not found.*path=/api/reset-password/identity/start remote_ip="?<HOST>"? stack.*
^.*Sending an email to user.*path=/api/.*/start remote_ip="?<HOST>"?
ignoreregex = ^.*level=debug.* ignoreregex = ^.*level=info.*
^.*level=info.*
^.*level=warning.* ^.*level=warning.*
``` ```