RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: update fail2ban example (#2661) 

Updates the fail2ban examples to align with new messages.

Fixes #2649.
pull/2666/head
James Elliott 2021-12-02 17:09:47 +11:00 committed by GitHub
parent 9045b75344
commit f0119b5c75
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/security/measures.md
View File

@ -246,13 +246,13 @@ typically located at `/etc/fail2ban/filter.d`.
# only contains a single IP address (the one from the end-user), and not the proxy chain # only contains a single IP address (the one from the end-user), and not the proxy chain
# (it is misleading: usually, this is the purpose of this header). # (it is misleading: usually, this is the purpose of this header).
# the failregex rule counts every failed login (wrong username or password) and failed TOTP entry as a failure # the failregex rule counts every failed 1FA attempt (first line, wrong username or password) and failed 2FA attempt
# second line) as a failure.
# the ignoreregex rule ignores debug, info and warning messages as all authentication failures are flagged as errors # the ignoreregex rule ignores debug, info and warning messages as all authentication failures are flagged as errors
[Definition] [Definition]
failregex = ^.*Error while checking password for.*remote_ip=<HOST> stack.* failregex = ^.*Unsuccessful 1FA authentication attempt by user .*remote_ip="?<HOST>"? stack.*
^.*Credentials are wrong for user .*remote_ip=<HOST> stack.* ^.*Unsuccessful (TOTP|DUO|U2F) authentication attempt by user .*remote_ip="?<HOST>"? stack.*
^.*Wrong passcode during TOTP validation.*remote_ip=<HOST> stack.*
ignoreregex = ^.*level=debug.* ignoreregex = ^.*level=debug.*
^.*level=info.* ^.*level=info.*