How to create a fail2ban filter for the application “matrix” (matrix-synapse)
Matrix is a chat/messaging server which can be used with the app Riot. We have to create a new filter and add that as a jail to fail2ban.
Important: You need to have at least the version fail2ban 0.9.1, because this filter uses multiple lines for the regex.
Create the filter
# matrix-synapse configuration file
maxlines = 3[Definition]# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# Values: TEXT
#failregex = .*::ffff:<HOST> - 8448 - Received request: POST.*\n.*Got login request.*\n.*Attempted to login as.*
.*::ffff:<HOST> - 8448 - Received request: POST.*\n.*Got login request.*\n.*Failed password login.*# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
Add filter to fail2ban jails
Adjust the logpath to your log file, if you use another log file.
enabled = true
filter = matrix-synapse
logpath = /var/log/matrix-synapse/homeserver.log
maxretry = 5
Restart fail2ban to activate the new settings
service fail2ban restart
Important: You have to make the log files smaller, to avoid performance issues in fail2ban. Please make the amount of bytes smaller in the log config file log.yaml.
Now you are done.