How to create a fail2ban filter for the application “matrix” (matrix-synapse)
Matrix is a chat/messaging server which can be used with the app Riot. We have to create a new filter and add that as a jail to fail2ban.
Important: You need to have at least the version fail2ban 0.9.1, because this filter uses multiple lines for the regex.
Create the filter
# matrix-synapse configuration file
#[Init]
maxlines = 3[Definition]# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#failregex = .*::ffff:<HOST> - 8448 - Received request: POST.*\n.*Got login request.*\n.*Attempted to login as.*
.*::ffff:<HOST> - 8448 - Received request: POST.*\n.*Got login request.*\n.*Failed password login.*# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
Add filter to fail2ban jails
Adjust the logpath to your log file, if you use another log file.
[matrix-synapse]
enabled = true
filter = matrix-synapse
logpath = /var/log/matrix-synapse/homeserver.log
maxretry = 5Restart fail2ban to activate the new settings
service fail2ban restartImportant: You have to make the log files smaller, to avoid performance issues in fail2ban. Please make the amount of bytes smaller in the log config file log.yaml.
vim /etc/matrix-synapse/log.yamlNow you are done.
