How to create a fail2ban filter for the application “matrix” (matrix-synapse)

Matrix is a chat/messaging server which can be used with the app Riot. We have to create a new filter and add that as a jail to fail2ban.

Important: You need to have at least the version fail2ban 0.9.1, because this filter uses multiple lines for the regex.

Create the filter

# matrix-synapse configuration file
#
[Init]
maxlines = 3
[Definition]# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
failregex = .*::ffff:<HOST> - 8448 - Received request: POST.*\n.*Got login request.*\n.*Attempted to login as.*
.*::ffff:<HOST> - 8448 - Received request: POST.*\n.*Got login request.*\n.*Failed password login.*
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

Add filter to fail2ban jails

Adjust the logpath to your log file, if you use another log file.

[matrix-synapse]
enabled = true
filter = matrix-synapse
logpath = /var/log/matrix-synapse/homeserver.log
maxretry = 5

Restart fail2ban to activate the new settings

service fail2ban restart

Important: You have to make the log files smaller, to avoid performance issues in fail2ban. Please make the amount of bytes smaller in the log config file log.yaml.

vim /etc/matrix-synapse/log.yaml

Now you are done.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store