How to create a fail2ban filter for the application "matrix" (matrix-synapse).

Matrix is a chat/messaging server which can be used with the app Riot. We have to create a new filter and add that as a jail to fail2ban.

Important: You need to have at least the version fail2ban 0.9.1, because this filter uses multiple lines for the regex.

 

Create the filter

# matrix-synapse configuration file
#

[Init]
maxlines = 3

[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
#

failregex = .*::ffff:<HOST> - 8448 - Received request: POST.*\n.*Got login request.*\n.*Attempted to login as.*
            .*::ffff:<HOST> - 8448 - Received request: POST.*\n.*Got login request.*\n.*Failed password login.*

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

 

Add filter to fail2ban jails

Adjust the logpath to your log file, if you use another log file.

[matrix-synapse]
enabled = true
filter = matrix-synapse
logpath = /var/log/matrix-synapse/homeserver.log
maxretry = 5

Restart fail2ban to activate the new settings

service fail2ban restart

Important: You have to make the log files smaller, to avoid performance issues in fail2ban. Please make the amount of bytes smaller in the log config file log.yaml.

vim /etc/matrix-synapse/log.yaml

 

Now you are done.