# Intrusion Prevention

# Brute-force Prevention

For organizations that desire an additional level of security, we provide a intrusion prevention feature which will lock user out after a given number of failed login attempts. This feature can be enabled by setting the lockout configuration in the application configuration file.

Sample Configuration:

lockout:
  enabled: true
  max_attempts: 5
  interval: 15
  ban_duration: 120

# Password Rules

It may also be desirable to enable specific password rules such as minimum length, enforcing certain characters, and requiring password resets at certain intervals. These features can be enabled by setting password_min_length, password_requirements and password_expire_days.

# Sample Configuration:

The following example configuration adds strong password requirements and will trigger an IP ban for 2 minutes after 5 failed login attempts within 1 minute, and store 100 MBs of authentication logs.

password_expire_days: 90
password_min_length: 8
password_requirements:
  upper_case: yes
  lower_case: yes
  digits: yes
  special_characters: yes
lockout:
  enabled: true
  max_attempts: 5
  interval: 60
  ban_duration: 120
authentication_log:
  enabled: yes
  path: /var/log/filemage/auth.log
  max_size_mb: 10
  max_backups: 10
  compress: yes

# Authentication Logging

Detailed logging of all authentication events can be enabled using the configuration parameters authentication_log. These logs can shipped to external systems for alerting or visualization purposes.

Events:

LOGIN_SUCCESS: user provided valid credentials
LOGIN_FAILED: user provided invalid credentials
LOGIN_BLOCKED: login attempt from blocked IP address
IP_BANNED: IP address banned after too many failed login attempts
BAN_EXPIRED: IP address ban expired