mod_watchuntrusted

Introduction

Similar to mod_watchregistrations, this module warns admins when an s2s connection fails due for encryption or trust reasons.

The certificate shows the SHA1 hash, so it can easily be used together with mod_s2s_auth_fingerprint.

Configuration

modules_enabled = {
    -- other modules --
    "watchuntrusted",

}

untrusted_fail_watchers = { "admin@example.lit" }
untrusted_fail_notification = "Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors"

Option	Default	Description
untrusted_fail_watchers	All admins	The users to send the message to
untrusted_fail_notification	“Establishing a secure connection from $from_host to $to_host failed. Certificate hash: $sha1. $errors”	The message to send, $from_host, $to_host, $sha1 and $errors are replaced
untrusted_message_type	`"chat"`	Which kind of message to send. `"normal"` or `"headline"` are other sensible options
untrusted_ignore_domains	Empty	The domains that this module should not warn about

Compatibility

trunk

Works

Installation

With the plugin installer in Prosody 0.12 you can use:

sudo prosodyctl install --server=https://modules.prosody.im/rocks/ mod_watchuntrusted

For earlier versions see the documentation for installing 3rd party modules

Latest changes

Add option to ignore domains 2018-08-08
Actually add the untrusted_message_type option 2018-05-20
Add option for which message 'type' to use on notifications 2018-05-20
Many modules: Simplify st.message(…):tag("body"):text(…):up() into st.message(…, …) 2018-02-17
mod_watchuntrusted send SHA256 by default 2017-10-28

mod_watchuntrusted

Introduction

Configuration

Compatibility

Installation

Latest changes

Details

Authors

Links