Comments (34)
And even better, we could write a fail2ban filter for the login page!
http://www.fail2ban.org/wiki/index.php/Main_Page
+1
from organizr.
@rix1337 that would be awesome but Fail2Ban relies on Python. Not sure everyone knows how to set that up. we can have it as on option maybe.
from organizr.
I phrased it wrong.
Assuming one has set up fail2ban already, if Organizr offered a log containing
timestamp - IP - bad auth
We could write a fail2ban rule, that would work properly.
Look at how those configs work at: https://snippets.aktagon.com/snippets/554-how-to-secure-an-nginx-server-with-fail2ban
from organizr.
Ahhhh yes. :)
from organizr.
@rix1337 @Githubtordl
I'm storing the info in a file on the server that is written in JSON.
from organizr.
Making the log path configurable would be perfect.
Looking very good so far, I guess we can easily set up a regex rule for fail2ban then!
from organizr.
Yea that is what I was thinking on both suggestions.
from organizr.
This should work with fail2ban. Will test over the weekend:
https://gist.github.com/rix1337/d87b4b59200bcfe4efd2273d3991cb32
from organizr.
I've just checked the fail2ban manual:
http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters
In order for a log line to match your failregex, it actually has to match in two parts: the beginning of the line has to match a timestamp pattern or regex, and the remainder of the line has to match your failregex.
Any way you could (also) produce a standard log file more similar to the nginx one? Optionally stored at a custom path?
20-01-2017 01:02:03 [1.2.3.4] "user" "bad_auth"
They do not offer a way to regex custom timestamps..
The pattern or regex to match the time stamp is currently not documented, and not available for users to read or set
With this log I could automatically ban anyone trying to brute force my login info! (Which would be super awesome)
from organizr.
i can make the time stamp match this: 20-01-2017 01:02:03
from organizr.
EDiT for clarification:
Thank you for checking this!
fail2ban for some reason requires logs that separate entries into new lines & begin with a timestamp
fail2ban rules identify IPs to ban with a special <HOST>
code, but don't allow the same for timestamps.
I'll try to get more info tonight, but it seems a logfile as suggested above would be the only thing working here...
from organizr.
hmmm
ok, i'll check this tonight
from organizr.
I tried it right now, and fail2ban is not limited by the way the timestamp is offered, but it requires newlines.
Could you add a newline before every {"date" tag? as in:
https://gist.github.com/rix1337/d66f7d9a1c81d9345e37491e6084790c
The working bad_auth regex for fail2ban is
","username":"\S+","ip":"<HOST>","auth_type":"bad_auth"}
Running tests
=============
Use failregex line : ","username":"\S+","ip":"<HOST>","auth_type":"bad_...
Use log file : /config/organizr/loginLog.json
Use encoding : UTF-8
Results
=======
Failregex: 2 total
|- #) [# of hits] regular expression
| 1) [2] ","username":"\S+","ip":"<HOST>","auth_type":"bad_auth"}
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [5] Year(?P<_sep>[-/.])Month(?P=_sep)Day 24hour:Minute:Second(?:,Microseconds)?
`-
Lines: 6 lines, 0 ignored, 2 matched, 4 missed
[processed in 0.00 sec]
|- Missed line(s):
| {"logType":"login_log","auth":[
| {"date":"2017-01-20 00:18:07","username":"rix","ip":"21.43.5.6","auth_type":"good_auth"},
| {"date":"2017-01-20 06:25:58","username":"rix","ip":"21.43.5.6","auth_type":"good_auth"},
| {"date":"2017-01-20 09:42:30","username":"rix","ip":"21.43.5.6","auth_type":"good_auth"},
`-`
That would be all I need, and the json is still readable by organizr.
In contrast, the current json oneliner is not parsed correctly
fail2ban-regex /config/organizr/loginLog.json '","username":"\S+","ip":"<HOST>","auth_type":"bad_auth"}'
Running tests
=============
Use failregex line : ","username":"\S+","ip":"<HOST>","auth_type":"bad_...
Use log file : /config/organizr/loginLog.json
Use encoding : UTF-8
Results
=======
Failregex: 1 total
|- #) [# of hits] regular expression
| 1) [1] ","username":"\S+","ip":"<HOST>","auth_type":"bad_auth"}
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [1] Year(?P<_sep>[-/.])Month(?P=_sep)Day 24hour:Minute:Second(?:,Microseconds)?
`-
Lines: 1 lines, 0 ignored, 1 matched, 0 missed
[processed in 0.00 sec]
from organizr.
by new line, do you mean like a break in line?
from organizr.
yeah! instead of
foo bar spam eggs
foo
bar
spam
eggs
sorry, english is not my primary language ^^
from organizr.
no worries, I can try that out tonight unless you want to edit yourself and try.
from organizr.
I'll give it a shot. and thank you
from organizr.
lemme give you the line.
from organizr.
user php, 602?
from organizr.
https://github.com/causefx/Organizr/blob/master/user.php#L610
change to $writeFailLog = json_encode($gotFailLog, JSON_PRETTY_PRINT);
https://github.com/causefx/Organizr/blob/master/user.php#L614
change to $writeFailLog = json_encode($failLogEntryFirst, JSON_PRETTY_PRINT);
from organizr.
ill give it a shot, though i am only familiar to xml. seems easy to get the format, though.
from organizr.
no worries man :) let me know how it goes.
from organizr.
I tried my best, and the PR works for the front-end, as well as the fail2ban log daemon.
I really would like this functionality implemented (even if a proper log file, not breaking the json would be the better way). With this hack I am now successfully banning people after their third bad login attempt to my site!
from organizr.
nice, did the JSON_PRETTY_PRINT not work either?
Edit: Also this line doesn't need to be edited: $getFailLog = str_replace("\r\ndate", "date", file_get_contents(FAIL_LOG));
as you already apply str_replace on the variable than encodes the json.
Edit: Nevermind, i misread that line.
from organizr.
No, because awesome as it may be, fail2ban is resistant to multiple line input.. There seem to be ways, but I can't get them to match the json file..
I know duplicate file creations make this project less clean, but could you just implement a function that on a bad login appended
Timestamp - [ip] - [username] - bad auth
to a simple somthing.log? I would really feel bad about the hack I wrote, just to get this feature going. Even though it works
from organizr.
the hack isnt bad.
from organizr.
thank you,
Also this line doesn't need to be edited: $getFailLog = str_replace("\r\ndate", "date", file_get_contents(FAIL_LOG));
as you already apply str_replace on the variable than encodes the json.
Edit: Nevermind, i misread that line.
At first i thought so, too. New log entrys will go missing without it, though..
from organizr.
what do you mean?
from organizr.
nvm, was just confirming the line needs an edit 👍
from organizr.
ahhh yes, I need to see if my local hosted dev branch is updated, if it is i will pull this merge request into dev.
from organizr.
cool stuff. i contributed 🥇 😄
from organizr.
haha yes sir, thanks!
from organizr.
just a heads up: the reformated log file may cause issues with existing logs from this version..
since it's beta this should be fine..
from organizr.
Hmmmm. I'll take a look.
from organizr.
Related Issues (20)
- Drawer cannot be moved to the right and add new theme features HOT 2
- [Feature Request] Require 2FA from users HOT 1
- Google Authenticator disabling HOT 6
- Login Loop, no reverse proxy or other additions. HOT 10
- Calender not scaling on mobile HOT 5
- [Question] Organizr hardware accelerated Android TV app? HOT 2
- Dependencies Missing FILEINFO & MBSTRING HOT 30
- Organizr Vulnerabilities
- Plex Oauth Login not working HOT 4
- Donation arrows doesn't change price HOT 4
- Upgrading from 2.1.1690 to Latest Version HOT 2
- "Slim Application Error" after starting the Docker container HOT 10
- Calendar Item's backdrop images are missing HOT 4
- Feature suggestion: Import tabs from CSV HOT 2
- Unable to get docker install to recognise that I'm outside of local network. HOT 9
- allow changing iframe name HOT 1
- Unable to use Nextcloud Talk in an iframe because of allow attributes HOT 4
- 502 Bad Gateway HOT 1
- Lidarr settings for Self Signed Certficate are ignored. HOT 1
- Test Contributors HOT 13
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from organizr.