Comments (10)
mmattel
commented on June 12, 2024
1
@simone-viozzi thanks for your feedback. As noted in the document:
...
The content has been extracted and adapted from Central, our community page, and is without any claim for correctness and eligibility for support, though feedback is welcomed.
...
Let us know the message if you have tested it. We are checking in the meanwhile too.
from docs-ocis.
mmattel
commented on June 12, 2024
@dragotin can we have a discussion to clarify some stuff, I have some ideas...
from docs-ocis.
mmattel
commented on June 12, 2024
Closing via #427
from docs-ocis.
simone-viozzi
commented on June 12, 2024
Hi, is the fail2ban documentation up to date with the latest version of ocis? 3.0.0
I followed the guide, but I can't find the "invalid credentials" in the logs, so the jail is not working at all.
from docs-ocis.
simone-viozzi
commented on June 12, 2024
Hi, here are some logs of failed logins attempt:
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000579","remote-addr":"151.81.252.241","method":"GET","status":200,"path":"/signin/v1/static/favicon.ico","duration":1.874437,"bytes":15086,"time":"2023-07-20T10:32:56.881855774Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000581","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":158.227293,"bytes":0,"time":"2023-07-20T10:33:01.46935878Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000583","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":186.598918,"bytes":0,"time":"2023-07-20T10:33:08.649988892Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000585","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":155.859626,"bytes":0,"time":"2023-07-20T10:33:09.492626117Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000587","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":245.744327,"bytes":0,"time":"2023-07-20T10:33:10.399507689Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000589","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":156.853749,"bytes":0,"time":"2023-07-20T10:33:11.0874848Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000591","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":184.348916,"bytes":0,"time":"2023-07-20T10:33:11.819599965Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000593","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":164.127284,"bytes":0,"time":"2023-07-20T10:33:12.662943363Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000595","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":127.757209,"bytes":0,"time":"2023-07-20T10:33:13.360720867Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000597","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":157.803878,"bytes":0,"time":"2023-07-20T10:33:14.00692201Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000599","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":243.000888,"bytes":0,"time":"2023-07-20T10:33:14.679202108Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000601","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":155.84995,"bytes":0,"time":"2023-07-20T10:33:17.963432829Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000603","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":183.551865,"bytes":0,"time":"2023-07-20T10:33:18.359297692Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000605","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":159.60439,"bytes":0,"time":"2023-07-20T10:33:18.794718217Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000607","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":224.941435,"bytes":0,"time":"2023-07-20T10:33:19.421798532Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000609","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":157.173032,"bytes":0,"time":"2023-07-20T10:33:19.941321918Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000611","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":185.437506,"bytes":0,"time":"2023-07-20T10:33:20.322303996Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000613","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":167.799979,"bytes":0,"time":"2023-07-20T10:33:20.789403668Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}To get those, I used:
tail -f logs/ocis.log | grep -C 5 --line-buffered "151.81.252.241"Where the IP is the IP from which I'm failing to log in.
As you can see, there is no "message":"invalid credentials" in the logs.
from docs-ocis.
mmattel
commented on June 12, 2024
Thanks, the lines provided are not sufficient, docs says:
The log for a failed login attempt looks like this and consists of two consecutive log entries:
Means on lines provided, there must be at lease one line directly above having "message":"invalid credentials" to match the failregex. Only the consecutive log line combination counts.
from docs-ocis.
simone-viozzi
commented on June 12, 2024
grep -C 5 will print 5 lines above the matched line and 5 lines below.
Also, using grep "invalid credentials" gets nothing.
from docs-ocis.
mmattel
commented on June 12, 2024
We just tested a failed login and we got the invalid credentials log entry?
{"level":"error","service":"idm","bind_dn":"uid=admin,ou=users,o=libregraph-idm","op":"bind","remote_addr":"127.0.0.1:52434","time":"2023-07-20T14:30:42.630414923+05:45","line":"/mnt/workspace/owncloud/ocis/ocis-pkg/log/logrus_wrapper.go:50","message":"invalid credentials"}
from docs-ocis.
mmattel
commented on June 12, 2024
The regex part ((.|\n)*) matches arbitrary log lines after "message":"invalid credentials"
up to next matches starting with remote-addr + more necessary identifyers.
Maybe you have more lines inbetween?
I will clarify the regex part ((.|\n)*) in more detail as I see that this helps understanding.
from docs-ocis.
simone-viozzi
commented on June 12, 2024
We just tested a failed login and we got the invalid credentials log entry?
Oh, I don't have those.
I will open an issue on the OCIS repo to ask why I don't have the "invalid credentials" log messages.
Thank you.
from docs-ocis.
Related Issues (20)
- [5.0] Theming structure in web will change HOT 4
- [5.0] AND [4.0] New / deprecated ocis cli commands
- [5.0] Relocate the Helm Charts documentation from the orchestration page to the ocis-charts repo HOT 2
- [5.0] The gateway service has changed caching settings
- [5.0] Cache Store changes in several services HOT 1
- [5.0] New envvar to disable password policy
- [5.0] Remove note block in env-vars-special-scope.adoc
- [5.0] Micro Registry Store changes HOT 1
- [5.0] Add nats-js-kv to the nats service description
- config file not found while running ocis through sysytemd service in the docs
- [5.0] Add metrics to the proxy service description
- [5.0] Upgrade notice for a new ICAP envvar, the old one gets deprecated HOT 1
- [5.0] Envvar for memory usage scaling via an envvar between RPi and HPC
- [5.0] Use env variable in yaml config files
- [5.0] change ocis basepath from home to /etc HOT 1
- Document how to configure K3S to resolve custom domains to the host HOT 2
- [5.0] Make store service configurable
- [5.0] Use global envvar for cache or store description HOT 1
- [5.0] Document Upgrade from 4.0 to 5.0
- Add changes to the web service
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docs-ocis.