Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IP addresses to log if login fails #951

Closed
BeckeBauer opened this issue Jul 11, 2019 · 13 comments
Closed

IP addresses to log if login fails #951

BeckeBauer opened this issue Jul 11, 2019 · 13 comments
Labels
plugin not meant to be implemented in the core, but could be a plugin
Milestone
1.2

Comments

@BeckeBauer
Copy link
Contributor

Is there a way to record IP addresses in the prod.log file in case that login fails due to invalid credentials?

I would like to use fail2ban to block such IPs after a given number of invalid trials in order to protect agaist unauthorised access.
@kevinpapst
Copy link
Member

https://www.nomisoft.co.uk/articles/symfony-fail2ban-ip-blocking

@BeckeBauer
Copy link
Contributor Author

Thank you for the link. I tried my best to implement the code but tremendously failed. It starts that I have no clue in which directory to place the services.yml
Also, I modified the existing AuthenticationListener.php unter fos/user-bundle/EventListener but am unsure if this is the right file.
Any hint would be appreciated...

@kevinpapst
Copy link
Member

https://github.com/kevinpapst/kimai2/blob/master/config/services.yaml

@BeckeBauer
Copy link
Contributor Author

Thank you, it worked!
(your link does not refer to the the service.yaml - despite its name - but the location kimai2/config was the right hint).
If required, I can describe the steps to log the IP addresses!?

@kevinpapst
Copy link
Member

Does it work for you? Then yes, please share it! I'd love to make a documentation page for it.

@kevinpapst
Copy link
Member

You need to add 3 ` before and after the code (and no space in the beginning of the line):
https://help.github.com/en/articles/basic-writing-and-formatting-syntax#quoting-code

@BeckeBauer
Copy link
Contributor Author

  1. Create a PHP file with the following content:
<?php

namespace FOS\UserBundle\EventListener;

use Psr\Log\LoggerInterface;
use Symfony\Component\HttpFoundation\RequestStack;

class FailedLoginListener
{

    /**
     * @var LoggerInterface
     */
    private $logger;

    /**
     * @var RequestStack
     */
    private $request;

    /**
     * @param LoggerInterface $logger
     * @param RequestStack $request
     */
    public function __construct(LoggerInterface $logger, RequestStack $request)
    {
        $this->logger = $logger;
        $this->request = $request;
    }

    /**
     * onAuthenticationFailure
     */
    public function onAuthenticationFailure()
    {
        $ipAddress = $this->request->getCurrentRequest()->getClientIp();
        $this->logger->error('Authentication failed for IP: ' . $ipAddress);
    }

}

  1. Save it to kimai2\vendor\friendsofsymfony\user-bundle\EventListener as FailedLoginListener.php (or give it a different name if you do not like it and rename the class accordingly)

  2. Add the following code to service.yaml in kimai2\config

    # ================================================================================
    # Logging IP Addresses on Failed Authorisation
    # ================================================================================   
    app.security.authentication_event_listener:
        class: FOS\UserBundle\EventListener\FailedLoginListener
        arguments: ["@logger","@request_stack"]
        tags:
            - { name: kernel.event_listener, event: security.authentication.failure, method: onAuthenticationFailure }

  1. Run
    composer install --no-dev --optimize-autoloader
    bin/console cache:clear --env=prod
    bin/console cache:warmup --env=prod

  2. To test: use wrong login credentials and check your prod.log

@kevinpapst
Copy link
Member

Ok, you have a working solution for now, great & thanks for sharing!

Then let me see what I can make of that. This implementation is far from being ideal ;-)

@BeckeBauer
Copy link
Contributor Author

one remark: the following expression to be used in the filter for fail2ban is working:

failregex = Authentication failed for IP: <HOST>

@kevinpapst kevinpapst mentioned this issue Jul 12, 2019
Closed
@kevinpapst
Copy link
Member

Hey @BeckeBauer , do you want to test the new Fail2Ban bundle?
See https://www.kimai.org/store/fail2ban-bundle.html
Feedback can be left here: https://github.com/Keleo/Fail2BanBundle
The log format and file changed... but it makes your change update safe.

@BeckeBauer
Copy link
Contributor Author

I will do tonight

@kevinpapst kevinpapst added this to the 1.2 milestone Jul 26, 2019
@kevinpapst kevinpapst added the plugin not meant to be implemented in the core, but could be a plugin label Jul 26, 2019
@kevinpapst
Copy link
Member

Follow up: Keleo/Fail2BanBundle#1

@lock
Copy link

lock bot commented Sep 24, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. If you use Kimai on a daily basis, please consider donating to support further development of Kimai.

@lock lock bot locked and limited conversation to collaborators Sep 24, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
plugin not meant to be implemented in the core, but could be a plugin
Projects
None yet
Milestone
1.2
Development

No branches or pull requests
2 participants
@kevinpapst @BeckeBauer