Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Why Active Directory Authentication in MISP is not working? #9727

Open
1 task done
lanshiyun2019 opened this issue May 6, 2024 · 0 comments
Open
1 task done

Bug: Why Active Directory Authentication in MISP is not working? #9727

lanshiyun2019 opened this issue May 6, 2024 · 0 comments
Labels
needs triage This issue has been automatically labelled and needs further triage

Comments

@lanshiyun2019
Copy link

Actual behavior

Problem Description
After finish Apache configuration and PHP configuration in the issue #6189 (How to enable Active Directory Authentication in MISP? #6189 )
the The MISP LDAP/Active Directory authentication is not working right.

Expected behavior

Enable Active Directory Authentication in MISP

  1. the Apache webserver will request BasicAuthentication.
  2. browser that is a popup asking you for a username and password.
  3. then be redirected to the MISP event page, no login required.

Steps to reproduce

Work environment

Type of issue: Bug
OS version: Ubuntu 22.04.4 LTS
OS version: Win10
PHP version: PHP 7.4.33
MISP version: MISP 2.4.191

Apache configuration

Step 1. Activate the ldap module

david@app-svr6:~$ sudo a2enmod authnz_ldap
Considering dependency ldap for authnz_ldap:
Module ldap already enabled
Module authnz_ldap already enabled
david@app-svr6:~$

Step 2. Add the authentication part in /etc/apache2/sites-available/misp-ssl.conf

    <Location "/users/">
        AuthType Basic
        AuthName "MISP AD [user@minilabs.cn](mailto:user@minilabs.cn) authentication"
        AuthBasicProvider ldap
        # LDAP URL, replace with your specific setup
        AuthLDAPUrl "ldap://192.168.0.19:389/CN=Users,DC=minilabs,DC=cn?userPrincipalName?sub?(objectclass=*)"
        # use the users' credential to lookup AD information.
        AuthLDAPInitialBindAsUser on
        # Require valid users or specific groups
        Require valid-user
        # Uncomment to restrict to a specific group
        # Require ldap-group "CN=GroupName,OU=Groups,DC=home,DC=minicdc,DC=com"
    </Location>

PHP configuration

Step 3. Enable the extension of ldap in php.ini

david@app-svr6:~$ sudo find / | grep php.ini
/etc/php/7.4/cli/php.ini
/etc/php/7.4/apache2/php.ini
/usr/include/php/20190902/main/php_ini.h
/usr/lib/php/8.3/php.ini-production.cli
/usr/lib/php/8.3/php.ini-development
/usr/lib/php/8.3/php.ini-production
/usr/lib/php/7.4/php.ini-production.cli
/usr/lib/php/7.4/php.ini-development
/usr/lib/php/7.4/php.ini-production
david@app-svr6:~$

Step 4. Add the authentication part in /var/www/MISP/app/Config/config.php

'ApacheSecureAuth' =>
array (
'apacheEnv' => 'REMOTE_USER',
'ldapServer' => 'ldap://192.168.0.19',
'ldapProtocol' => 3,
'ldapNetworkTimeout' => -1,
'ldapReaderUser' => 'CN=user_test,CN=Users,DC=minilabs,DC=cn',
'ldapReaderPassword' => 'password',
'ldapDN' => 'dc=minilabs,dc=cn',
'ldapSearchFilter' => '',
'ldapSearchAttribut' => 'userPrincipalName',
'ldapFilter' => '',
'ldapDefaultRoleId' => 3,
'ldapDefaultOrg' => '1',
'ldapAllowReferrals' => false,
),

the following at this step is running...
1 The Apache webserver will request BasicAuthentication. the browser that is a popup asking you for a username and password. (screenshot-1)
2 Then be redirected to the MISP login page. (screenshot -3 :)
3. Use the tcpdump on MISP Server to capture the traffic between the MISP and AD (screenshot -2)
4. Input the same username and password, it show the error message: Invalid username or password, try again (Screenshot - 4)
I am sure that username and password are correct

screenshot -1 :

Image

screenshot-2 : 192.168.0.76 (MISP Server), 192.168.0.19(Active Directory Server)

Image

screenshot -3 :

Image

Screenshot - 4
Image

Possible Solutions

  • The code of the check if Apache provies kerberos authentication data part function is not working?

Step 1. Update the AppController.php with debug code
sudo -u www-data vi /var/www/MISP/app/Controller/AppController.php

Image

Step 2. As you can see the "Use the internal base authtication..."

Image

Step 3. Check the function condition

Image

Step 4. It is show $envvar=REMOTE_USER, but the $_SERVER[$envvar] is empty

Image

  • Check the error log and application log
    there is no error log in the /var/log/apache2/misp.local_error.log
    but if the I input the wrong password it will show the error message like below:
[Mon May 06 16:16:53.972184 2024] [auth_basic:error] [pid 343351] [client 192.168.0.3:54560] AH01617: user dlp_admin@minilabs.cn: authentication failure for "/users/login": Password Mismatch

the application log show message: the Failed authentication using external key (Basic ZGxwX2FkbWluQG1pbmlsYWJzLmNuOm1pbmlAMjAxNw==)

Image

Version

2.4.191

Operating System

Ubuntu 22.04.4 LTS

Operating System version

22.04.4

PHP version

7.4.33

Browser

Chrome

Browser version

Google Chrome 124.0.6367.119 Microsoft Edge 124.0.2478.80 (正式版本) (64 位)

Relevant log output

192.168.0.3 - dlp_admin@minilabs.cn [06/May/2024:15:58:48 +0800] "GET /users/login?_=1714982299604 HTTP/1.1" 200 2606 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - dlp_admin@minilabs.cn [06/May/2024:15:58:48 +0800] "POST /users/login?_=1714982299604 HTTP/1.1" 302 1379 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - dlp_admin@minilabs.cn [06/May/2024:15:58:48 +0800] "GET /users/routeafterlogin HTTP/1.1" 302 1003 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET / HTTP/1.1" 200 6327 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /css/bootstrap.css?v=161 HTTP/1.1" 200 18933 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /css/chosen.min.css?v=161 HTTP/1.1" 200 2767 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /js/bootstrap-timepicker.js?v=161 HTTP/1.1" 200 8236 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /js/bootstrap-datepicker.js?v=161 HTTP/1.1" 200 17124 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /js/jquery-ui.min.js?v=161 HTTP/1.1" 200 72391 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /js/keyboard-shortcuts-definition.js?v=161 HTTP/1.1" 200 963 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /css/bootstrap-colorpicker.css?v=161 HTTP/1.1" 200 1455 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /css/font-awesome.css?v=161 HTTP/1.1" 200 13923 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /css/main.css?v=161 HTTP/1.1" 200 13054 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /css/distribution-graph.css?v=161 HTTP/1.1" 200 3096 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /css/bootstrap-datepicker.css?v=161 HTTP/1.1" 200 2621 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /css/vis.css?v=161 HTTP/1.1" 200 6458 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /js/chosen.jquery.min.js?v=161 HTTP/1.1" 200 7206 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /js/network-distribution-graph.js?v=161 HTTP/1.1" 200 5358 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /js/misp-touch.js?v=161 HTTP/1.1" 200 955 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /js/bootstrap.js?v=161 HTTP/1.1" 200 11884 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /js/bootstrap-colorpicker.js?v=161 HTTP/1.1" 200 7459 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /js/jquery.js?v=161 HTTP/1.1" 200 31593 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /js/keyboard-shortcuts.js?v=161 HTTP/1.1" 200 1726 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /js/misp.js?v=161 HTTP/1.1" 200 43675 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /js/vis.js?v=161 HTTP/1.1" 200 175323 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /css/print.css?v=161 HTTP/1.1" 200 724 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:48 +0800] "GET /webfonts/fa-solid-900.woff2 HTTP/1.1" 200 80958 "https://192.168.0.76/css/font-awesome.css?v=161" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:51 +0800] "GET /logs/index HTTP/1.1" 200 6209 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:51 +0800] "GET /css/bootstrap-datepicker.css?v=161 HTTP/1.1" 200 2621 "https://192.168.0.76/logs/index" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:51 +0800] "GET /css/bootstrap-colorpicker.css?v=161 HTTP/1.1" 200 1455 "https://192.168.0.76/logs/index" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:51 +0800] "GET /css/chosen.min.css?v=161 HTTP/1.1" 200 2767 "https://192.168.0.76/logs/index" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:51 +0800] "GET /css/main.css?v=161 HTTP/1.1" 200 11423 "https://192.168.0.76/logs/index" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:51 +0800] "GET /css/font-awesome.css?v=161 HTTP/1.1" 200 13923 "https://192.168.0.76/logs/index" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:51 +0800] "GET /css/bootstrap.css?v=161 HTTP/1.1" 200 18933 "https://192.168.0.76/logs/index" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:15:58:51 +0800] "GET /css/print.css?v=161 HTTP/1.1" 200 724 "https://192.168.0.76/logs/index" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:39 +0800] "GET /users/login HTTP/1.1" 401 2431 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - dlp_admin@minilabs.cn [06/May/2024:16:15:53 +0800] "GET /users/login HTTP/1.1" 302 2655 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - dlp_admin@minilabs.cn [06/May/2024:16:15:53 +0800] "GET /users/routeafterlogin HTTP/1.1" 302 1003 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET / HTTP/1.1" 200 6328 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /css/bootstrap.css?v=161 HTTP/1.1" 200 18933 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /css/bootstrap-datepicker.css?v=161 HTTP/1.1" 200 2621 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /js/chosen.jquery.min.js?v=161 HTTP/1.1" 200 7206 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /css/chosen.min.css?v=161 HTTP/1.1" 200 2767 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /css/vis.css?v=161 HTTP/1.1" 200 6458 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /css/distribution-graph.css?v=161 HTTP/1.1" 200 3096 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /css/bootstrap-colorpicker.css?v=161 HTTP/1.1" 200 3086 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /css/font-awesome.css?v=161 HTTP/1.1" 200 15554 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /js/misp-touch.js?v=161 HTTP/1.1" 200 955 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /js/network-distribution-graph.js?v=161 HTTP/1.1" 200 5358 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /js/bootstrap.js?v=161 HTTP/1.1" 200 11884 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /css/main.css?v=161 HTTP/1.1" 200 11423 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /js/bootstrap-timepicker.js?v=161 HTTP/1.1" 200 6605 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /js/bootstrap-datepicker.js?v=161 HTTP/1.1" 200 15493 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /js/bootstrap-colorpicker.js?v=161 HTTP/1.1" 200 7459 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /js/keyboard-shortcuts-definition.js?v=161 HTTP/1.1" 200 963 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /js/misp.js?v=161 HTTP/1.1" 200 43675 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /js/jquery-ui.min.js?v=161 HTTP/1.1" 200 72733 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /js/keyboard-shortcuts.js?v=161 HTTP/1.1" 200 1726 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /js/jquery.js?v=161 HTTP/1.1" 200 31593 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /js/vis.js?v=161 HTTP/1.1" 200 175323 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:53 +0800] "GET /css/print.css?v=161 HTTP/1.1" 200 724 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:54 +0800] "GET /webfonts/fa-solid-900.woff2 HTTP/1.1" 200 80958 "https://192.168.0.76/css/font-awesome.css?v=161" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:15:54 +0800] "GET /img/favicon.png HTTP/1.1" 200 1672 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:16:10 +0800] "GET /dashboards HTTP/1.1" 200 6450 "https://192.168.0.76/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:16:10 +0800] "GET /css/gridstack.min.css?v=161 HTTP/1.1" 200 2842 "https://192.168.0.76/dashboards" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:16:10 +0800] "GET /js/gridstack.all.js?v=161 HTTP/1.1" 200 55477 "https://192.168.0.76/dashboards" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:16:10 +0800] "POST /dashboards/renderWidget/0 HTTP/1.1" 200 1366 "https://192.168.0.76/dashboards" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:16:12 +0800] "GET /dashboards HTTP/1.1" 200 4819 "https://192.168.0.76/dashboards" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:16:12 +0800] "POST /dashboards/renderWidget/0 HTTP/1.1" 200 1366 "https://192.168.0.76/dashboards" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:16:35 +0800] "GET /users/login HTTP/1.1" 401 2431 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - dlp_admin@minilabs.cn [06/May/2024:16:16:53 +0800] "GET /users/login HTTP/1.1" 401 2431 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - dlp_admin@minilabs.cn [06/May/2024:16:17:09 +0800] "GET /users/login HTTP/1.1" 200 5396 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:09 +0800] "GET /css/bootstrap.css HTTP/1.1" 200 18933 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:09 +0800] "GET /css/main.css HTTP/1.1" 200 11423 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:09 +0800] "GET /css/bootstrap-datepicker.css HTTP/1.1" 200 4252 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:09 +0800] "GET /img/misp-logo-s-u.png HTTP/1.1" 200 12688 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:09 +0800] "GET /css/bootstrap-colorpicker.css HTTP/1.1" 200 1455 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:09 +0800] "GET /css/font-awesome.css HTTP/1.1" 200 13923 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:09 +0800] "GET /css/chosen.min.css HTTP/1.1" 200 2767 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:09 +0800] "GET /js/jquery.js HTTP/1.1" 200 31935 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:09 +0800] "GET /js/chosen.jquery.min.js HTTP/1.1" 200 7548 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:09 +0800] "GET /js/misp-touch.js HTTP/1.1" 200 955 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:09 +0800] "GET /js/bootstrap.js HTTP/1.1" 200 11884 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:09 +0800] "GET /js/bootstrap-timepicker.js HTTP/1.1" 200 6605 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:10 +0800] "GET /js/keyboard-shortcuts.js HTTP/1.1" 200 3357 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:10 +0800] "GET /js/keyboard-shortcuts-definition.js HTTP/1.1" 200 963 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:09 +0800] "GET /js/bootstrap-datepicker.js HTTP/1.1" 200 15493 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:10 +0800] "GET /js/bootstrap-colorpicker.js HTTP/1.1" 200 7459 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:10 +0800] "GET /css/print.css HTTP/1.1" 200 724 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:10 +0800] "GET /js/misp.js HTTP/1.1" 200 43675 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:10 +0800] "GET /img/favicon.png HTTP/1.1" 200 1672 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - dlp_admin@minilabs.cn [06/May/2024:16:17:53 +0800] "GET /users/login?_=1714983429624 HTTP/1.1" 200 3898 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - dlp_admin@minilabs.cn [06/May/2024:16:17:53 +0800] "POST /users/login?_=1714983429624 HTTP/1.1" 200 3974 "https://192.168.0.76/users/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:53 +0800] "GET /css/bootstrap.css HTTP/1.1" 200 18933 "https://192.168.0.76/users/login?_=1714983429624" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:53 +0800] "GET /css/main.css HTTP/1.1" 200 11423 "https://192.168.0.76/users/login?_=1714983429624" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:53 +0800] "GET /css/bootstrap-datepicker.css HTTP/1.1" 200 2621 "https://192.168.0.76/users/login?_=1714983429624" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:53 +0800] "GET /css/bootstrap-colorpicker.css HTTP/1.1" 200 1455 "https://192.168.0.76/users/login?_=1714983429624" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:53 +0800] "GET /css/font-awesome.css HTTP/1.1" 200 13923 "https://192.168.0.76/users/login?_=1714983429624" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:53 +0800] "GET /css/chosen.min.css HTTP/1.1" 200 4398 "https://192.168.0.76/users/login?_=1714983429624" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:53 +0800] "GET /css/print.css HTTP/1.1" 200 724 "https://192.168.0.76/users/login?_=1714983429624" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:17:53 +0800] "GET /favicon.ico HTTP/1.1" 200 1686 "https://192.168.0.76/users/login?_=1714983429624" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0"
192.168.0.3 - - [06/May/2024:16:18:13 +0800] "-" 408 1608 "-" "-"

Extra attachments

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct
@lanshiyun2019 lanshiyun2019 added the needs triage This issue has been automatically labelled and needs further triage label May 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs triage This issue has been automatically labelled and needs further triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lanshiyun2019