Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IP addresses to log if login fails #951

Closed
BeckeBauer opened this issue Jul 11, 2019 · 12 comments

Comments

@BeckeBauer
Copy link

commented Jul 11, 2019

Is there a way to record IP addresses in the prod.log file in case that login fails due to invalid credentials?

I would like to use fail2ban to block such IPs after a given number of invalid trials in order to protect agaist unauthorised access.

@kevinpapst

This comment has been minimized.

@BeckeBauer

This comment has been minimized.

Copy link
Author

commented Jul 12, 2019

Thank you for the link. I tried my best to implement the code but tremendously failed. It starts that I have no clue in which directory to place the services.yml
Also, I modified the existing AuthenticationListener.php unter fos/user-bundle/EventListener but am unsure if this is the right file.
Any hint would be appreciated...

@kevinpapst

This comment has been minimized.

@BeckeBauer

This comment has been minimized.

Copy link
Author

commented Jul 12, 2019

Thank you, it worked!
(your link does not refer to the the service.yaml - despite its name - but the location kimai2/config was the right hint).
If required, I can describe the steps to log the IP addresses!?

@BeckeBauer BeckeBauer closed this Jul 12, 2019

@kevinpapst

This comment has been minimized.

Copy link
Owner

commented Jul 12, 2019

Does it work for you? Then yes, please share it! I'd love to make a documentation page for it.

@kevinpapst

This comment has been minimized.

Copy link
Owner

commented Jul 12, 2019

You need to add 3 ` before and after the code (and no space in the beginning of the line):
https://help.github.com/en/articles/basic-writing-and-formatting-syntax#quoting-code

@BeckeBauer

This comment has been minimized.

Copy link
Author

commented Jul 12, 2019

  1. Create a PHP file with the following content:
<?php

namespace FOS\UserBundle\EventListener;

use Psr\Log\LoggerInterface;
use Symfony\Component\HttpFoundation\RequestStack;

class FailedLoginListener
{

    /**
     * @var LoggerInterface
     */
    private $logger;

    /**
     * @var RequestStack
     */
    private $request;

    /**
     * @param LoggerInterface $logger
     * @param RequestStack $request
     */
    public function __construct(LoggerInterface $logger, RequestStack $request)
    {
        $this->logger = $logger;
        $this->request = $request;
    }

    /**
     * onAuthenticationFailure
     */
    public function onAuthenticationFailure()
    {
        $ipAddress = $this->request->getCurrentRequest()->getClientIp();
        $this->logger->error('Authentication failed for IP: ' . $ipAddress);
    }

}
  1. Save it to kimai2\vendor\friendsofsymfony\user-bundle\EventListener as FailedLoginListener.php (or give it a different name if you do not like it and rename the class accordingly)

  2. Add the following code to service.yaml in kimai2\config

    # ================================================================================
    # Logging IP Addresses on Failed Authorisation
    # ================================================================================   
    app.security.authentication_event_listener:
        class: FOS\UserBundle\EventListener\FailedLoginListener
        arguments: ["@logger","@request_stack"]
        tags:
            - { name: kernel.event_listener, event: security.authentication.failure, method: onAuthenticationFailure }
  1. Run
    composer install --no-dev --optimize-autoloader
    bin/console cache:clear --env=prod
    bin/console cache:warmup --env=prod

  2. To test: use wrong login credentials and check your prod.log

@kevinpapst

This comment has been minimized.

Copy link
Owner

commented Jul 12, 2019

Ok, you have a working solution for now, great & thanks for sharing!

Then let me see what I can make of that. This implementation is far from being ideal ;-)

@BeckeBauer

This comment has been minimized.

Copy link
Author

commented Jul 12, 2019

one remark: the following expression to be used in the filter for fail2ban is working:

failregex = Authentication failed for IP: <HOST>
@kevinpapst

This comment has been minimized.

Copy link
Owner

commented Jul 26, 2019

Hey @BeckeBauer , do you want to test the new Fail2Ban bundle?
See https://www.kimai.org/store/fail2ban-bundle.html
Feedback can be left here: https://github.com/Keleo/Fail2BanBundle
The log format and file changed... but it makes your change update safe.

@BeckeBauer

This comment has been minimized.

Copy link
Author

commented Jul 26, 2019

I will do tonight

@kevinpapst kevinpapst added this to the 1.2 milestone Jul 26, 2019

@kevinpapst kevinpapst added the plugin label Jul 26, 2019

@kevinpapst

This comment has been minimized.

Copy link
Owner

commented Jul 26, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.