Fail2Ban für fehlgeschlagene Logins
Ein Fail2Ban-kompatibles Plugin, das fehlgeschlagene Anmeldungen protokolliert
Kevin Papst
A Kimai plugin, which logs an error message for every failed login attempt to a dedicated logfile.
This logfile can be analyzed by fail2ban
to block access and prevent authentication attacks.
Fail2Ban configurations
You should know how to use and configure fail2ban
, we cannot help with that part!
Having said that, here are some possible rules for your fail2ban
configuration.
First the Kimai specific filter:
#/etc/fail2ban/filter.d/kimai2.conf
[Definition]
failregex = fail2ban.ERROR: <HOST> \[.*\] \[.*\]$
And the additional jail.local for Kimai:
#/etc/fail2ban/jail.local
[kimai2]
enabled = true
filter = kimai2
logpath = /var/www/kimai2/var/log/fail2ban.log
port = http,https
bantime = 600
banaction = iptables-multiport
maxretry = 3
Now touch the file to make sure it exists:
touch /var/www/kimai2/var/log/fail2ban.log
Credits
- Bundle inspired by this blog entry
- Thanks also to @BeckeBauer for the idea and the initial try
- Find config documentation in the fail2ban wiki
Kompatibilität
Die folgende Tabelle enthält einen Vergleich zwischen Plugin und benötigter Kimai Version.
Plugin Version | Minimale Kimai Version |
---|---|
2.2.0 | 2.17.0 |
2.1.0 | 2.17.0 |
2.0 | 2.0.0 |
Installation
Dateien kopieren
Extract the ZIP file and upload the included directory and all files to your Kimai installation to the new directory:
The file structure needs to look like this afterwards:
Cache leeren
After uploading the files, Kimai needs to know about the new plugin. It will be found once the cache was re-built. Call these commands from the Kimai directory:
How to reload Kimai cache
bin/console kimai:reload --env=prod
It is not advised, but in case the above command fails you could try:
rm -r var/cache/prod/*
You might have to set file permissions afterwards:
Adjust file permission
You have to allow PHP (your webserver process) to write to var/
and it subdirectories.
Here is an example for Debian/Ubuntu, to be executed inside the Kimai directory:
chown -R :www-data .
chmod -R g+r .
chmod -R g+rw var/
You might not need these commands in a shared-hosting environment.
And you probably need to prefix them with sudo
and/or the group might be called different from www-data
.
Aktualisierung
Updating the plugin works exactly like the installation:
- Delete the directory
var/plugins/Fail2BanBundle/
-
Execute all installation steps again:
- Dateien kopieren
- Cache leeren