how to track webadmin login failures?

I'm trying to tweak fail2ban <http://www.fail2ban.org/
> to function with
Kolab.  Fail2ban monitors log files and temporarily blocks
any IP with 5+
authentication failures in a ten minute period (blocked with
iptables for
10 minutes).  This requires a regular expression to find
such failures,
and I can't figure out how to do that with the
kolab-webadmin interface.

I did find cyrus (sieve/imap) configs over at
https://trac.cyconet.org/debian/browser/configs/fail2ban

(they need some tweaking, but it was a good start).

Ideas?

_______________________________________________
Kolab-users mailing list
Kolab-userskolab.org
https:
//kolab.org/mailman/listinfo/kolab-users

Adam Katz <kolabkhopis.com> writes:

> I'm trying to tweak fail2ban <http://www.fail2ban.org/
> to function with
> Kolab.  Fail2ban monitors log files and temporarily
blocks any IP with 5+
> authentication failures in a ten minute period (blocked
with iptables for
> 10 minutes).  This requires a regular expression to
find such failures,
> and I can't figure out how to do that with the
kolab-webadmin interface.

kolab-webadmin in its current state does write no log file.
This will
probably change in the future.

Cheers,

Gunnar

>
> I did find cyrus (sieve/imap) configs over at
> https://trac.cyconet.org/debian/browser/configs/fail2ban

> (they need some tweaking, but it was a good start).
>
> Ideas?
>
> _______________________________________________
> Kolab-users mailing list
> Kolab-userskolab.org
> https:
//kolab.org/mailman/listinfo/kolab-users

-- 
______ http://kdab.com
_______________ http://kolab-konsortium.c
om _

prdus Kolab work is funded in part by KDAB and the
Kolab Konsortium

____ http://www.pardus.de
_________________ http://gunnarwrobel.de _
E-mail : prdus.de                                 Dr. Gunnar
Wrobel
Tel.   : +49 700 6245 0000                         
Bundesstrasse 29
Fax    : +49 721 1513 52322                          D-20146
Hamburg
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~
   >> Mail at ease - Rent a kolab groupware server at
prdus <<                 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~

_______________________________________________
Kolab-users mailing list
Kolab-userskolab.org
https:
//kolab.org/mailman/listinfo/kolab-users

> kolab-webadmin in its current state does write no log
file. This will
> probably change in the future.

I did a quick-and-dirty implementation of logging (warning,
I don't know
PHP) on my server running Debian Etch's (non-OpenPKG) APT
packages for
kolab-webadmin (0.4.0-20060810) and kolabd (1.9.4-20060707).
 The diff for
auth.class.php is attached.

Note that the PHP code is called by a non-privileged user
(www-data on my
Debian box) and therefore the log file needs to be owned by
that user.  I
also didn't go to the effort of a configurable option to
define where the
log file is.  I'm happy the alteration affected only one
file, as it would
otherwise be hard to maintain once Debian's team updates
kolab-webadmin.

The log file format was inspired by how the logs from apache
look; I'm not
married to any of it, and all that I really care about are
the presence of
the error message and the IP address.

I'm not on the developers list, but I'm sure this will get
forwarded there
if that's desirable.


I personally think that this sort of log is necessary for
security
purposes (think "audit trail"), so if logging gets
implemented in a
back-port-able manner, it should probably find its way into
the official
Debian packages (perhaps in volatile instead of
Etch-updates).

-Adam
_______________________________________________
Kolab-users mailing list
Kolab-userskolab.org
https:
//kolab.org/mailman/listinfo/kolab-users

Adam Katz <kolabkhopis.com> writes:

>> kolab-webadmin in its current state does write no
log file. This will
>> probably change in the future.
>
> I did a quick-and-dirty implementation of logging
(warning, I don't know
> PHP) on my server running Debian Etch's (non-OpenPKG)
APT packages for
> kolab-webadmin (0.4.0-20060810) and kolabd
(1.9.4-20060707).  The diff for
> auth.class.php is attached.

Thanks for the contribution!

> Note that the PHP code is called by a non-privileged
user (www-data on my
> Debian box) and therefore the log file needs to be
owned by that user.  I
> also didn't go to the effort of a configurable option
to define where the
> log file is.  I'm happy the alteration affected only
one file, as it would
> otherwise be hard to maintain once Debian's team
updates kolab-webadmin.
>
> The log file format was inspired by how the logs from
apache look; I'm not
> married to any of it, and all that I really care about
are the presence of
> the error message and the IP address.
>
> I'm not on the developers list, but I'm sure this will
get forwarded there
> if that's desirable.
>
>
> I personally think that this sort of log is necessary
for security
> purposes (think "audit trail"), so if logging
gets implemented in a
> back-port-able manner, it should probably find its way
into the official
> Debian packages (perhaps in volatile instead of
Etch-updates).

Yes, you are certainly right that something like this should
be
provided by kolab-webadmin. We also had other people
requesting
logging from kolab-webadmin.

Currently kolab-webadmin has quite a few problems though and
a
restructuring is currently pending. I already invested some
time into
it and hope to be able to finish that soon. During that
restructuring
I'll also add the logging.

Cheers,

Gunnar

-- 
______ http://kdab.com
_______________ http://kolab-konsortium.c
om _

prdus Kolab work is funded in part by KDAB and the
Kolab Konsortium

____ http://www.pardus.de
_________________ http://gunnarwrobel.de _
E-mail : prdus.de                                 Dr. Gunnar
Wrobel
Tel.   : +49 700 6245 0000                         
Bundesstrasse 29
Fax    : +49 721 1513 52322                          D-20146
Hamburg
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~
   >> Mail at ease - Rent a kolab groupware server at
prdus <<                 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~

_______________________________________________
Kolab-users mailing list
Kolab-userskolab.org
https:
//kolab.org/mailman/listinfo/kolab-users