Log “Invalid username or password” plus IP of the request (Allow detection of attacks with fail2ban) #21310
Comments
|
cc @marefr |
|
@castillo92 interesting in contributing? Think something along these lines would be sufficient: diff --git a/pkg/middleware/middleware.go b/pkg/middleware/middleware.go
index 1febc3f..7e44884 100644
--- a/pkg/middleware/middleware.go
+++ b/pkg/middleware/middleware.go
@@ -70,7 +70,7 @@ func GetContextHandler(
case initContextWithAnonymousUser(ctx):
}
- ctx.Logger = log.New("context", "userId", ctx.UserId, "orgId", ctx.OrgId, "uname", ctx.Login)
+ ctx.Logger = log.New("context", "userId", ctx.UserId, "orgId", ctx.OrgId, "uname", ctx.Login, "ip", c.RemoteAddr())
ctx.Data["ctx"] = ctx
c.Map(ctx) |
|
Hello @marefr, and thanks for the coding. I think it could be enough too. I'm interesting in contributing, but I'm not fell comfortable working in that huge project, because I don't know the variables nor the roadmap. I could'n do the code because I don't know, for example: But, if you could tell me something or explain where I can help, I will learn some basics of the project and I could will do. Right now I am helping in the spanish (Spain) translation of NextCloud proyect using Transifex, but I can't prove my ability in GitHub |
|
Anyone working on this? I am interested to contribute. |
|
@thedeveloperr no. Please go ahead |
|
@marefr |
|
Sorry, I just dug in Macaron source and figured that Macaron already does that .....attach real ip to RemoteAddr in it's request context. So I think I can directly use it. |
|
I am getting a 500 error and failed e2e test. It says phantomjs not properly installed. I reinstalled node_modules but still facing this issue. Is there something else I need to install or do to resolve this ?
|
|
I am looking into this as well, but am actually seeing everything I need in the logs. Here is what happens when I fail to log in, it shows me my IP with path=/login which should be sufficient:
|
|
Here is the crude And this is my I then restarted |
|
I have opened a PR to add additional info to login attempt logs. So i think
the PR will fix your logout log triggering too
…On Mon, 20 Jan, 2020, 10:12 AM Frédéric Sagnes, ***@***.***> wrote:
Here is the crude /etc/fail2ban/filter.d/grafana.conf file that worked
for me:
[Definition]
failregex= method=POST path=/login status=401 remote_addr=<HOST>
And this is my /etc/fail2ban/jail.d/grafana.conf:
[grafana]
enabled = true
filter = grafana
logpath = /var/log/grafana/grafana.log
bantime = 28800
maxretry = 3
I then restarted fail2ban and it all works. The only issue is that logging
out triggers a message that is exactly similar to a failed login (I guess
you just call the same API to log out and it returns a 401 error),
something that could be fixed if you are looking at cleaning up the log
output.
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#21310?email_source=notifications&email_token=AFTAFNAZY63CCFNISGUZTTLQ6UTSDA5CNFSM4KB4UKAKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEJLKJAQ#issuecomment-576103554>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AFTAFNED35ASOXRUTB7CFVDQ6UTSDANCNFSM4KB4UKAA>
.
|
|
@marefr and @thedeveloperr thanks you very much! Your improvements are great |
|
Any idea when this will be reviewed and implemented? I'm anxiously awaiting this functionality! |
Me too, @thedeveloperr could you explain us whats is the state of the PR you did? |
|
Waiting for a review. The PR is single line change only.
…On Sun, 2 Feb, 2020, 11:55 PM castillo92, ***@***.***> wrote:
Any idea when this will be reviewed and implemented? I'm anxiously
awaiting this functionality!
Me too, @thedeveloperr <https://github.com/thedeveloperr> could you
explain us whats is the state of the PR you did?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#21310?email_source=notifications&email_token=AFTAFNAWREE3C4HLHMTIRVLRA4FY5A5CNFSM4KB4UKAKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKR5NSA#issuecomment-581162696>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AFTAFNH5JUYAX7ST7WOGF63RA4FY5ANCNFSM4KB4UKAA>
.
|
Thanks you very much. We will wait. |
|
@marefr Is there anything else required from my side ? |
Did you received the review? The code is in production? |
|
@thedeveloperr @marefr is there any update on this? |
|
@tkohhh I have made those changes. Sorry for delay. |
Includes IP address when logging request error, for example when a user fails to login. Fixes #21310
|
Great work guys... can't wait to get 6.7 installed! Thanks for all your efforts! |
|
Thanks to all of you! =) Implemented in Grafana 4.7 Beta1 |
|
Now that this is implemented how do I add it to fail2ban? |
|
Take a look at the post on the Grafana forums: https://community.grafana.com/t/how-can-we-set-up-fail2ban-to-protect-our-dashboard/21962/5 If you have any questions, reply to that thread and I'll give you some more information! |
What would you like to be added:
I would like to be added in the logs of Grafana the IP of the request within the line who say “Invalid username or password”
Grafana is logging failed attemps of logins but do not write the IP of the request
Why is this needed:
I think it could help to improve the security.
Some people have Fail2Ban protecting services, and Grafana can not be protected because Fail2Ban can read that has been an failed trying of login but not the IP.
Here is an example of the log of Grafana:
I would like that Grafana write: or something else
t=2019-10-15T15:58:43+0200 lvl=eror msg=“Invalid username or password from 177.166.155.44” logger=context userId=0 orgId=0 uname= error=“Invalid Username or Password”I opened a post in the community of Grafana:
https://community.grafana.com/t/how-can-we-set-up-fail2ban-to-protect-our-dashboard/21962
@tkohhh
The text was updated successfully, but these errors were encountered: