Kimai
Fail2Ban per a inici de sessió
Un connector compatible amb Fail2Ban, que registra les sol·licituds d'autenticació fallides
Kevin Papst
A Kimai plugin, which logs an error message for every failed login attempt to a dedicated logfile.
This logfile can be analyzed by fail2ban to block access and prevent authentication attacks.
Fail2Ban configurations
You should know how to use and configure fail2ban, we cannot help with that part!
Having said that, here are some possible rules for your fail2ban configuration.
First the Kimai specific filter:
#/etc/fail2ban/filter.d/kimai2.conf
[Definition]
failregex = ^\[.*?\] fail2ban\.ERROR: <HOST> \[\]
If that doesn’t match, you could try this regexp instead:
failregex = fail2ban.ERROR: <HOST>
And the additional jail.local for Kimai:
#/etc/fail2ban/jail.local
[kimai2]
enabled = true
filter = kimai2
logpath = /var/www/kimai2/var/log/fail2ban.log
port = http,https
bantime = 600
banaction = iptables-multiport
maxretry = 3
Now touch the file to make sure it exists:
touch /var/www/kimai2/var/log/fail2ban.log
Credits
- Bundle inspired by this blog entry
- Thanks also to @BeckeBauer for the idea and the initial try
- Find config documentation in the fail2ban wiki
Compatibilitat
La taula següent conté una comparació entre el connector i la versió mínima de Kimai requerida.
| Versió del paquet | Versió mínima de Kimai |
|---|---|
| 2.2.0 | 2.17.0 |
| 2.1.0 | 2.17.0 |
| 2.0.0 | 2.0.0 |
Instal·lació
Copiar fitxers
Extract the ZIP file and upload the included directory and all files to your Kimai installation to the new directory:
var/plugins/Fail2BanBundle/The file structure needs to look like this afterwards:
var/plugins/
├── Fail2BanBundle
│ ├── Fail2BanBundle.php
| └ ... more files and directories follow here ...Netejar la memòria cau
After uploading the files, Kimai needs to know about the new plugin. It will be found once the cache was re-built. Call these commands from the Kimai directory:
How to reload Kimai cache
bin/console kimai:reload --env=prod
It is not advised, but in case the above command fails you could try:
rm -r var/cache/prod/*
You might have to set file permissions afterwards:
Adjust file permission
You have to allow PHP (your webserver process) to write to var/ and it subdirectories.
Here is an example for Debian/Ubuntu, to be executed inside the Kimai directory:
chown -R :www-data .
chmod -R g+r .
chmod -R g+rw var/
You might not need these commands in a shared-hosting environment.
And you probably need to prefix them with sudo and/or the group might be called different from www-data.
Actualitzacions
Updating the plugin works exactly like the installation:
- Delete the directory
var/plugins/Fail2BanBundle/ -
Execute all installation steps again:
- Copiar fitxers
- Netejar la memòria cau