Fail2Ban voor inloggen
Een fail2ban-compatibele plugin die mislukte authenticatieverzoeken logt
A Kimai plugin, which logs an error message for every failed login attempt to a dedicated logfile.
This logfile can be analyzed by
fail2ban to block access and prevent authentication attacks.
You should know how to use and configure
fail2ban, we cannot help with that part!
Having said that, here are some possible rules for your
First the Kimai specific filter:
#/etc/fail2ban/filter.d/kimai2.conf [Definition] failregex = fail2ban.ERROR: <HOST> \[.*\] \[.*\]$
And the additional jail.local for Kimai:
#/etc/fail2ban/jail.local [kimai2] enabled = true filter = kimai2 logpath = /var/www/kimai2/var/log/fail2ban.log port = http,https bantime = 600 banaction = iptables-multiport maxretry = 3
Now touch the file to make sure it exists:
Extract the ZIP file and upload the included directory and all files to your Kimai installation to the new directory:
The file structure needs to look like this afterwards:
After uploading the files, Kimai needs to know about the new plugin. It will be found once the cache was re-built. Call these commands from the Kimai directory:
How to reload Kimai cache
It is not advised, but in case the above command fails you could try:
You might have to set file permissions afterwards:
Adjust file permission
You have to allow PHP (your webserver process) to write to
var/ and it subdirectories.
Here is an example for Debian/Ubuntu (to be executed inside the Kimai directory):
Updating the plugin works exactly like the installation:
- Delete the directory
Execute all installation steps again:
- Bestanden kopiëren
- Cache wissen
De volgende tabel bevat een vergelijking tussen de plugin en de vereiste minimale Kimai-versie.