Software development company founded by Kevin Papst
A Kimai plugin, which logs an error message for every failed login attempt to a dedicated logfile.
This logfile can be analyzed by fail2ban
to block access and prevent authentication attacks.
You should know how to use and configure fail2ban
, we cannot help with that part!
Having said that, here are some possible rules for your fail2ban
configuration.
First the Kimai specific filter:
#/etc/fail2ban/filter.d/kimai2.conf
[Definition]
failregex = fail2ban.ERROR: <HOST> \[.*\] \[.*\]$
And the additional jail.local for Kimai2:
#/etc/fail2ban/jail.local
[kimai2]
enabled = true
filter = kimai2
logpath = /var/www/kimai2/var/log/fail2ban.log
port = http,https
bantime = 600
banaction = iptables-multiport
maxretry = 3
Extract the ZIP file and upload the included directory and all files to your Kimai installation to the new directory:
var/plugins/Fail2BanBundle/
Or you can clone it directly to the var/plugins/
directory of your Kimai installation:
cd kimai/var/plugins/
git clone https://github.com/Keleo/Fail2BanBundle.git
The file structure needs to like like this afterwards:
var/plugins/
├── Fail2BanBundle
│ ├── Fail2BanBundle.php
| └ ... more files and directories follow here ...
After uploading the files, Kimai needs to know about the new plugin. It will be found once the cache was re-built. Call these commands from the Kimai directory:
bin/console kimai:reload --env=prod
FTP users: please have a look at this documentation.
If you are running an older version of Kimai (before 1.8) you have to use:
bin/console cache:clear --env=prod
bin/console cache:warmup --env=prod
You might have to set file permissions afterwards:
You have to allow PHP (your webserver process) to write to
var/
and it subdirectories.
Here is an example for Debian/Ubuntu (to be executed inside the Kimai directory):
chown -R :www-data .
chmod -R g+r .
chmod -R g+rw var/
chmod -R g+rw public/avatars/
Test Kimai before executing these commands (they are likely not required in a shared-hosting environment).
You probably need to prefix them with sudo
and
the group might be called different than www-data
.
Updating the plugin works exactly like the installation:
var/plugins/Fail2BanBundle/
Audit-Trail plugin
Records detailed change/audit logs for timesheets, customers, projects and activities and displays them in a per-item timeline.
|
plugin
|
29€ | |
Custom-fields plugin
Create free configurable additional (optional and mandatory) fields for timesheets, customers, projects and activities in various formats.
|
plugin
|
49€ | |
Expenses plugin
Keep track of your expenses based on a customer, project and activity. These expenses can be categorized and included in your invoices.
|
plugin
|
49€ | |
Kiosk plugin
Attendance time-tracking in an environment, where the user has no access to Kimai (eg. in a warehouse) by using a barcode or RFID scanner to start and stop timesheets.
|
plugin
|
199€ | |
Task management plugin
Create tasks, start/stop/pause them, assign them to users and teams - a todo-list management plugin that is connected to your time-tracker and adds two new dashboard widgets
|
plugin
|
49€ |
Console client (PHAR) |
client
|
free | |
Custom CSS plugin |
plugin
|
free | |
Custom plugin development |
development
support
|
||
Fail2Ban plugin |
plugin
|
free | |
Fixed invoice data format (by language) |
plugin
|
free | |
Grandtotal plugin |
3rd party
|
free | |
Installation & Update support |
support
|
||
Recalculate rates plugin |
plugin
|
free |