free

Pricing for this item
Logo - Keleo

Keleo

Software development company founded by Kevin Papst

A fail2ban compatible plugin, logging failed authentication requests
Last update: 26 Jul 2019

A Kimai plugin, which logs an error message for every failed login attempt to a dedicated logfile.

This logfile can be analyzed by fail2ban to block access and prevent authentication attacks.

Fail2Ban configurations

You should know how to use and configure fail2ban, we cannot help with that part! Having said that, here are some possible rules for your fail2ban configuration.

First the Kimai specific filter:

#/etc/fail2ban/filter.d/kimai2.conf
[Definition]
failregex = fail2ban.ERROR: <HOST> \[.*\] \[.*\]$

And the additional jail.local for Kimai2:

#/etc/fail2ban/jail.local
[kimai2]
enabled   = true
filter    = kimai2
logpath   = /var/www/kimai2/var/log/fail2ban.log
port      = http,https
bantime   = 600
banaction = iptables-multiport
maxretry  = 3

Credits

Installation

Copy files

Extract the ZIP file and upload the included directory and all files to your Kimai installation to the new directory:

var/plugins/Fail2BanBundle/

Or you can clone it directly to the var/plugins/ directory of your Kimai installation:

cd kimai/var/plugins/
git clone https://github.com/Keleo/Fail2BanBundle.git

The file structure needs to like like this afterwards:

var/plugins/
├── Fail2BanBundle
│   ├── Fail2BanBundle.php
|   └ ... more files and directories follow here ...

Clear cache

After uploading the files, Kimai needs to know about the new plugin. It will be found once the cache was re-built. Call these commands from the Kimai directory:

How to reload Kimai cache

bin/console kimai:reload --env=prod

FTP users: please have a look at this documentation.

If you are running an older version of Kimai (before 1.8) you have to use:

bin/console cache:clear --env=prod
bin/console cache:warmup --env=prod

You might have to set file permissions afterwards:

Fix Kimai file permission

You have to allow PHP (your webserver process) to write to var/ and it subdirectories.

Here is an example for Debian/Ubuntu (to be executed inside the Kimai directory):

chown -R :www-data .
chmod -R g+r .
chmod -R g+rw var/
chmod -R g+rw public/avatars/

Test Kimai before executing these commands (they are likely not required in a shared-hosting environment). You probably need to prefix them with sudo and the group might be called different than www-data.

Updates

Updating the plugin works exactly like the installation:

  • Delete the directory var/plugins/Fail2BanBundle/
  • Execute all installation steps again:
    • Copy files
    • Clear cache

All items by Keleo

Audit-Trail plugin

Records detailed change/audit logs for timesheets, customers, projects and activities and displays them in a per-item timeline.
plugin
29€

Custom-fields plugin

Create free configurable additional (optional and mandatory) fields for timesheets, customers, projects and activities in various formats.
plugin
49€

Expenses plugin

Keep track of your expenses based on a customer, project and activity. These expenses can be categorized and included in your invoices.
plugin
49€

Kiosk plugin
New

Attendance time-tracking in an environment, where the user has no access to Kimai (eg. in a warehouse) by using a barcode or RFID scanner to start and stop timesheets.
plugin
199€

Task management plugin

Create tasks, start/stop/pause them, assign them to users and teams - a todo-list management plugin that is connected to your time-tracker and adds two new dashboard widgets
plugin
49€
Console client (PHAR)
client
free
Custom CSS plugin
plugin
free
Custom plugin development
development
support
Fail2Ban plugin
plugin
free
Grandtotal plugin
3rd party
free
Installation & Update support
support
Recalculate rates plugin
plugin
free