Giter Club home page Giter Club logo

fail2banbundle's Introduction

Fail2BanBundle

A Kimai plugin, which logs an error message for every failed login attempt to a dedicated logfile.

This logfile can be analyzed by fail2ban to block access and prevent authentication attacks.

Installation

This plugin is compatible with the following Kimai releases:

Bundle version Minimum Kimai version
2.0 2.0.0
1.1 - 1.2 1.18
1.0 - 1.0.1 1.0

You find the most notable changes between the versions in the file CHANGELOG.md.

Download and extract the compatible release in var/plugins/ (see plugin docs).

The file structure needs to look like this afterwards:

var/plugins/
├── Fail2BanBundle
│   ├── Fail2BanBundle.php
|   └ ... more files and directories follow here ... 

Then rebuild the cache:

bin/console kimai:reload --env=prod

Fail2Ban configurations

You should know how to use and configure fail2ban, we cannot help with that part! Having said that, here are some possible rules for your fail2ban configuration.

First the Kimai specific filter:

#/etc/fail2ban/filter.d/kimai2.conf
[Definition]
failregex = fail2ban.ERROR: <HOST> \[.*\] \[.*\]$

And the additional jail.local for Kimai2:

#/etc/fail2ban/jail.local
[kimai2]
enabled   = true
filter    = kimai2
logpath   = /var/www/kimai2/var/log/fail2ban.log
port      = http,https
bantime   = 600
banaction = iptables-multiport
maxretry  = 3

Now touch the file to make sure it exists:

touch /var/www/kimai2/var/log/fail2ban.log

Credits

fail2banbundle's People

Contributors

kernie avatar kevinpapst avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar

fail2banbundle's Issues

install of version 1.1 failing

Hi,

tried to update the plugin to the new 1.1 version in the usual way:

  1. remove old plugin directory
  2. copy new plugin file over to plugin directory
  3. do the kimai:reload
  4. adapt file permissions and group

However, step 3 results in this warning:

bin/console kimai:reload --env=prod
PHP Warning:  include(/srv/www/htdocs/kimai_v2/kimai2/vendor/composer/../../var/plugins/Fail2BanBundle/Fail2BanPlugin.php): Failed to open stream: No such file or directory in /srv/www/htdocs/kimai_v2/kimai2/vendor/composer/ClassLoader.php on line 571
PHP Warning:  include(): Failed opening '/srv/www/htdocs/kimai_v2/kimai2/vendor/composer/../../var/plugins/Fail2BanBundle/Fail2BanPlugin.php' for inclusion (include_path='.:/usr/share/php') in /srv/www/htdocs/kimai_v2/kimai2/vendor/composer/ClassLoader.php on line 571

And the plugin is not shown at kimai2.site/en/admin/plugins

Kimai version: 1.22.1
PHP: 8.0
OS: Ubuntu 20

Questionable fail2ban logging

So I tested out if fail2ban was working, as it doesn't generate a fail2ban.log file upon activation. And I noticed a few things which might be worth looking into?

First, the plugin doesn't generate a fail2ban.log file until a failed login-attempt has been made. The problem with this is that fail2ban will crash if a logfile is not found, meaning no protection as the service is terminated.
It will not mention that if you just restart fail2ban (so that is bad on their part), but I think an easy-fix is to just generate an empty file if not exist upon starting kimai?

Second, I tested a failed-login attempt which printed the following entry:

[2022-08-01 15:38:18] fail2ban.ERROR: 127.0.0.1 [] []

I am pretty sure fail2ban won't ban the localhost, but it is pretty curious how it should protect against brute-force logins if this is all the information it gets.

Information:
Kimai version: 1.21 stable
Ubuntu 20.04
plugin version: I cloned the github today, so not sure? I guese 1.1, but I cannot confirm it as it doesn't show up in the plugins-list in the admin-panel.

If you need additional information, feel free to ask!

Plugin does not appear

Hi,

I installed the plugin following the README, I rebuild the cache but the plugin does not appear under System - Plugins

plugins

Kimai version: 2.0.26
Plugin version: 2.0

Thanks

correct documentation

nice work, works flawless, thank you!
Just 2 minor suggestions:

  • in your documentation you suggest to name the filter = symfony in the jail.local. Since you also suggest to name the Kimai specific filter #/etc/fail2ban/filter.d/kimai2.conf (and not symfony.conf), the filter name has to be filter = kimai2 in the jail.local
  • it would be nice to have some hint about the plugin being installed even though there are no options to configure it within Kimai
    screenshot

Advice on Implementation on Docker with Host Using nginx?

First of all, I'd like to express my gratitude for creating such an amazing project. Thank you for your hard work and dedication!

I am writing to seek your assistance with implementing Fail2ban for Kimai, which is running in Docker and Nginx, while Fail2ban is running in the host machine.

I've been trying to figure out the best approach for implementing Fail2ban to secure my Kimai installation, but I'm not sure how to configure it properly. I would greatly appreciate any guidance or tips that you may have on this.

Some of the specific issues that I'm encountering include:

  • How to configure Fail2ban to monitor the logs of Kimai running in Docker and Nginx on the host machine. I'd like to have fail2ban at that level as I have many other instances already using it. I can't get Kimai to detect the bad login and write it to the syslog. I'm using the following right now in my docker configuration:

  • logging:
    driver: "syslog"
    options:
      tag: "kimai-time"
    
  • What would be the best Fail2ban filter and regex to use for detecting and banning suspicious activity in Kimai. I'm using the default one you provided.

  • Any other considerations or best practices that I should be aware of when implementing Fail2ban for Kimai in Docker.

I would be grateful if you could provide any assistance or point me in the right direction. Thank you again for your amazing project and for any help that you can offer. Thank you!

Cheers.

Steve.

No log file using Docker

I'm using kimai/kimai2 Docker image and downloaded v2 of the bundle (even though container reports as 1.30.11 stable (Ayumi). I installed the plugin (extracted, renamed, rebuild cache, fixed permissions) hopefully correctly at least it shows in the Web-GUI and there are no errors in the log. However, testing it with false logins does not log anything. Neither an error in the existing logs nor anything to fail2ban.log (did touch the file and it has the correct permissions). Any ideas where I might have gone wrong?

Failed during configuration: Have not found any log file for kimai2 jail

Debian 10/11
Fail2ban expect a log file:
/var/www/kimai2/var/log/fail2ban.log
that, right after install , doesn't exist (no one has tried to authenticate with wrong credentials yet).

The problem is solved by trying to log in with the wrong credentials once.
It might be helpful to report this in the documentation or create the file.

nb. this is a limitation of fail2ban but it affect the installation process:
fail2ban/fail2ban#1593

Thanks

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.