[Evergreen-dev] Authentication Logging Options

Blake Graham-Henderson blake at mobiusconsortium.org
Tue Apr 9 14:45:01 EDT 2024 

Josh,

Are you aware of the Evergreen feature hidden inside the open-ils.auth 
settings:

...
<app_settings>
                     <!-- defined app-specific settings here -->
                     <auth_limits>
                         <seed>30</seed> <!-- amount of time a seed 
request is valid for -->
                         <block_time>90</block_time> <!-- amount of time 
since last auth or seed request to save failure counts -->
                         <block_count>10</block_count> <!-- number of 
failures before blocking access -->
                     </auth_limits>
</app_settings>
...

Using memcached, the system keeps track of the number of failures in a 
period of time. And will automatically block subsequent login attempts 
for a configurable amount of time.

-Blake-
Conducting Magic
Will consume any data format
MOBIUS

On 4/9/2024 1:31 PM, Josh Stompro via Evergreen-dev wrote:
> Hello, I'm curious about getting a log of all successful and 
> unsuccessful logins to our Evergreen system. Along with extra info 
> like IP address and user agent when the request comes in through a web 
> form.
>
> I would like a simple way to make use of tools like fail2ban to 
> protect against brute force login attacks and to have a good log for 
> staff account logins that could be kept longer than our full logs 
> might be kept.
>
> Does anyone have something like that setup already?
>
> The actor.usr_activity data doesn't track unsuccessful logins or info 
> like IP addresses.  And I think it only tracks the last successful login.
>
> I can see some  oils_auth.c logs that show a success/failure took place
>
> open-ils.auth 2024-04-09 13:14:26 
> [INFO:1950887:oils_auth.c:847:17126388021950749339] failed login: 
> username=user, barcode=(none), workstation=
>
> open-ils.auth 2024-04-09 13:11:33 
> [ACT:1950868:oils_auth.c:641:17126388021949775649] successful login: 
> username=user, authtoken=12345
>
> But no IP address info is available at that point I'm assuming.  Maybe 
> I need to look at generating the log closer to the web server.
>
> Thanks
> Josh
>
> Company logo 	
> *Josh Stompro*
> IT Director
> stomproj at gsuite.larl.org 
> <mailto:stomproj at gsuite.larl.org>| 218-233-3757 ext. 139| 218-790-2110
> *Lake Agassiz Regional Library *
> 118 5th ST S
> Moorhead MN 56560
> www.larl.org <http://www.larl.org>
> /Our mission is to enrich lives and strengthen communities./
>
>
> _______________________________________________
> Evergreen-dev mailing list
> Evergreen-dev at list.evergreen-ils.org
> http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.evergreen-ils.org/pipermail/evergreen-dev/attachments/20240409/24513170/attachment.htm>

More information about the Evergreen-dev mailing list