[Evergreen-dev] Authentication Logging Options

Josh Stompro stomproj at gsuite.larl.org
Tue Apr 9 15:33:35 EDT 2024 

Thanks Blake, I wasn't aware of the built in rate limiting.  I'll look at
the commits for that feature and for those log entries.

Josh


On Tue, Apr 9, 2024 at 1:45 PM Blake Graham-Henderson via Evergreen-dev <
evergreen-dev at list.evergreen-ils.org> wrote:

> Josh,
>
> Are you aware of the Evergreen feature hidden inside the open-ils.auth
> settings:
>
> ...
> <app_settings>
>                     <!-- defined app-specific settings here -->
>                     <auth_limits>
>                         <seed>30</seed> <!-- amount of time a seed request
> is valid for -->
>                         <block_time>90</block_time> <!-- amount of time
> since last auth or seed request to save failure counts -->
>                         <block_count>10</block_count> <!-- number of
> failures before blocking access -->
>                     </auth_limits>
> </app_settings>
> ...
>
> Using memcached, the system keeps track of the number of failures in a
> period of time. And will automatically block subsequent login attempts for
> a configurable amount of time.
>
> -Blake-
> Conducting Magic
> Will consume any data format
> MOBIUS
>
>
> On 4/9/2024 1:31 PM, Josh Stompro via Evergreen-dev wrote:
>
> Hello, I'm curious about getting a log of all successful and
> unsuccessful logins to our Evergreen system.  Along with extra info like IP
> address and user agent when the request comes in through a web form.
>
> I would like a simple way to make use of tools like fail2ban to protect
> against brute force login attacks and to have a good log for staff account
> logins that could be kept longer than our full logs might be kept.
>
> Does anyone have something like that setup already?
>
> The actor.usr_activity data doesn't track unsuccessful logins or info like
> IP addresses.  And I think it only tracks the last successful login.
>
> I can see some  oils_auth.c logs that show a success/failure took place
>
> open-ils.auth 2024-04-09 13:14:26
> [INFO:1950887:oils_auth.c:847:17126388021950749339] failed login:
> username=user, barcode=(none), workstation=
>
> open-ils.auth 2024-04-09 13:11:33
> [ACT:1950868:oils_auth.c:641:17126388021949775649] successful login:
> username=user, authtoken=12345
>
> But no IP address info is available at that point I'm assuming.  Maybe I
> need to look at generating the log closer to the web server.
>
> Thanks
> Josh
>
> [image: Company logo]
> *Josh Stompro*
> IT Director
> stomproj at gsuite.larl.org | 218-233-3757 ext. 139 | 218-790-2110
> *Lake Agassiz Regional Library *
> 118 5th ST S
> Moorhead MN 56560
> www.larl.org
> *Our mission is to enrich lives and strengthen communities.*
>
> _______________________________________________
> Evergreen-dev mailing listEvergreen-dev at list.evergreen-ils.orghttp://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-dev
>
>
> _______________________________________________
> Evergreen-dev mailing list
> Evergreen-dev at list.evergreen-ils.org
> http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.evergreen-ils.org/pipermail/evergreen-dev/attachments/20240409/d18ffbd2/attachment-0001.htm>

More information about the Evergreen-dev mailing list