<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Josh,<br>
<br>
Are you aware of the Evergreen feature hidden inside the
open-ils.auth settings:<br>
<br>
...<br>
<app_settings><br>
<!-- defined app-specific settings here
--><br>
<auth_limits><br>
<seed>30</seed> <!-- amount
of time a seed request is valid for --><br>
<block_time>90</block_time>
<!-- amount of time since last auth or seed request to save
failure counts --><br>
<block_count>10</block_count>
<!-- number of failures before blocking access --><br>
</auth_limits><br>
</app_settings><br>
...<br>
<br>
Using memcached, the system keeps track of the number of failures in
a period of time. And will automatically block subsequent login
attempts for a configurable amount of time.<br>
<pre class="moz-signature" cols="72">-Blake-
Conducting Magic
Will consume any data format
MOBIUS
</pre>
<div class="moz-cite-prefix">On 4/9/2024 1:31 PM, Josh Stompro via
Evergreen-dev wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAGOQQft_wV=MvOcTy_UarxxURsK=30u0A1WJX4PmUFNtQU6UhQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Hello, I'm curious about getting a log of all
successful and unsuccessful logins to our Evergreen system.
Along with extra info like IP address and user agent when the
request comes in through a web form.
<div><br>
</div>
<div>I would like a simple way to make use of tools like
fail2ban to protect against brute force login attacks and to
have a good log for staff account logins that could be kept
longer than our full logs might be kept.</div>
<div><br>
</div>
<div>Does anyone have something like that setup already?</div>
<div><br>
</div>
<div>The actor.usr_activity data doesn't track
unsuccessful logins or info like IP addresses. And I think it
only tracks the last successful login.</div>
<div><br>
</div>
<div>I can see some oils_auth.c logs that show a
success/failure took place</div>
<div><br>
</div>
<div>open-ils.auth 2024-04-09 13:14:26
[INFO:1950887:oils_auth.c:847:17126388021950749339] failed
login: username=user, barcode=(none), workstation=<br>
</div>
<div><br>
</div>
<div>open-ils.auth 2024-04-09 13:11:33
[ACT:1950868:oils_auth.c:641:17126388021949775649] successful
login: username=user, authtoken=12345<br>
</div>
<div><br>
</div>
<div>But no IP address info is available at that point I'm
assuming. Maybe I need to look at generating the log closer
to the web server.</div>
<div><br>
</div>
<div>Thanks</div>
<div>Josh</div>
<div><br>
<div>
<div>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<table style="padding:0px;margin:10px 0;border:none">
<tbody>
<tr>
<td
style="vertical-align:middle;padding:0 7px 0 0"><img alt="Company logo"
src="https://storage.googleapis.com/signaturesatori/customer-C039u5c5y/images/7DIM6.png"
moz-do-not-send="true" width="125"
height="107"></td>
<td
style="border-left:3px solid #e8e8e8;padding:7px 0 0 10px">
<div
style="font-family:'arial','helvetica',sans-serif;font-size:14px;line-height:17px;font-weight:bold;color:#ee8e16"><span
style="color:#000000"><strong>Josh Stompro</strong></span></div>
<div
style="font-family:'arial','helvetica',sans-serif;font-size:12px;line-height:14px;font-weight:normal;color:#000000;margin-bottom:10px">IT
Director<br>
<a href="mailto:stomproj@gsuite.larl.org"
target="_blank" moz-do-not-send="true"><span
style="color:#1b4698">stomproj@gsuite.larl.org</span></a><span
style="color:#1b4698"> </span>| 218-233-3757
ext. 139<span
style="font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:small;color:rgb(32,33,36)"> </span>| 218-790-2110</div>
<div
style="font-family:'arial','helvetica',sans-serif;font-size:12px;line-height:14px;color:#000000"><strong>Lake
Agassiz Regional Library </strong></div>
<div
style="font-family:'arial','helvetica',sans-serif;font-size:12px;line-height:14px;font-weight:normal;color:#000000;margin-bottom:10px">118
5th ST S<br>
Moorhead MN 56560<br>
<a href="http://www.larl.org"
target="_blank" moz-do-not-send="true"><span
style="color:#1b4698">www.larl.org</span></a><br>
<em>Our mission is to enrich lives and
strengthen communities.</em></div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Evergreen-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Evergreen-dev@list.evergreen-ils.org">Evergreen-dev@list.evergreen-ils.org</a>
<a class="moz-txt-link-freetext" href="http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-dev">http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>