<div dir="ltr">Thanks Blake, I wasn't aware of the built in rate limiting. I'll look at the commits for that feature and for those log entries.<div><br></div><div>Josh</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 9, 2024 at 1:45 PM Blake Graham-Henderson via Evergreen-dev <<a href="mailto:evergreen-dev@list.evergreen-ils.org">evergreen-dev@list.evergreen-ils.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><u></u>
<div>
Josh,<br>
<br>
Are you aware of the Evergreen feature hidden inside the
open-ils.auth settings:<br>
<br>
...<br>
<app_settings><br>
<!-- defined app-specific settings here
--><br>
<auth_limits><br>
<seed>30</seed> <!-- amount
of time a seed request is valid for --><br>
<block_time>90</block_time>
<!-- amount of time since last auth or seed request to save
failure counts --><br>
<block_count>10</block_count>
<!-- number of failures before blocking access --><br>
</auth_limits><br>
</app_settings><br>
...<br>
<br>
Using memcached, the system keeps track of the number of failures in
a period of time. And will automatically block subsequent login
attempts for a configurable amount of time.<br>
<pre cols="72">-Blake-
Conducting Magic
Will consume any data format
MOBIUS
</pre>
<div>On 4/9/2024 1:31 PM, Josh Stompro via
Evergreen-dev wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hello, I'm curious about getting a log of all
successful and unsuccessful logins to our Evergreen system.
Along with extra info like IP address and user agent when the
request comes in through a web form.
<div><br>
</div>
<div>I would like a simple way to make use of tools like
fail2ban to protect against brute force login attacks and to
have a good log for staff account logins that could be kept
longer than our full logs might be kept.</div>
<div><br>
</div>
<div>Does anyone have something like that setup already?</div>
<div><br>
</div>
<div>The actor.usr_activity data doesn't track
unsuccessful logins or info like IP addresses. And I think it
only tracks the last successful login.</div>
<div><br>
</div>
<div>I can see some oils_auth.c logs that show a
success/failure took place</div>
<div><br>
</div>
<div>open-ils.auth 2024-04-09 13:14:26
[INFO:1950887:oils_auth.c:847:17126388021950749339] failed
login: username=user, barcode=(none), workstation=<br>
</div>
<div><br>
</div>
<div>open-ils.auth 2024-04-09 13:11:33
[ACT:1950868:oils_auth.c:641:17126388021949775649] successful
login: username=user, authtoken=12345<br>
</div>
<div><br>
</div>
<div>But no IP address info is available at that point I'm
assuming. Maybe I need to look at generating the log closer
to the web server.</div>
<div><br>
</div>
<div>Thanks</div>
<div>Josh</div>
<div><br>
<div>
<div>
<div dir="ltr" class="gmail_signature">
<div dir="ltr">
<table style="padding:0px;margin:10px 0px;border:none">
<tbody>
<tr>
<td style="vertical-align:middle;padding:0px 7px 0px 0px"><img alt="Company logo" src="https://storage.googleapis.com/signaturesatori/customer-C039u5c5y/images/7DIM6.png" width="125" height="107"></td>
<td style="border-left:3px solid rgb(232,232,232);padding:7px 0px 0px 10px">
<div style="font-family:arial,helvetica,sans-serif;font-size:14px;line-height:17px;font-weight:bold;color:rgb(238,142,22)"><span style="color:rgb(0,0,0)"><strong>Josh Stompro</strong></span></div>
<div style="font-family:arial,helvetica,sans-serif;font-size:12px;line-height:14px;font-weight:normal;color:rgb(0,0,0);margin-bottom:10px">IT
Director<br>
<a href="mailto:stomproj@gsuite.larl.org" target="_blank"><span style="color:rgb(27,70,152)">stomproj@gsuite.larl.org</span></a><span style="color:rgb(27,70,152)"> </span>| 218-233-3757
ext. 139<span style="font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:small;color:rgb(32,33,36)"> </span>| 218-790-2110</div>
<div style="font-family:arial,helvetica,sans-serif;font-size:12px;line-height:14px;color:rgb(0,0,0)"><strong>Lake
Agassiz Regional Library </strong></div>
<div style="font-family:arial,helvetica,sans-serif;font-size:12px;line-height:14px;font-weight:normal;color:rgb(0,0,0);margin-bottom:10px">118
5th ST S<br>
Moorhead MN 56560<br>
<a href="http://www.larl.org" target="_blank"><span style="color:rgb(27,70,152)">www.larl.org</span></a><br>
<em>Our mission is to enrich lives and
strengthen communities.</em></div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Evergreen-dev mailing list
<a href="mailto:Evergreen-dev@list.evergreen-ils.org" target="_blank">Evergreen-dev@list.evergreen-ils.org</a>
<a href="http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-dev" target="_blank">http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-dev</a>
</pre>
</blockquote>
<br>
</div>
_______________________________________________<br>
Evergreen-dev mailing list<br>
<a href="mailto:Evergreen-dev@list.evergreen-ils.org" target="_blank">Evergreen-dev@list.evergreen-ils.org</a><br>
<a href="http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-dev" rel="noreferrer" target="_blank">http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-dev</a><br>
</blockquote></div>