how to track webadmin login failures?
Adam Katz
kolab at khopis.com
Fri Dec 14 01:46:55 CET 2007
> kolab-webadmin in its current state does write no log file. This will
> probably change in the future.
I did a quick-and-dirty implementation of logging (warning, I don't know
PHP) on my server running Debian Etch's (non-OpenPKG) APT packages for
kolab-webadmin (0.4.0-20060810) and kolabd (1.9.4-20060707). The diff for
auth.class.php is attached.
Note that the PHP code is called by a non-privileged user (www-data on my
Debian box) and therefore the log file needs to be owned by that user. I
also didn't go to the effort of a configurable option to define where the
log file is. I'm happy the alteration affected only one file, as it would
otherwise be hard to maintain once Debian's team updates kolab-webadmin.
The log file format was inspired by how the logs from apache look; I'm not
married to any of it, and all that I really care about are the presence of
the error message and the IP address.
I'm not on the developers list, but I'm sure this will get forwarded there
if that's desirable.
I personally think that this sort of log is necessary for security
purposes (think "audit trail"), so if logging gets implemented in a
back-port-able manner, it should probably find its way into the official
Debian packages (perhaps in volatile instead of Etch-updates).
-Adam
-------------- next part --------------
--- include/auth.class.php.orig 2007-12-13 18:29:06.423314594 -0500
+++ include/auth.class.php 2007-12-13 18:18:34.131611029 -0500
@@ -159,7 +159,23 @@
function setPassword( $pw ) {$_SESSION['auth_pw'] = $pw;}
function error() {
- return $this->error_string;
+ $errormsg = $this->error_string;
+
+ // "Please log in as a valid user" shows up if there aren't any errors!?
+ if($errormsg != "Please log in as a valid user" && $errormsg != "") {
+ $logfile = "/var/log/apache2/kolab_webadmin.log";
+ if($logfh = fopen($logfile, 'a')) {
+ $date = date("[d/M/Y:H:i:s O]");
+ $remote_ip = $_SERVER["REMOTE_ADDR"];
+ $logmsg = "$date $remote_ip $errormsg\n";
+ fwrite($logfh, $logmsg);
+ fclose($logfh);
+ } else {
+ //$errormsg = "$errormsg<br>\nCould not open $logfile";
+ }
+ }
+
+ return $errormsg;
}
var $error_string = false;
More information about the users
mailing list