Skip to content

Add failed authentication attempt logger#835

Merged
deansheather merged 6 commits into
masterfrom
log-failed-logins
Jul 11, 2019
Merged

Add failed authentication attempt logger#835
deansheather merged 6 commits into
masterfrom
log-failed-logins

Conversation

@deansheather
Copy link
Copy Markdown
Member

@deansheather deansheather commented Jul 7, 2019
edited
Loading

When isAuthed() is called and the password cookie is not what we expected, the failed login attempt is logged with the provided password, remote address, user agent, and timestamp.

To allow for logging failed attempts with a reverse proxy, the --trust-proxy argument has been added to trust the X-Forwarded-For header. This implementation of an X-Forwarded-For parser uses the last value in the list, therefore only trusting the nearest proxy.

Describe in detail the problem you had and how this PR fixes it

This allows people to know if their code-server instance is getting attacked, and allows for writing a fail2ban filter for failed login attempts.

The log output looks like the following:

INFO  Failed login attempt {"password":"password","remote_address":"127.0.0.1","user_agent":"curl/7.65.1","timestamp":1562634192}

All fields are optional in the log line except the password and timestamp.

Is there an open issue you can link to?

Closes #214.

@deansheather
add failed authentication attempt logger
a657733 
When `isAuthed()` is called and the password cookie is not what we
expected, the failed login attempt is logged with the provided password,
remote address and user agent.

To allow for logging failed attempts with a reverse proxy, the
`--trust-proxy` argument has been added to trust the `X-Forwarded-For`
header. This implementation of an `X-Forwarded-For` parser uses the last
value in the list, therefore only trusting the nearest proxy.
@deansheather deansheather requested a review from code-asher July 7, 2019 07:00
@deansheather deansheather requested a review from kylecarbs as a code owner July 7, 2019 07:00
@deansheather deansheather mentioned this pull request Jul 8, 2019
Closed
@deansheather
Copy link
Copy Markdown
Member Author

deansheather commented Jul 9, 2019

Added a Fail2Ban filter conf file and a documentation page under doc/security/ documenting it.

@deansheather deansheather merged commit f25a614 into master Jul 11, 2019
@deansheather deansheather deleted the log-failed-logins branch July 11, 2019 02:43
@roflcoopter
Copy link
Copy Markdown

roflcoopter commented Nov 1, 2019

@deansheather I would love to use fail2Ban for code-server, but i cant figure out where the log-file is stored so ican mount it to my letsencrypt container which runs fail2ban. It doesnt seem to appear in the /root/.local/share/code-server folder

@sr229 sr229 mentioned this pull request Nov 1, 2019
Closed
@code-asher
Copy link
Copy Markdown
Member

code-asher commented Nov 1, 2019

The failed login attempts are logged to stdout.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kylecarbs kylecarbs kylecarbs approved these changes

@code-asher code-asher Awaiting requested review from code-asher

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Log failed login attempts

4 participants

@deansheather @roflcoopter @code-asher @kylecarbs