Skip to content

Add failed authentication attempt logger #835

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jul 11, 2019
Merged

Add failed authentication attempt logger #835

merged 6 commits into from
Jul 11, 2019

Conversation

deansheather
Copy link
Member

@deansheather deansheather commented Jul 7, 2019
edited
Loading

When isAuthed() is called and the password cookie is not what we expected, the failed login attempt is logged with the provided password, remote address, user agent, and timestamp.

To allow for logging failed attempts with a reverse proxy, the --trust-proxy argument has been added to trust the X-Forwarded-For header. This implementation of an X-Forwarded-For parser uses the last value in the list, therefore only trusting the nearest proxy.

Describe in detail the problem you had and how this PR fixes it

This allows people to know if their code-server instance is getting attacked, and allows for writing a fail2ban filter for failed login attempts.

The log output looks like the following:

INFO  Failed login attempt {"password":"password","remote_address":"127.0.0.1","user_agent":"curl/7.65.1","timestamp":1562634192}

All fields are optional in the log line except the password and timestamp.

Is there an open issue you can link to?

Closes #214.

@deansheather
add failed authentication attempt logger
a657733 
When `isAuthed()` is called and the password cookie is not what we
expected, the failed login attempt is logged with the provided password,
remote address and user agent.

To allow for logging failed attempts with a reverse proxy, the
`--trust-proxy` argument has been added to trust the `X-Forwarded-For`
header. This implementation of an `X-Forwarded-For` parser uses the last
value in the list, therefore only trusting the nearest proxy.
@deansheather deansheather requested a review from code-asher July 7, 2019 07:00
@deansheather deansheather requested a review from kylecarbs as a code owner July 7, 2019 07:00
@deansheather deansheather mentioned this pull request Jul 8, 2019
Closed
@deansheather
Copy link
Member Author

Added a Fail2Ban filter conf file and a documentation page under doc/security/ documenting it.

@deansheather deansheather merged commit f25a614 into master Jul 11, 2019
@deansheather deansheather deleted the log-failed-logins branch July 11, 2019 02:43
@roflcoopter
Copy link

@deansheather I would love to use fail2Ban for code-server, but i cant figure out where the log-file is stored so ican mount it to my letsencrypt container which runs fail2ban. It doesnt seem to appear in the /root/.local/share/code-server folder

@sr229 sr229 mentioned this pull request Nov 1, 2019
Closed
@code-asher
Copy link
Member

The failed login attempts are logged to stdout.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kylecarbs kylecarbs kylecarbs approved these changes

@code-asher code-asher Awaiting requested review from code-asher

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Log failed login attempts
4 participants
@deansheather @roflcoopter @code-asher @kylecarbs