Feature #5352
Add log when auth failed to use with fail2ban
| Status: | Resolved | Start date: | 06/02/2015 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | - | |||
| Target version: | - |
Description
abeudin propose this patch to add error in apache log when user failed to authenticate and so after can manage easily with fail2ban
--- /var/www/html/glpi/front/login.php 2015-06-02 17:04:19.166978952 +0200
+++ /var/www/html/glpi/front/login-new.php 2015-06-02 17:07:19.910986317 +0200
@@ -91,6 +91,7 @@
} else {
// we have done at least a good login? No, we exit.
+ error_log('GLPI error : Incorrect username or password', 0);
Html::nullHeader("Login", $CFG_GLPI["root_doc"] . '/index.php');
echo '<div class="center b">' . $auth->getErr() . '<br><br>';
// Logout whit noAUto to manage auto_login with errors
We have in log a line like
[Tue Jun 02 17:11:25.174434 2015] [:error] [pid 15813] [client 192.168.100.17:55663] GLPI error : Incorrect username or password, referer: http://192.168.100.16/glpi/
Seems a good idea.