Mirror
/
RoundcubeMail
mirror of https://github.com/roundcube/roundcubemail.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

rcmail.php: Machine-readable Login Log (Security) 

Proposal: Log the Login Success/Failure Log Messages in a JSON-readable fashion.

Rationale: fail2ban most likely never bans localhost. Localhost is trusted. However, in many installations, Dovecot (or another userauth subsystem) will log Roundcube logins as originating from the machine Roundcube runs on, probably localhost. Failed logins thru Roundcube thus result in being mistakenly considered as originating from "localhost" — which of course is not true, considering only Roundcube itself knows the true origin of the failed login attempt (`rcube_utils::remote_ip()`).

This change request patches rcmail.php to write more `grep` and other  machine-parse-friendly log messages, allowing for simpler extension of whatever fail2ban-like attack counter measures are in place. With this, one could even configure rsyslog to create own log files for Roundcube auth failures, based on the simple string `RC_LOGIN:FAILURE:` introduced here, again making it much easier for fail2ban to look in the right places.

Example rsyslog config snippet (of course, RC needs to be configured to log to syslog):

```
if $programname contains 'roundcube' then {
    if ($msg contains 'RC_LOGIN:FAILURE:') then {
            -/var/log/mail.err
        & stop
    }
}
```
pull/8460/head
jab4 3 years ago
committed by GitHub
parent
78b3049ce5
commit
04053e6dd6
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 18
      program/include/rcmail.php

18
program/include/rcmail.php
View File

@ -1499,9 +1499,13 @@ class rcmail extends rcube
if (strlen($user) > 256) {
$user = substr($user, 0, 256) . '...';
}
$message = sprintf('Failed login for %s from %s in session %s (error: %d)',
$user, rcube_utils::remote_ip(), $session_id, $error_code);
$message = sprintf("RC_LOGIN:FAILURE: %s", json_encode([
'user' => $user,
'ip' => rcube_utils::remote_ip(),
'error' => $error_code,
'sess' => $session_id
]));
}
// successful login
else {
@ -1512,8 +1516,12 @@ class rcmail extends rcube
return;
}
$message = sprintf('Successful login for %s (ID: %d) from %s in session %s',
$user_name, $user_id, rcube_utils::remote_ip(), $session_id);
$message = sprintf("RC_LOGIN:SUCCESS: %s", json_encode([
'user' => $user,
'ip' => rcube_utils::remote_ip(),
'user_id' => $user_id,
'sess' => $session_id
]));
}
// log login

Write Preview
Loading…
Cancel
Save