Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Developers' Forum

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th August 2012, 23:33
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 191
Thanks: 24
Thanked 58 Times in 42 Posts
Default [Interface] Permissions to write to /var/log/ispconfig

Hi together

I am currently trying to implement fail2ban compatible logging into SVN but I've some problems.

My first approach was placing the code into index.php within the login folder.

Problem: exec() not working (it's clear why).

Then I tried to create it as a server plugin, however, they are only run if their is an action to do like updating DNS etc. and runs every few minutes (which is not enough).

So I removed this try and realized, that it has to be done within the interface and not the server (as it belongs to it).

So now the problem still exists, that the interface is not allowed to run code out of it's space, e.g. in /var/log/ispconfig/.

What would be the correct way to do this? Would it be possible to use the $app->log "command" and set the LOGLEVEL to "ERROR" or is there another recommended way of doing this?

//edit: LOGLEVEL error wouldn't be the best choice I guess, because the log gets kind of spammed without real errors...

//edit2: realized that $app->log only logs to MySQL by default so this doesn't help. It seems like the only change is to create a cron running all few seconds to fetch entries from DB and write to file..

Thank you very much!
Michel
__________________
Rackster Internet Services's presences:
Official | Open Source | Github | Facebook | Twitter

Last edited by MaddinXx; 14th August 2012 at 23:44.
Reply With Quote
Sponsored Links
  #2  
Old 15th August 2012, 08:35
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,555
Thanks: 791
Thanked 4,977 Times in 3,899 Posts
Default

ISPConfig contains already a mechanism that blocks users automatically after a few logins, so what fail2ban does is already implemented in ISPConfig.

If you want to add a log file for denied logins to block on network level as well, then add code to the file /usr/local/ispconfig/interface/web/login/index.php in the same place where the internal ispconfig lock mechanism is implemented, you have to add just a simple fwrite to your log file in that place. Use /var/log/ispconfig/auth.log as log file name, ensure that this file is created in the installer with touch() and chowned to user and group ispconfig, otherwise you cant write to that file. You might want to log the successfull logins as well to that log. The third thing that would have to be implemented is a log rotation similar to the one of the cron.log in the cron_daily.php file in ispconfig.

Please dont use any exec, passthrus etc. commands in the interface.

PLease dont add a separate cronjob or server plugin or similar solution.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
MaddinXx (15th August 2012)
  #3  
Old 15th August 2012, 14:58
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 191
Thanks: 24
Thanked 58 Times in 42 Posts
Default

Hi till

Thank you! I think I've managed it with your words help!
__________________
Rackster Internet Services's presences:
Official | Open Source | Github | Facebook | Twitter
Reply With Quote
  #4  
Old 15th August 2012, 15:03
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,555
Thanks: 791
Thanked 4,977 Times in 3,899 Posts
Default

Thanks!

Maybe you might add a little optimisation to the code, currently the log file is world writable. It would be better if you add code to the installer that does a chown and chgrp on the log file to user and group "ispconfig" and then change the chmod so that only user and group can write to the file.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 16th August 2012, 23:07
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 191
Thanks: 24
Thanked 58 Times in 42 Posts
Default

Hi till

I've pushed my latest changes to SVN, I hope it's right now (especially the chmod 660).
__________________
Rackster Internet Services's presences:
Official | Open Source | Github | Facebook | Twitter
Reply With Quote
The Following 2 Users Say Thank You to MaddinXx For This Useful Post:
falko (18th August 2012), till (17th August 2012)
  #6  
Old 21st August 2012, 15:27
cfoe cfoe is offline
ISPConfig Developer
 
Join Date: Oct 2011
Location: NRW, Germany
Posts: 233
Thanks: 27
Thanked 57 Times in 32 Posts
Send a message via Skype™ to cfoe
Default

I installed a dev machine with 4.0.4.6 + update to SVN $3388 (i think)

auth.log was not created.
Can anyone second that?
__________________
Christian Foellmann

OpenSource-Projects - GitHub-Projects - SVN-Mirrors on GitHub - Foe Services
Reply With Quote
  #7  
Old 21st August 2012, 15:32
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 191
Thanks: 24
Thanked 58 Times in 42 Posts
Default

Quote:
Originally Posted by cfoe View Post
I installed a dev machine with 4.0.4.6 + update to SVN $3388 (i think)

auth.log was not created.
Can anyone second that?
Hi cfoe

If you did not install directly from SVN, this can more than be since I didn't do anything within the updater since I did not know how the updater is "compiled" e.g. what are the criteria to add things in there.

Will add this.
__________________
Rackster Internet Services's presences:
Official | Open Source | Github | Facebook | Twitter
Reply With Quote
  #8  
Old 21st August 2012, 15:33
Croydon Croydon is offline
ISPConfig Developer
 
Join Date: Jul 2007
Location: Koblenz, Germany
Posts: 756
Thanks: 15
Thanked 215 Times in 166 Posts
Default

I updated to latest SVN and have got an auth.log.
But I don't know if it was created during update or installation earlier.
Anyway - it is owned by root, not writable by the interface and has a date of Jan, 1st 1970.
__________________
Marius Cramer

pixcept KG
Reply With Quote
  #9  
Old 21st August 2012, 15:44
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,555
Thanks: 791
Thanked 4,977 Times in 3,899 Posts
Default

I had the same problem here. I deleted the file and rerun the update and the file was created with correct permissions. So I gues sthe issue has been fixed in the meantime (last update on 16.).
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #10  
Old 21st August 2012, 15:52
Croydon Croydon is offline
ISPConfig Developer
 
Join Date: Jul 2007
Location: Koblenz, Germany
Posts: 756
Thanks: 15
Thanked 215 Times in 166 Posts
 
Default

Quote:
Originally Posted by till View Post
I had the same problem here. I deleted the file and rerun the update and the file was created with correct permissions. So I gues sthe issue has been fixed in the meantime (last update on 16.).
Maybe the updater should be extended to correct wrong permissions on existing file, too?
__________________
Marius Cramer

pixcept KG
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
mail stop on one account provell General 10 26th November 2009 21:29
LB1 Not Taking Over Shared IP Using Heartbeat 2.1.3 On FC10 64Bit asyadiqin Installation/Configuration 5 11th February 2009 20:11
ISPConfig Installation error linuxuser1 Installation/Configuration 4 26th February 2008 06:38
ERROR: The PHP binary coming with ISPConfig does not work properly on your system! qvindesland Installation/Configuration 22 21st May 2007 16:05
ISPConfig 2.2.10 released till General 70 7th March 2007 18:25


All times are GMT +2. The time now is 07:46.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.