Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Developers' Forum

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 8th September 2012, 17:41
phry phry is offline
Junior Member
 
Join Date: Sep 2012
Posts: 5
Thanks: 0
Thanked 4 Times in 2 Posts
Default Writing a simple plugin (fail2ban integration)

Heyo,
I wanted to log wrong logins into syslog so that fail2ban can parse it and ban the attacker's IP.
- Yes, I know, ISPConfig has a similar feature but I want to do this nonetheless.
- Yes, I know, ISPConfig logs wrong logins too, but only on DEBUG Level and I don't want the clutter. Neither do I want to change ispconfig files.

So I wrote a quick plugin:
/usr/local/ispconfig/server/plugins-available/login_fail2ban_plugin.inc.php
PHP Code:
<?php

class login_fail2ban_plugin {

        var 
$plugin_name 'login_fail2ban_plugin';
        var 
$class_name  'login_fail2ban_plugin';

        
//* This function is called during ispconfig installation to determine
        //  if a symlink shall be created for this plugin.
        
function onInstall() {

                return 
true;

        }


        
/*
                This function is called when the plugin is loaded
        */

        
function onLoad() {
                global 
$app;

                
/*
                Register for the events
                */
                
$app->plugins->registerEvent('login_failed',$this->plugin_name,'log_fail');
        }

        function 
log_failed($event_name,$data) {
        
openlog("ispconfig"LOG_PID LOG_PERRORLOG_LOCAL0);
        
syslog(LOG_WARNING"Login failed for user $_POST['username'] on IP $_SERVER['REMOTE_ADDR']");
        }




// end class

?>
and then I created a symlink in /usr/local/ispconfig/server/plugins-enabled
lrwxrwxrwx 1 ispconfig ispconfig 75 Sep 8 17:39 login_fail2ban_plugin.inc.php -> /usr/local/ispconfig/server/plugins-available/login_fail2ban_plugin.inc.php*

But here's the catch: it doesn't load. I tried writing stuff into the onLoad function, too - is doesn't execute.
Permissions and owner are set correctly, too:
-rwxr-x--- 1 ispconfig ispconfig 766 Sep 8 17:29 plugins-available/login_fail2ban_plugin.inc.php

Did I miss anything?
Reply With Quote
Sponsored Links
  #2  
Old 8th September 2012, 18:44
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,787
Thanks: 821
Thanked 5,337 Times in 4,187 Posts
Default

You mix up the uspconfig server and the ispconfig interface. What you wrote above is a ispconfig server plugin, server plugins are used to configure services like apache, postfix etc. When you login to ispconfig, then you interact with the ispconfig interface and not the server, so if you want to react on failed logins, you will have tp write code for the interface and not the server. So your plugin can not work form a logical standpoint and it will never catch a interface event on the server.

If you want to log actions of the interface, take a look at the ispconfig svn to see how the login function that you want to replicate is implemented there.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 8th September 2012, 19:42
phry phry is offline
Junior Member
 
Join Date: Sep 2012
Posts: 5
Thanks: 0
Thanked 4 Times in 2 Posts
Default

Oh, so I plugged into the wrong backend xD

My attempt in itself (if it had been in the right place) should have been correct as login/index.php is raising the event:

PHP Code:
      182                         //* Incorrect login - Username and password incorrect
      
183                         $error $app->lng('error_user_password_incorrect');
      
184                         if($app->db->errorMessage != ''$error .= '<br />'.$app->db->errorMessage != '';
      
185
      186                         $app
->plugin->raiseEvent('login_failed',$this); 
Seems I just need another place to call my registerEvent.
I tried it in ~ispconfig/interface/lib/plugins - but that also seems to be a wrong choice.

Do you have any pointers for me?
Reply With Quote
The Following User Says Thank You to phry For This Useful Post:
lgfocuyqjf (15th September 2012)
  #4  
Old 9th September 2012, 16:57
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,787
Thanks: 821
Thanked 5,337 Times in 4,187 Posts
Default

Quote:
My attempt in itself (if it had been in the right place) should have been correct as login/index.php is raising the event:
No, its not as the interface events are completely different from server events and what you wrote is a server plugin and not a interface plugin.

Interface plugins are written differntly and ue different functions any libraries for the events, take a look at the files in ispconfig/interface/lib/plugins/ to get an idea how they work.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 9th September 2012, 17:05
phry phry is offline
Junior Member
 
Join Date: Sep 2012
Posts: 5
Thanks: 0
Thanked 4 Times in 2 Posts
Default

Umh, sorry, but see
~ispconfig/interface/lib/plugins/mail_user_filter_plugin.inc.php (that IS the folder you're pointing to?)

PHP Code:
<?php
[...]
class 
mail_user_filter_plugin {

        var 
$plugin_name 'mail_user_filter_plugin';
        var 
$class_name 'mail_user_filter_plugin';

        
/*
                This function is called when the plugin is loaded
        */

        
function onLoad() {
                global 
$app;

                
/*
                Register for the events
                */

                
[...]
                
$app->plugin->registerEvent('mail:mail_user_filter:on_after_update','mail_user_filter_plugin','mail_user_filter_edit');
                [...]

        }

        function 
mail_user_filter_edit($event_name,$page_form) {
                global 
$app$conf;
            [...]
 
        }

    [...]
}
I might be suffering from tunnel vision but that is the same as I'm doing with the same syntax within (now) the same path?
Reply With Quote
  #6  
Old 9th September 2012, 19:57
phry phry is offline
Junior Member
 
Join Date: Sep 2012
Posts: 5
Thanks: 0
Thanked 4 Times in 2 Posts
Default

Oh, FFS, got my error.

In server, it's $app->plugins->registerEvent
In interface, it's $app->plugin->registerEvent

And in case someone else wants to go on plugins: ispconfig stores your plugins in the session, onLoad will only be called once per session.
That's quite a useful piece of information - happy cookie deleting!
Reply With Quote
  #7  
Old 9th September 2012, 20:06
phry phry is offline
Junior Member
 
Join Date: Sep 2012
Posts: 5
Thanks: 0
Thanked 4 Times in 2 Posts
 
Default

And here's the final code if anyone wants to do the same:

~ispconfig/interface/lib/plugins/login_fail2ban_plugin.inc.php
PHP Code:
class login_fail2ban_plugin {

        var 
$plugin_name 'login_fail2ban_plugin';
        var 
$class_name  'login_fail2ban_plugin';

        
/*
                This function is called when the plugin is loaded
        */

        
function onLoad() {
                global 
$app;
                
/*
                Register for the events
                */

                
$app->plugin->registerEvent('login_failed',$this->plugin_name,'log_fail');

        }

        function 
log_fail($event_name,$data) {
                
openlog("ispconfig"LOG_PID LOG_PERRORLOG_LOCAL0);
                
syslog(LOG_WARNING"Login failed for user ".$_POST['username']." on IP ".$_SERVER['REMOTE_ADDR']);
        }




// end class 
/etc/rsyslog.d/12-ispconfig.conf
Code:
if $programname == 'ispconfig' then /var/log/ispconfig.log
restart rsyslog
Code:
service rsyslog restart
/etc/fail2ban/filter.d/ispconfig.conf
Code:
[Definition]
failregex = (.*) Login failed for user (.*) on IP <HOST>
ignoreregex =

test it
Code:
fail2ban-regex /var/log/ispconfig.log /etc/fail2ban/filter.d/ispconfig.conf
and add a jail to your /etc/fail2ban/jail.conf:
Code:
[ispconfig]
enabled  = true
port     = http,https
filter   = ispconfig
logpath  = /var/log/ispconfig.log
restart fail2ban

Code:
service fail2ban restart
and be happy

Last edited by phry; 9th September 2012 at 23:01.
Reply With Quote
The Following 3 Users Say Thank You to phry For This Useful Post:
falko (10th September 2012), non7top (24th June 2014), till (9th September 2012)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Spamassasin markasjunk2 roundcube plugin HyperAtom General 1 17th November 2012 20:19
ISPConfig 3.0.4.1 and bind9 pjanzen General 8 13th March 2012 09:34
fail2ban is doing nothing? rlischer Server Operation 16 29th June 2010 07:29
Need help writing new plugin apoana Tips/Tricks/Mods 0 13th February 2010 22:36
Spamassassin not working hairydog2 General 7 12th July 2008 21:15


All times are GMT +2. The time now is 14:09.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.