login_attack_report 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +6 -4
- data/lib/login_attack_report/l_a_r_version_concern.rb +10 -19
- data/lib/login_attack_report/version.rb +1 -1
- data/lib/login_attack_report.rb +5 -5
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: aed0e5b2c8aaae617526b72998435350d390f0e1
|
|
4
|
+
data.tar.gz: 280d7d988f0a2e55971bc5bd1bc9ca4d3a27922f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3d5f5e64e82993a4283d56c3b65ac35167a40c77c3493e0269e435e298999f344599d980a5efd39b70de3e743767e1374ce399d6c8c3da74e561686b9de73b25
|
|
7
|
+
data.tar.gz: 1f6e7482f5fd953df7f663389ee12082f9d333eb5aec83b315d8a2851a3150d4796cb7baccf9c886e8383e9c6e258339e0ba58661ddb8a793585a65757e1dd04
|
data/README.md
CHANGED
|
@@ -37,9 +37,11 @@ config/initializers/login_attack_report.rb
|
|
|
37
37
|
```ruby
|
|
38
38
|
LoginAttackReport.setup do |config|
|
|
39
39
|
# ログイン成功回数リミット
|
|
40
|
-
config.login_ok_limit =
|
|
40
|
+
config.login_ok_limit = 100
|
|
41
41
|
# ログイン失敗回数リミット
|
|
42
42
|
config.login_ng_limit = 50
|
|
43
|
+
# 同一IPログイン失敗回数リミット
|
|
44
|
+
config.same_ip_login_ng_limit = 100
|
|
43
45
|
end
|
|
44
46
|
```
|
|
45
47
|
|
|
@@ -52,17 +54,17 @@ end
|
|
|
52
54
|
```ruby
|
|
53
55
|
LoginAttackReport::LARVersion.login_ok_limit_over(:User)
|
|
54
56
|
```
|
|
55
|
-
|
|
57
|
+
|
|
56
58
|
|
|
57
59
|
前月のログイン失敗回数のlimitを超えたユーザを抽出します。
|
|
58
60
|
※ 異常に多い場合、リスト型攻撃を受けている可能性あり
|
|
59
61
|
```ruby
|
|
60
62
|
LoginAttackReport::LARVersion.login_ng_limit_over(:User)
|
|
61
63
|
```
|
|
62
|
-
|
|
64
|
+
|
|
63
65
|
|
|
64
66
|
(未実装)前月のログイン元同一ipのlimitを超えたユーザを抽出します。
|
|
65
|
-
※
|
|
67
|
+
※ 同一ipでログイン失敗回数が多かったら、攻撃されている可能性あり
|
|
66
68
|
```ruby
|
|
67
69
|
LoginAttackReport::LARVersion.ip_limit_over(:User)
|
|
68
70
|
```
|
|
@@ -34,18 +34,15 @@ module LoginAttackReport
|
|
|
34
34
|
.where(item_type: model)
|
|
35
35
|
.where(
|
|
36
36
|
'created_at >= ? and created_at <= ? and '\
|
|
37
|
-
'(object_changes like \'
|
|
38
|
-
'
|
|
39
|
-
|
|
40
|
-
'object_changes like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:%\''\
|
|
41
|
-
')'\
|
|
37
|
+
'(object_changes not like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:\n- _\n- 0%\' and '\
|
|
38
|
+
'object_changes not like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:\n- __\n- 0%\' and '\
|
|
39
|
+
'object_changes like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:%\''\
|
|
42
40
|
')',
|
|
43
41
|
Time.now.prev_month.beginning_of_month,
|
|
44
42
|
Time.now.prev_month.end_of_month
|
|
45
43
|
)
|
|
46
44
|
|
|
47
45
|
if alert_ip_limit_over.present?
|
|
48
|
-
ok_hash = Hash.new({})
|
|
49
46
|
ng_hash = Hash.new({})
|
|
50
47
|
alert_ip_limit_over.find_each do |version|
|
|
51
48
|
# アクセス元ipアドレス取得
|
|
@@ -54,22 +51,16 @@ module LoginAttackReport
|
|
|
54
51
|
else
|
|
55
52
|
current_sign_in_ip = YAML.load(version.object)['current_sign_in_ip']
|
|
56
53
|
end
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
if ok_hash[current_sign_in_ip].present?
|
|
60
|
-
ok_hash[current_sign_in_ip] += 1
|
|
61
|
-
else
|
|
62
|
-
ok_hash[current_sign_in_ip] = 1
|
|
63
|
-
end
|
|
64
|
-
# ログイン失敗回数取得
|
|
54
|
+
if ng_hash[current_sign_in_ip].present?
|
|
55
|
+
ng_hash[current_sign_in_ip] += 1
|
|
65
56
|
else
|
|
66
|
-
|
|
67
|
-
ng_hash[current_sign_in_ip] += 1
|
|
68
|
-
else
|
|
69
|
-
ng_hash[current_sign_in_ip] = 1
|
|
70
|
-
end
|
|
57
|
+
ng_hash[current_sign_in_ip] = 1
|
|
71
58
|
end
|
|
72
59
|
end
|
|
60
|
+
|
|
61
|
+
if
|
|
62
|
+
|
|
63
|
+
end
|
|
73
64
|
end
|
|
74
65
|
end
|
|
75
66
|
end
|
data/lib/login_attack_report.rb
CHANGED
|
@@ -1,7 +1,4 @@
|
|
|
1
1
|
require 'login_attack_report/version'
|
|
2
|
-
require 'active_support'
|
|
3
|
-
require 'active_record'
|
|
4
|
-
require 'paper_trail'
|
|
5
2
|
|
|
6
3
|
Dir[File.join(File.dirname(__FILE__), 'login_attack_report', '*.rb')].each do |file|
|
|
7
4
|
require File.join('login_attack_report', File.basename(file, '.rb'))
|
|
@@ -9,15 +6,18 @@ end
|
|
|
9
6
|
require 'login_attack_report/frameworks/active_record'
|
|
10
7
|
|
|
11
8
|
module LoginAttackReport
|
|
12
|
-
|
|
13
9
|
# login ok limit
|
|
14
10
|
mattr_accessor :login_ok_limit
|
|
15
|
-
@@login_ok_limit =
|
|
11
|
+
@@login_ok_limit = 100
|
|
16
12
|
|
|
17
13
|
# login ng limit
|
|
18
14
|
mattr_accessor :login_ng_limit
|
|
19
15
|
@@login_ng_limit = 50
|
|
20
16
|
|
|
17
|
+
# same ip login ng limit
|
|
18
|
+
mattr_accessor :same_ip_login_ng_limit
|
|
19
|
+
@@same_ip_login_ng_limit = 100
|
|
20
|
+
|
|
21
21
|
# config/initializers/login_attack_report.rb
|
|
22
22
|
def self.setup
|
|
23
23
|
yield self
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: login_attack_report
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- taru m
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-06-
|
|
11
|
+
date: 2015-06-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activerecord
|