login_attack_report 0.2.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +6 -4
  3. data/lib/login_attack_report/l_a_r_version_concern.rb +10 -19
  4. data/lib/login_attack_report/version.rb +1 -1
  5. data/lib/login_attack_report.rb +5 -5
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 16ea69dab7f0274301a8f1ea76aa682482fc2302
4
- data.tar.gz: 3e806fab0d029bf2a2a31a23e4a5f1e866f47a16
3
+ metadata.gz: aed0e5b2c8aaae617526b72998435350d390f0e1
4
+ data.tar.gz: 280d7d988f0a2e55971bc5bd1bc9ca4d3a27922f
5
5
  SHA512:
6
- metadata.gz: 48ee0038bff9899833389b13cdfba7b80560714fcc81f034bfcf14cb87e35799e64192916d660e45ed05ede013c48ab7812e78bd1673a39f7ddfc17ae417574a
7
- data.tar.gz: b08f7c6f2917db6a694d71e7988dc7c380261ec957ffb100435557ab1e9b9cb712cb5ba500c32e8f1634eeae997ac109c2703737ce4ce000b730d7be43b923c4
6
+ metadata.gz: 3d5f5e64e82993a4283d56c3b65ac35167a40c77c3493e0269e435e298999f344599d980a5efd39b70de3e743767e1374ce399d6c8c3da74e561686b9de73b25
7
+ data.tar.gz: 1f6e7482f5fd953df7f663389ee12082f9d333eb5aec83b315d8a2851a3150d4796cb7baccf9c886e8383e9c6e258339e0ba58661ddb8a793585a65757e1dd04
data/README.md CHANGED
@@ -37,9 +37,11 @@ config/initializers/login_attack_report.rb
37
37
  ```ruby
38
38
  LoginAttackReport.setup do |config|
39
39
  # ログイン成功回数リミット
40
- config.login_ok_limit = 200
40
+ config.login_ok_limit = 100
41
41
  # ログイン失敗回数リミット
42
42
  config.login_ng_limit = 50
43
+ # 同一IPログイン失敗回数リミット
44
+ config.same_ip_login_ng_limit = 100
43
45
  end
44
46
  ```
45
47
 
@@ -52,17 +54,17 @@ end
52
54
  ```ruby
53
55
  LoginAttackReport::LARVersion.login_ok_limit_over(:User)
54
56
  ```
55
-
57
+
56
58
 
57
59
  前月のログイン失敗回数のlimitを超えたユーザを抽出します。
58
60
  ※ 異常に多い場合、リスト型攻撃を受けている可能性あり
59
61
  ```ruby
60
62
  LoginAttackReport::LARVersion.login_ng_limit_over(:User)
61
63
  ```
62
-
64
+
63
65
 
64
66
  (未実装)前月のログイン元同一ipのlimitを超えたユーザを抽出します。
65
- 失敗が多く、成功がいくつかあったら、攻撃が成功されている可能性あり
67
+ 同一ipでログイン失敗回数が多かったら、攻撃されている可能性あり
66
68
  ```ruby
67
69
  LoginAttackReport::LARVersion.ip_limit_over(:User)
68
70
  ```
data/lib/login_attack_report/l_a_r_version_concern.rb CHANGED
@@ -34,18 +34,15 @@ module LoginAttackReport
34
34
  .where(item_type: model)
35
35
  .where(
36
36
  'created_at >= ? and created_at <= ? and '\
37
- '(object_changes like \'%sign_in_count:%\' or '\
38
- '(object_changes not like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:\n- _\n- 0%\' and '\
39
- 'object_changes not like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:\n- __\n- 0%\' and '\
40
- 'object_changes like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:%\''\
41
- ')'\
37
+ '(object_changes not like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:\n- _\n- 0%\' and '\
38
+ 'object_changes not like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:\n- __\n- 0%\' and '\
39
+ 'object_changes like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:%\''\
42
40
  ')',
43
41
  Time.now.prev_month.beginning_of_month,
44
42
  Time.now.prev_month.end_of_month
45
43
  )
46
44
 
47
45
  if alert_ip_limit_over.present?
48
- ok_hash = Hash.new({})
49
46
  ng_hash = Hash.new({})
50
47
  alert_ip_limit_over.find_each do |version|
51
48
  # アクセス元ipアドレス取得
@@ -54,22 +51,16 @@ module LoginAttackReport
54
51
  else
55
52
  current_sign_in_ip = YAML.load(version.object)['current_sign_in_ip']
56
53
  end
57
- # ログイン成功回数取得
58
- if /sign_in_count/ =~ version.object_changes
59
- if ok_hash[current_sign_in_ip].present?
60
- ok_hash[current_sign_in_ip] += 1
61
- else
62
- ok_hash[current_sign_in_ip] = 1
63
- end
64
- # ログイン失敗回数取得
54
+ if ng_hash[current_sign_in_ip].present?
55
+ ng_hash[current_sign_in_ip] += 1
65
56
  else
66
- if ng_hash[current_sign_in_ip].present?
67
- ng_hash[current_sign_in_ip] += 1
68
- else
69
- ng_hash[current_sign_in_ip] = 1
70
- end
57
+ ng_hash[current_sign_in_ip] = 1
71
58
  end
72
59
  end
60
+
61
+ if
62
+
63
+ end
73
64
  end
74
65
  end
75
66
  end
data/lib/login_attack_report/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module LoginAttackReport
2
- VERSION = '0.2.0'
2
+ VERSION = '0.2.1'
3
3
  end
data/lib/login_attack_report.rb CHANGED
@@ -1,7 +1,4 @@
1
1
  require 'login_attack_report/version'
2
- require 'active_support'
3
- require 'active_record'
4
- require 'paper_trail'
5
2
 
6
3
  Dir[File.join(File.dirname(__FILE__), 'login_attack_report', '*.rb')].each do |file|
7
4
  require File.join('login_attack_report', File.basename(file, '.rb'))
@@ -9,15 +6,18 @@ end
9
6
  require 'login_attack_report/frameworks/active_record'
10
7
 
11
8
  module LoginAttackReport
12
-
13
9
  # login ok limit
14
10
  mattr_accessor :login_ok_limit
15
- @@login_ok_limit = 200
11
+ @@login_ok_limit = 100
16
12
 
17
13
  # login ng limit
18
14
  mattr_accessor :login_ng_limit
19
15
  @@login_ng_limit = 50
20
16
 
17
+ # same ip login ng limit
18
+ mattr_accessor :same_ip_login_ng_limit
19
+ @@same_ip_login_ng_limit = 100
20
+
21
21
  # config/initializers/login_attack_report.rb
22
22
  def self.setup
23
23
  yield self
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: login_attack_report
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - taru m
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-06-25 00:00:00.000000000 Z
11
+ date: 2015-06-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activerecord