login_attack_report 0.2.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +6 -4
- data/lib/login_attack_report/l_a_r_version_concern.rb +10 -19
- data/lib/login_attack_report/version.rb +1 -1
- data/lib/login_attack_report.rb +5 -5
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: aed0e5b2c8aaae617526b72998435350d390f0e1
|
4
|
+
data.tar.gz: 280d7d988f0a2e55971bc5bd1bc9ca4d3a27922f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3d5f5e64e82993a4283d56c3b65ac35167a40c77c3493e0269e435e298999f344599d980a5efd39b70de3e743767e1374ce399d6c8c3da74e561686b9de73b25
|
7
|
+
data.tar.gz: 1f6e7482f5fd953df7f663389ee12082f9d333eb5aec83b315d8a2851a3150d4796cb7baccf9c886e8383e9c6e258339e0ba58661ddb8a793585a65757e1dd04
|
data/README.md
CHANGED
@@ -37,9 +37,11 @@ config/initializers/login_attack_report.rb
|
|
37
37
|
```ruby
|
38
38
|
LoginAttackReport.setup do |config|
|
39
39
|
# ログイン成功回数リミット
|
40
|
-
config.login_ok_limit =
|
40
|
+
config.login_ok_limit = 100
|
41
41
|
# ログイン失敗回数リミット
|
42
42
|
config.login_ng_limit = 50
|
43
|
+
# 同一IPログイン失敗回数リミット
|
44
|
+
config.same_ip_login_ng_limit = 100
|
43
45
|
end
|
44
46
|
```
|
45
47
|
|
@@ -52,17 +54,17 @@ end
|
|
52
54
|
```ruby
|
53
55
|
LoginAttackReport::LARVersion.login_ok_limit_over(:User)
|
54
56
|
```
|
55
|
-
|
57
|
+
|
56
58
|
|
57
59
|
前月のログイン失敗回数のlimitを超えたユーザを抽出します。
|
58
60
|
※ 異常に多い場合、リスト型攻撃を受けている可能性あり
|
59
61
|
```ruby
|
60
62
|
LoginAttackReport::LARVersion.login_ng_limit_over(:User)
|
61
63
|
```
|
62
|
-
|
64
|
+
|
63
65
|
|
64
66
|
(未実装)前月のログイン元同一ipのlimitを超えたユーザを抽出します。
|
65
|
-
※
|
67
|
+
※ 同一ipでログイン失敗回数が多かったら、攻撃されている可能性あり
|
66
68
|
```ruby
|
67
69
|
LoginAttackReport::LARVersion.ip_limit_over(:User)
|
68
70
|
```
|
@@ -34,18 +34,15 @@ module LoginAttackReport
|
|
34
34
|
.where(item_type: model)
|
35
35
|
.where(
|
36
36
|
'created_at >= ? and created_at <= ? and '\
|
37
|
-
'(object_changes like \'
|
38
|
-
'
|
39
|
-
|
40
|
-
'object_changes like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:%\''\
|
41
|
-
')'\
|
37
|
+
'(object_changes not like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:\n- _\n- 0%\' and '\
|
38
|
+
'object_changes not like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:\n- __\n- 0%\' and '\
|
39
|
+
'object_changes like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:%\''\
|
42
40
|
')',
|
43
41
|
Time.now.prev_month.beginning_of_month,
|
44
42
|
Time.now.prev_month.end_of_month
|
45
43
|
)
|
46
44
|
|
47
45
|
if alert_ip_limit_over.present?
|
48
|
-
ok_hash = Hash.new({})
|
49
46
|
ng_hash = Hash.new({})
|
50
47
|
alert_ip_limit_over.find_each do |version|
|
51
48
|
# アクセス元ipアドレス取得
|
@@ -54,22 +51,16 @@ module LoginAttackReport
|
|
54
51
|
else
|
55
52
|
current_sign_in_ip = YAML.load(version.object)['current_sign_in_ip']
|
56
53
|
end
|
57
|
-
|
58
|
-
|
59
|
-
if ok_hash[current_sign_in_ip].present?
|
60
|
-
ok_hash[current_sign_in_ip] += 1
|
61
|
-
else
|
62
|
-
ok_hash[current_sign_in_ip] = 1
|
63
|
-
end
|
64
|
-
# ログイン失敗回数取得
|
54
|
+
if ng_hash[current_sign_in_ip].present?
|
55
|
+
ng_hash[current_sign_in_ip] += 1
|
65
56
|
else
|
66
|
-
|
67
|
-
ng_hash[current_sign_in_ip] += 1
|
68
|
-
else
|
69
|
-
ng_hash[current_sign_in_ip] = 1
|
70
|
-
end
|
57
|
+
ng_hash[current_sign_in_ip] = 1
|
71
58
|
end
|
72
59
|
end
|
60
|
+
|
61
|
+
if
|
62
|
+
|
63
|
+
end
|
73
64
|
end
|
74
65
|
end
|
75
66
|
end
|
data/lib/login_attack_report.rb
CHANGED
@@ -1,7 +1,4 @@
|
|
1
1
|
require 'login_attack_report/version'
|
2
|
-
require 'active_support'
|
3
|
-
require 'active_record'
|
4
|
-
require 'paper_trail'
|
5
2
|
|
6
3
|
Dir[File.join(File.dirname(__FILE__), 'login_attack_report', '*.rb')].each do |file|
|
7
4
|
require File.join('login_attack_report', File.basename(file, '.rb'))
|
@@ -9,15 +6,18 @@ end
|
|
9
6
|
require 'login_attack_report/frameworks/active_record'
|
10
7
|
|
11
8
|
module LoginAttackReport
|
12
|
-
|
13
9
|
# login ok limit
|
14
10
|
mattr_accessor :login_ok_limit
|
15
|
-
@@login_ok_limit =
|
11
|
+
@@login_ok_limit = 100
|
16
12
|
|
17
13
|
# login ng limit
|
18
14
|
mattr_accessor :login_ng_limit
|
19
15
|
@@login_ng_limit = 50
|
20
16
|
|
17
|
+
# same ip login ng limit
|
18
|
+
mattr_accessor :same_ip_login_ng_limit
|
19
|
+
@@same_ip_login_ng_limit = 100
|
20
|
+
|
21
21
|
# config/initializers/login_attack_report.rb
|
22
22
|
def self.setup
|
23
23
|
yield self
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: login_attack_report
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- taru m
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-06-
|
11
|
+
date: 2015-06-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activerecord
|