login_attack_report 0.1.1 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +20 -3
- data/lib/login_attack_report/l_a_r_version_concern.rb +13 -8
- data/lib/login_attack_report/version.rb +1 -1
- data/login_attack_report.gemspec +1 -2
- metadata +6 -20
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 16ea69dab7f0274301a8f1ea76aa682482fc2302
|
4
|
+
data.tar.gz: 3e806fab0d029bf2a2a31a23e4a5f1e866f47a16
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 48ee0038bff9899833389b13cdfba7b80560714fcc81f034bfcf14cb87e35799e64192916d660e45ed05ede013c48ab7812e78bd1673a39f7ddfc17ae417574a
|
7
|
+
data.tar.gz: b08f7c6f2917db6a694d71e7988dc7c380261ec957ffb100435557ab1e9b9cb712cb5ba500c32e8f1634eeae997ac109c2703737ce4ce000b730d7be43b923c4
|
data/README.md
CHANGED
@@ -24,7 +24,16 @@ Or install it yourself as:
|
|
24
24
|
|
25
25
|
## Configuring
|
26
26
|
|
27
|
-
|
27
|
+
・models
|
28
|
+
app/models/user.rb
|
29
|
+
```ruby
|
30
|
+
devise ... , :lockable # enable devise lockable and add table column 'failed_attempts'
|
31
|
+
has_paper_trail # enable paper_trail
|
32
|
+
```
|
33
|
+
|
34
|
+
|
35
|
+
・initializers
|
36
|
+
config/initializers/login_attack_report.rb
|
28
37
|
```ruby
|
29
38
|
LoginAttackReport.setup do |config|
|
30
39
|
# ログイン成功回数リミット
|
@@ -38,18 +47,26 @@ end
|
|
38
47
|
|
39
48
|
モデル名をシンボルで渡すことで攻撃性のあるログインを判定します。
|
40
49
|
|
41
|
-
|
50
|
+
前月のログイン成功回数のlimitを超えたユーザを抽出します。
|
42
51
|
※ 異常に多い場合、どこかでID/パスワードが漏れている、もしくはIDが共有されている可能性あり
|
43
52
|
```ruby
|
44
53
|
LoginAttackReport::LARVersion.login_ok_limit_over(:User)
|
45
54
|
```
|
46
55
|
|
47
|
-
|
56
|
+
|
57
|
+
前月のログイン失敗回数のlimitを超えたユーザを抽出します。
|
48
58
|
※ 異常に多い場合、リスト型攻撃を受けている可能性あり
|
49
59
|
```ruby
|
50
60
|
LoginAttackReport::LARVersion.login_ng_limit_over(:User)
|
51
61
|
```
|
52
62
|
|
63
|
+
|
64
|
+
(未実装)前月のログイン元同一ipのlimitを超えたユーザを抽出します。
|
65
|
+
※ 失敗が多く、成功がいくつかあったら、攻撃が成功されている可能性あり
|
66
|
+
```ruby
|
67
|
+
LoginAttackReport::LARVersion.ip_limit_over(:User)
|
68
|
+
```
|
69
|
+
|
53
70
|
## Contributing
|
54
71
|
|
55
72
|
1. Fork it ( https://github.com/[my-github-username]/login_attack_report/fork )
|
@@ -9,31 +9,36 @@ module LoginAttackReport
|
|
9
9
|
PaperTrail::Version
|
10
10
|
.where(item_type: model)
|
11
11
|
.where(
|
12
|
-
'created_at >= ? and created_at <= ? and '
|
12
|
+
'created_at >= ? and created_at <= ? and '\
|
13
13
|
'object_changes like \'%sign_in_count:%\'',
|
14
14
|
Time.now.prev_month.beginning_of_month,
|
15
15
|
Time.now.prev_month.end_of_month
|
16
|
-
).group(:item_id).having(
|
16
|
+
).group(:item_id).having('count(item_id) > ?', LoginAttackReport.login_ok_limit)
|
17
17
|
end
|
18
18
|
|
19
19
|
def login_ng_limit_over(model)
|
20
20
|
PaperTrail::Version
|
21
21
|
.where(item_type: model)
|
22
22
|
.where(
|
23
|
-
'created_at >= ? and created_at <= ? and '
|
24
|
-
'object_changes like \'
|
23
|
+
'created_at >= ? and created_at <= ? and '\
|
24
|
+
'object_changes not like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:\n- _\n- 0%\' and '\
|
25
|
+
'object_changes not like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:\n- __\n- 0%\' and '\
|
26
|
+
'object_changes like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:%\'',
|
25
27
|
Time.now.prev_month.beginning_of_month,
|
26
28
|
Time.now.prev_month.end_of_month
|
27
|
-
).group(:item_id).having(
|
29
|
+
).group(:item_id).having('count(item_id) > ?', LoginAttackReport.login_ng_limit)
|
28
30
|
end
|
29
31
|
|
30
32
|
def ip_limit_over(model)
|
31
33
|
alert_ip_limit_over = PaperTrail::Version
|
32
34
|
.where(item_type: model)
|
33
35
|
.where(
|
34
|
-
'created_at >= ? and created_at <= ? and '
|
35
|
-
'(object_changes like \'%sign_in_count:%\' or '
|
36
|
-
'object_changes like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts
|
36
|
+
'created_at >= ? and created_at <= ? and '\
|
37
|
+
'(object_changes like \'%sign_in_count:%\' or '\
|
38
|
+
'(object_changes not like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:\n- _\n- 0%\' and '\
|
39
|
+
'object_changes not like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:\n- __\n- 0%\' and '\
|
40
|
+
'object_changes like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:%\''\
|
41
|
+
')'\
|
37
42
|
')',
|
38
43
|
Time.now.prev_month.beginning_of_month,
|
39
44
|
Time.now.prev_month.end_of_month
|
data/login_attack_report.gemspec
CHANGED
@@ -21,11 +21,10 @@ Gem::Specification.new do |spec|
|
|
21
21
|
|
22
22
|
spec.required_rubygems_version = '>= 1.9.0'
|
23
23
|
|
24
|
-
spec.add_dependency 'rails', ['>= 3.0', '< 6.0']
|
25
24
|
spec.add_dependency 'activerecord', ['>= 3.0', '< 6.0']
|
26
25
|
spec.add_dependency 'activesupport', ['>= 3.0', '< 6.0']
|
27
26
|
spec.add_dependency 'paper_trail', ['>= 3.0', '< 6.0']
|
28
|
-
spec.add_dependency 'devise', '>= 3.
|
27
|
+
spec.add_dependency 'devise', ['>= 3.0', '< 6.0']
|
29
28
|
|
30
29
|
spec.add_development_dependency 'bundler', '~> 1.7'
|
31
30
|
spec.add_development_dependency 'rake', '~> 10.0'
|
metadata
CHANGED
@@ -1,17 +1,17 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: login_attack_report
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- taru m
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-06-
|
11
|
+
date: 2015-06-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
|
-
name:
|
14
|
+
name: activerecord
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
17
|
- - ">="
|
@@ -31,7 +31,7 @@ dependencies:
|
|
31
31
|
- !ruby/object:Gem::Version
|
32
32
|
version: '6.0'
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
|
-
name:
|
34
|
+
name: activesupport
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
36
36
|
requirements:
|
37
37
|
- - ">="
|
@@ -51,7 +51,7 @@ dependencies:
|
|
51
51
|
- !ruby/object:Gem::Version
|
52
52
|
version: '6.0'
|
53
53
|
- !ruby/object:Gem::Dependency
|
54
|
-
name:
|
54
|
+
name: paper_trail
|
55
55
|
requirement: !ruby/object:Gem::Requirement
|
56
56
|
requirements:
|
57
57
|
- - ">="
|
@@ -71,7 +71,7 @@ dependencies:
|
|
71
71
|
- !ruby/object:Gem::Version
|
72
72
|
version: '6.0'
|
73
73
|
- !ruby/object:Gem::Dependency
|
74
|
-
name:
|
74
|
+
name: devise
|
75
75
|
requirement: !ruby/object:Gem::Requirement
|
76
76
|
requirements:
|
77
77
|
- - ">="
|
@@ -90,20 +90,6 @@ dependencies:
|
|
90
90
|
- - "<"
|
91
91
|
- !ruby/object:Gem::Version
|
92
92
|
version: '6.0'
|
93
|
-
- !ruby/object:Gem::Dependency
|
94
|
-
name: devise
|
95
|
-
requirement: !ruby/object:Gem::Requirement
|
96
|
-
requirements:
|
97
|
-
- - ">="
|
98
|
-
- !ruby/object:Gem::Version
|
99
|
-
version: 3.2.2
|
100
|
-
type: :runtime
|
101
|
-
prerelease: false
|
102
|
-
version_requirements: !ruby/object:Gem::Requirement
|
103
|
-
requirements:
|
104
|
-
- - ">="
|
105
|
-
- !ruby/object:Gem::Version
|
106
|
-
version: 3.2.2
|
107
93
|
- !ruby/object:Gem::Dependency
|
108
94
|
name: bundler
|
109
95
|
requirement: !ruby/object:Gem::Requirement
|