login_attack_report 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +20 -3
  3. data/lib/login_attack_report/l_a_r_version_concern.rb +13 -8
  4. data/lib/login_attack_report/version.rb +1 -1
  5. data/login_attack_report.gemspec +1 -2
  6. metadata +6 -20
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8b0ce7e9bc1338cbbb212e7b6f70729cf0e262ba
4
- data.tar.gz: 1633dc10e5260a41a49782a53e2c573690775944
3
+ metadata.gz: 16ea69dab7f0274301a8f1ea76aa682482fc2302
4
+ data.tar.gz: 3e806fab0d029bf2a2a31a23e4a5f1e866f47a16
5
5
  SHA512:
6
- metadata.gz: f16bb9d808451b06d75f54e9924742122b8c225bbccb9b40f54e31469f51e0f0e27788922ba68f3ffd04f3987f30415652097e5ecefff7c603b74a1116758663
7
- data.tar.gz: 2ec67fcbe53d61f68c8810fc03fb3a2da6c3adb4b65e560e87561744d6216a2f768d2e3db9025dcca4e6f60c8d3f924cfe99e3ca20ff7215fe959274b6f8e985
6
+ metadata.gz: 48ee0038bff9899833389b13cdfba7b80560714fcc81f034bfcf14cb87e35799e64192916d660e45ed05ede013c48ab7812e78bd1673a39f7ddfc17ae417574a
7
+ data.tar.gz: b08f7c6f2917db6a694d71e7988dc7c380261ec957ffb100435557ab1e9b9cb712cb5ba500c32e8f1634eeae997ac109c2703737ce4ce000b730d7be43b923c4
data/README.md CHANGED
@@ -24,7 +24,16 @@ Or install it yourself as:
24
24
 
25
25
  ## Configuring
26
26
 
27
- /config/initializers/login_attack_report.rb
27
+ ・models
28
+ app/models/user.rb
29
+ ```ruby
30
+ devise ... , :lockable # enable devise lockable and add table column 'failed_attempts'
31
+ has_paper_trail # enable paper_trail
32
+ ```
33
+
34
+
35
+ ・initializers
36
+ config/initializers/login_attack_report.rb
28
37
  ```ruby
29
38
  LoginAttackReport.setup do |config|
30
39
  # ログイン成功回数リミット
@@ -38,18 +47,26 @@ end
38
47
 
39
48
  モデル名をシンボルで渡すことで攻撃性のあるログインを判定します。
40
49
 
41
- ログイン成功回数のlimitを超えたユーザを抽出します。
50
+ 前月のログイン成功回数のlimitを超えたユーザを抽出します。
42
51
  ※ 異常に多い場合、どこかでID/パスワードが漏れている、もしくはIDが共有されている可能性あり
43
52
  ```ruby
44
53
  LoginAttackReport::LARVersion.login_ok_limit_over(:User)
45
54
  ```
46
55
 
47
- ログイン失敗回数のlimitを超えたユーザを抽出します。
56
+
57
+ 前月のログイン失敗回数のlimitを超えたユーザを抽出します。
48
58
  ※ 異常に多い場合、リスト型攻撃を受けている可能性あり
49
59
  ```ruby
50
60
  LoginAttackReport::LARVersion.login_ng_limit_over(:User)
51
61
  ```
52
62
 
63
+
64
+ (未実装)前月のログイン元同一ipのlimitを超えたユーザを抽出します。
65
+ ※ 失敗が多く、成功がいくつかあったら、攻撃が成功されている可能性あり
66
+ ```ruby
67
+ LoginAttackReport::LARVersion.ip_limit_over(:User)
68
+ ```
69
+
53
70
  ## Contributing
54
71
 
55
72
  1. Fork it ( https://github.com/[my-github-username]/login_attack_report/fork )
data/lib/login_attack_report/l_a_r_version_concern.rb CHANGED
@@ -9,31 +9,36 @@ module LoginAttackReport
9
9
  PaperTrail::Version
10
10
  .where(item_type: model)
11
11
  .where(
12
- 'created_at >= ? and created_at <= ? and ' \
12
+ 'created_at >= ? and created_at <= ? and '\
13
13
  'object_changes like \'%sign_in_count:%\'',
14
14
  Time.now.prev_month.beginning_of_month,
15
15
  Time.now.prev_month.end_of_month
16
- ).group(:item_id).having("count(item_id) > #{LoginAttackReport.login_ok_limit}")
16
+ ).group(:item_id).having('count(item_id) > ?', LoginAttackReport.login_ok_limit)
17
17
  end
18
18
 
19
19
  def login_ng_limit_over(model)
20
20
  PaperTrail::Version
21
21
  .where(item_type: model)
22
22
  .where(
23
- 'created_at >= ? and created_at <= ? and ' \
24
- 'object_changes like \'%sign_in_count:%\'',
23
+ 'created_at >= ? and created_at <= ? and '\
24
+ 'object_changes not like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:\n- _\n- 0%\' and '\
25
+ 'object_changes not like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:\n- __\n- 0%\' and '\
26
+ 'object_changes like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:%\'',
25
27
  Time.now.prev_month.beginning_of_month,
26
28
  Time.now.prev_month.end_of_month
27
- ).group(:item_id).having("count(item_id) > #{LoginAttackReport.login_ng_limit}")
29
+ ).group(:item_id).having('count(item_id) > ?', LoginAttackReport.login_ng_limit)
28
30
  end
29
31
 
30
32
  def ip_limit_over(model)
31
33
  alert_ip_limit_over = PaperTrail::Version
32
34
  .where(item_type: model)
33
35
  .where(
34
- 'created_at >= ? and created_at <= ? and ' \
35
- '(object_changes like \'%sign_in_count:%\' or ' \
36
- 'object_changes like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:%\'' \
36
+ 'created_at >= ? and created_at <= ? and '\
37
+ '(object_changes like \'%sign_in_count:%\' or '\
38
+ '(object_changes not like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:\n- _\n- 0%\' and '\
39
+ 'object_changes not like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:\n- __\n- 0%\' and '\
40
+ 'object_changes like \'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nfailed_attempts:%\''\
41
+ ')'\
37
42
  ')',
38
43
  Time.now.prev_month.beginning_of_month,
39
44
  Time.now.prev_month.end_of_month
data/lib/login_attack_report/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module LoginAttackReport
2
- VERSION = '0.1.1'
2
+ VERSION = '0.2.0'
3
3
  end
data/login_attack_report.gemspec CHANGED
@@ -21,11 +21,10 @@ Gem::Specification.new do |spec|
21
21
 
22
22
  spec.required_rubygems_version = '>= 1.9.0'
23
23
 
24
- spec.add_dependency 'rails', ['>= 3.0', '< 6.0']
25
24
  spec.add_dependency 'activerecord', ['>= 3.0', '< 6.0']
26
25
  spec.add_dependency 'activesupport', ['>= 3.0', '< 6.0']
27
26
  spec.add_dependency 'paper_trail', ['>= 3.0', '< 6.0']
28
- spec.add_dependency 'devise', '>= 3.2.2'
27
+ spec.add_dependency 'devise', ['>= 3.0', '< 6.0']
29
28
 
30
29
  spec.add_development_dependency 'bundler', '~> 1.7'
31
30
  spec.add_development_dependency 'rake', '~> 10.0'
metadata CHANGED
@@ -1,17 +1,17 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: login_attack_report
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - taru m
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-06-24 00:00:00.000000000 Z
11
+ date: 2015-06-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- name: rails
14
+ name: activerecord
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
17
  - - ">="
@@ -31,7 +31,7 @@ dependencies:
31
31
  - !ruby/object:Gem::Version
32
32
  version: '6.0'
33
33
  - !ruby/object:Gem::Dependency
34
- name: activerecord
34
+ name: activesupport
35
35
  requirement: !ruby/object:Gem::Requirement
36
36
  requirements:
37
37
  - - ">="
@@ -51,7 +51,7 @@ dependencies:
51
51
  - !ruby/object:Gem::Version
52
52
  version: '6.0'
53
53
  - !ruby/object:Gem::Dependency
54
- name: activesupport
54
+ name: paper_trail
55
55
  requirement: !ruby/object:Gem::Requirement
56
56
  requirements:
57
57
  - - ">="
@@ -71,7 +71,7 @@ dependencies:
71
71
  - !ruby/object:Gem::Version
72
72
  version: '6.0'
73
73
  - !ruby/object:Gem::Dependency
74
- name: paper_trail
74
+ name: devise
75
75
  requirement: !ruby/object:Gem::Requirement
76
76
  requirements:
77
77
  - - ">="
@@ -90,20 +90,6 @@ dependencies:
90
90
  - - "<"
91
91
  - !ruby/object:Gem::Version
92
92
  version: '6.0'
93
- - !ruby/object:Gem::Dependency
94
- name: devise
95
- requirement: !ruby/object:Gem::Requirement
96
- requirements:
97
- - - ">="
98
- - !ruby/object:Gem::Version
99
- version: 3.2.2
100
- type: :runtime
101
- prerelease: false
102
- version_requirements: !ruby/object:Gem::Requirement
103
- requirements:
104
- - - ">="
105
- - !ruby/object:Gem::Version
106
- version: 3.2.2
107
93
  - !ruby/object:Gem::Dependency
108
94
  name: bundler
109
95
  requirement: !ruby/object:Gem::Requirement