login_attack_report 0.2.1 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +4 -1
- data/lib/login_attack_report/l_a_r_version_concern.rb +4 -3
- data/lib/login_attack_report/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3c84dbee098b60e3f36fe5817ea823f35ae78384
|
|
4
|
+
data.tar.gz: 0768bdf44ec1f936f31e1dbc6dbf3587f4a40461
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 627e90342d48447d920b8796afd8a13aa05dd849c56a43146b5a47768f7d3816459a60e740d4001c90cf646bb81643f44bf93f0cb29e2e1ea832008247bf106a
|
|
7
|
+
data.tar.gz: 738e90ffd92db5072a383a4d4dfaeda7f89f3a536652c1336d185d175226dc78ad6acaed99eda127c2124ed9074fa24b8329ef7ec856af190d610a2bbf0f09a5
|
data/README.md
CHANGED
|
@@ -52,6 +52,7 @@ end
|
|
|
52
52
|
前月のログイン成功回数のlimitを超えたユーザを抽出します。
|
|
53
53
|
※ 異常に多い場合、どこかでID/パスワードが漏れている、もしくはIDが共有されている可能性あり
|
|
54
54
|
```ruby
|
|
55
|
+
# @return ActiveRecord::Relation::ActiveRecord_Relation_PaperTrail_Version
|
|
55
56
|
LoginAttackReport::LARVersion.login_ok_limit_over(:User)
|
|
56
57
|
```
|
|
57
58
|
|
|
@@ -59,13 +60,15 @@ end
|
|
|
59
60
|
前月のログイン失敗回数のlimitを超えたユーザを抽出します。
|
|
60
61
|
※ 異常に多い場合、リスト型攻撃を受けている可能性あり
|
|
61
62
|
```ruby
|
|
63
|
+
# @return ActiveRecord::Relation::ActiveRecord_Relation_PaperTrail_Version
|
|
62
64
|
LoginAttackReport::LARVersion.login_ng_limit_over(:User)
|
|
63
65
|
```
|
|
64
66
|
|
|
65
67
|
|
|
66
|
-
(未実装)前月のログイン元同一ipのlimit
|
|
68
|
+
(未実装)前月のログイン元同一ipのlimitを超えたIPアドレスの一覧を抽出します。
|
|
67
69
|
※ 同一ipでログイン失敗回数が多かったら、攻撃されている可能性あり
|
|
68
70
|
```ruby
|
|
71
|
+
# @return Hash IPs list {ip: count, ...}
|
|
69
72
|
LoginAttackReport::LARVersion.ip_limit_over(:User)
|
|
70
73
|
```
|
|
71
74
|
|
|
@@ -30,6 +30,7 @@ module LoginAttackReport
|
|
|
30
30
|
end
|
|
31
31
|
|
|
32
32
|
def ip_limit_over(model)
|
|
33
|
+
ips = {}
|
|
33
34
|
alert_ip_limit_over = PaperTrail::Version
|
|
34
35
|
.where(item_type: model)
|
|
35
36
|
.where(
|
|
@@ -57,11 +58,11 @@ module LoginAttackReport
|
|
|
57
58
|
ng_hash[current_sign_in_ip] = 1
|
|
58
59
|
end
|
|
59
60
|
end
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
61
|
+
ng_hash.each do |key, ng_count|
|
|
62
|
+
ips[key] = ng_count if ng_count.to_i > LoginAttackReport.same_ip_login_ng_limit
|
|
63
63
|
end
|
|
64
64
|
end
|
|
65
|
+
ips
|
|
65
66
|
end
|
|
66
67
|
end
|
|
67
68
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: login_attack_report
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- taru m
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-07-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activerecord
|