Added bad login IP blocking cooloff support.
This commit is contained in:
parent
2ab89dc8a9
commit
07d4099892
|
@ -2039,8 +2039,7 @@ function mainStart() {
|
|||
var modules = ['ws', 'cbor', 'nedb', 'https', 'yauzl', 'xmldom', 'ipcheck', 'express', 'archiver', 'multiparty', 'node-forge', 'express-ws', 'compression', 'body-parser', 'connect-redis', 'cookie-session', 'express-handlebars'];
|
||||
if (require('os').platform() == 'win32') { modules.push('node-windows'); if (sspi == true) { modules.push('node-sspi'); } } // Add Windows modules
|
||||
if (ldap == true) { modules.push('ldapauth-fork'); }
|
||||
//if (config.letsencrypt != null) { modules.push('greenlock@2.8.8'); modules.push('le-store-certbot'); modules.push('le-challenge-fs'); modules.push('le-acme-core'); } // Add Greenlock Modules
|
||||
if (config.letsencrypt != null) { if ((nodeVersion < 10) || (require('crypto').generateKeyPair == null)) { console.log("WARNING: Let's Encrypt support requires Node v10.12.0 or higher."); } else { modules.push('greenlock'); } } // Add Greenlock Module
|
||||
if (config.letsencrypt != null) { if ((nodeVersion < 10) || (require('crypto').generateKeyPair == null)) { if (!args.launch) { console.log("WARNING: Let's Encrypt support requires Node v10.12.0 or higher."); } } else { modules.push('greenlock'); } } // Add Greenlock Module
|
||||
if (config.settings.mqtt != null) { modules.push('aedes'); } // Add MQTT Modules
|
||||
if (config.settings.mongodb != null) { modules.push('mongodb'); } // Add MongoDB, official driver.
|
||||
if (config.settings.vault != null) { modules.push('node-vault'); } // Add official HashiCorp's Vault module.
|
||||
|
|
15
meshuser.js
15
meshuser.js
|
@ -693,10 +693,21 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
|
|||
break;
|
||||
}
|
||||
case 'badlogins': {
|
||||
r = "Max is " + parent.parent.config.settings.maxinvalidlogin.count + " bad login(s) in " + parent.parent.config.settings.maxinvalidlogin.time + " minute(s).\r\n";
|
||||
if (typeof parent.parent.config.settings.maxinvalidlogin.coolofftime == 'number') {
|
||||
r = "Max is " + parent.parent.config.settings.maxinvalidlogin.count + " bad login(s) in " + parent.parent.config.settings.maxinvalidlogin.time + " minute(s), " + parent.parent.config.settings.maxinvalidlogin.coolofftime + " minute(s) cooloff.\r\n";
|
||||
} else {
|
||||
r = "Max is " + parent.parent.config.settings.maxinvalidlogin.count + " bad login(s) in " + parent.parent.config.settings.maxinvalidlogin.time + " minute(s).\r\n";
|
||||
}
|
||||
var badLoginCount = 0;
|
||||
parent.cleanBadLoginTable();
|
||||
for (var i in parent.badLoginTable) { badLoginCount++; r += (i + ' - ' + parent.badLoginTable[i].length + " entries\r\n"); }
|
||||
for (var i in parent.badLoginTable) {
|
||||
badLoginCount++;
|
||||
if (typeof parent.badLoginTable[i] == 'number') {
|
||||
r += "Cooloff for " + Math.floor((parent.badLoginTable[i] - Date.now()) / 60000) + " minute(s)\r\n";
|
||||
} else {
|
||||
r += (i + ' - ' + parent.badLoginTable[i].length + " entries\r\n");
|
||||
}
|
||||
}
|
||||
if (badLoginCount == 0) { r += 'No bad logins.'; }
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "meshcentral",
|
||||
"version": "0.4.4-m",
|
||||
"version": "0.4.4-o",
|
||||
"keywords": [
|
||||
"Remote Management",
|
||||
"Intel AMT",
|
||||
|
|
|
@ -60,7 +60,7 @@
|
|||
"meshcommander": "https://www.meshcommander.com/"
|
||||
},
|
||||
"__MaxInvalidLogin": "Time in minutes, max amount of bad logins from a source IP in the time before logins are rejected.",
|
||||
"MaxInvalidLogin": { "time": 10, "count": 10 }
|
||||
"MaxInvalidLogin": { "time": 10, "count": 10, "coolofftime": 10 }
|
||||
},
|
||||
"_domains": {
|
||||
"": {
|
||||
|
|
16
webserver.js
16
webserver.js
|
@ -4038,26 +4038,36 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
|||
if (parent.config.settings.maxinvalidlogin == null) { parent.config.settings.maxinvalidlogin = { time: 10, count: 10 }; }
|
||||
if (typeof parent.config.settings.maxinvalidlogin.time != 'number') { parent.config.settings.maxinvalidlogin.time = 10; }
|
||||
if (typeof parent.config.settings.maxinvalidlogin.count != 'number') { parent.config.settings.maxinvalidlogin.count = 10; }
|
||||
if ((typeof parent.config.settings.maxinvalidlogin.coolofftime != 'number') || (parent.config.settings.maxinvalidlogin.coolofftime < 1)) { parent.config.settings.maxinvalidlogin.coolofftime = null; }
|
||||
obj.setbadLogin = function (ip) { // Set an IP address that just did a bad login request
|
||||
if (typeof ip == 'object') { ip = cleanRemoteAddr(ip.ip); }
|
||||
if (++obj.badLoginTableLastClean > 100) { obj.cleanBadLoginTable(); }
|
||||
if (typeof obj.badLoginTable[ip] == 'number') { if (obj.badLoginTable[ip] < Date.now()) { delete obj.badLoginTable[ip]; } else { return; } } // Check cooloff period
|
||||
if (obj.badLoginTable[ip] == null) { obj.badLoginTable[ip] = [Date.now()]; } else { obj.badLoginTable[ip].push(Date.now()); }
|
||||
if ((obj.badLoginTable[ip].length >= parent.config.settings.maxinvalidlogin.count) && (parent.config.settings.maxinvalidlogin.coolofftime != null)) {
|
||||
obj.badLoginTable[ip] = Date.now() + (parent.config.settings.maxinvalidlogin.coolofftime * 60000); // Move to cooloff period
|
||||
}
|
||||
}
|
||||
obj.checkAllowLogin = function (ip) { // Check if an IP address is allowed to login
|
||||
if (typeof ip == 'object') { ip = cleanRemoteAddr(ip.ip); }
|
||||
var cutoffTime = Date.now() - (parent.config.settings.maxinvalidlogin.time * 60000); // Time in minutes
|
||||
var ipTable = obj.badLoginTable[ip];
|
||||
if (ipTable == null) return true;
|
||||
if (typeof ipTable == 'number') { if (obj.badLoginTable[ip] < Date.now()) { delete obj.badLoginTable[ip]; } else { return false; } } // Check cooloff period
|
||||
while ((ipTable.length > 0) && (ipTable[0] < cutoffTime)) { ipTable.shift(); }
|
||||
if (ipTable.length == 0) { delete obj.badLoginTable[ip]; return true; }
|
||||
return (ipTable.length < parent.config.settings.maxinvalidlogin.count); // No more than x bad logins in x minutes
|
||||
}
|
||||
obj.cleanBadLoginTable = function () { // Clean up the IP address login blockage table, we do this occasionaly.
|
||||
var cutoffTime = Date.now() - (parent.config.settings.maxinvalidlogin.time * 60000); // Time in minutes
|
||||
for (var i in ipTable) {
|
||||
for (var ip in obj.badLoginTable) {
|
||||
var ipTable = obj.badLoginTable[ip];
|
||||
while ((ipTable.length > 0) && (ipTable[0] < cutoffTime)) { ipTable.shift(); }
|
||||
if (ipTable.length == 0) { delete obj.badLoginTable[ip]; }
|
||||
if (typeof ipTable == 'number') {
|
||||
if (obj.badLoginTable[ip] < Date.now()) { delete obj.badLoginTable[ip]; } // Check cooloff period
|
||||
} else {
|
||||
while ((ipTable.length > 0) && (ipTable[0] < cutoffTime)) { ipTable.shift(); }
|
||||
if (ipTable.length == 0) { delete obj.badLoginTable[ip]; }
|
||||
}
|
||||
}
|
||||
obj.badLoginTableLastClean = 0;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue