Protect using Fail2Ban / Log for login attempts?


#1

Hi there,

I am trying to secure Piwik with my Fail2Ban application, but in order to do so it requires a log file somewhere that login attempts (failed or successful) are logged. For the life of me, I cannot see this being logged anywhere.

Does anyone know where the login attempts are logged, or alternatively how to protect Piwik using Fail2Ban?

Thanks in advance!

Dustin Dauncey


(Matthieu Aubry) #2

FYI here is our related feature request: Lock down accounts by IP after N failed attemps at logging · Issue #2888 · matomo-org/matomo · GitHub

Regarding how to get information of failed login / logouts, you can maybe use an event: Events - Matomo Analytics (formerly Piwik Analytics) - Developer Docs - v3


#3

Ah yes, I found that feature request on Github too but didn’t feel it was proper for me to write a “is this possible” on it, didn’t want to take it off-track. Figured a forum post would be best. haha!

I’m surprised it’s taken over two years to implement a basic logging system so I thought maybe it was just defunct or something, outdated, etc. Oh wells. Not complaining, I promise! haha!

I’ll look at that “Event” part if I can do that. It isn’t a huge deal since Piwik doesn’t include any critical information, but I’d definitely love to be able to use Fail2Ban with Piwik sometime sooner than later.

Thanks for pointing me in that direction! Once I explore it and see if I can implement it, I’ll try to update this for people with perhaps more instructions on that process.


(Matthieu Aubry) #4

Figured a forum post would be best. haha!

Yes thanks for that, it’s good thinking. It’s good to post in forums by default rather than github if you’re not sure

If you try to implement it and have more questions feel free to post them in the Plugins & Developers forum


(Patrick Brosi) #5

There is now a simplistic plugin that logs failed login attempts to the standard Piwik log: GitHub - patrickbr/piwik-LoginFailLog: Simple Piwik plugin that logs failed login attempts. May be used for securing Piwik with fail2ban or similar tools.

You can also find it in the Piwik marketplace.

I use this sucessfully with fail2ban on my server. An example fail2ban filter configuration is included in the README.


#6

Where does it log? I can’t find the auth events in /var/log/auth.log nor /var/log/nginx.

I use fail2ban on all my servers and piwik/matomo 3.5.0. Did you test it with the last release? There was quite some change in he code.