28,939
edits
Changes
m
→File:art.png Security Features
Line 97:
Line 97:
+
*Can output a log record into a log file (module Debug Log must be enabled with at least level 5-LOG_NOTICE on production server, higher on development server) after success or failed login attempt so you can add a fail2ban rule to lock brute force cracking. You can check record with syntax :
*Can output a log record into a log file (module Debug Log must be enabled with at least level 5-LOG_NOTICE on production server, higher on development server) after success or failed login attempt so you can add a fail2ban rule to lock brute force cracking. You can check record with syntax :
"YYYY-MM-DD HH:MM:SS (ERROR|NOTICE|INFO|DEBUG) IP functions_dolibarr::check_user_password_.* Authentication KO"
"YYYY-MM-DD HH:MM:SS (ERROR|NOTICE|INFO|DEBUG) IP functions_dolibarr::check_user_password_.* Authentication KO"
−A list of fail2ban rules to add to your server is provided on chapter '''DOS and Brute force rate Mitigation''' later.
'''Viruses'''
'''Viruses'''
Line 121:
Line 121:
−'''DOS and Brute force Mitigation'''
+'''DOS and Brute force rate Mitigation'''
The project provide examples of some fail2ban rules to block brute force attempts or abusive access on login page, password forgotten page and on any public pages. See https://github.com/Dolibarr/dolibarr/tree/develop/dev/setup/fail2ban
The project provide examples of some fail2ban rules to block brute force attempts or abusive access on login page, password forgotten page and on any public pages. See https://github.com/Dolibarr/dolibarr/tree/develop/dev/setup/fail2ban