YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Diagnosis: report suspiciously high number of auth failures

Browse source
This commit is contained in:
Alexandre Aubin 2021-08-19 01:10:54 +02:00
parent 1f7faabc30
commit 9e63142748
2 changed files with 22 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
data/hooks/diagnosis/00-basesystem.py
View file

@ -133,6 +133,13 @@ class BaseSystemDiagnoser(Diagnoser):
summary="diagnosis_backports_in_sources_list", summary="diagnosis_backports_in_sources_list",
) )
if self.number_of_recent_auth_failure() > 500:
yield dict(
meta={"test": "high_number_auth_failure"},
status="WARNING",
summary="diagnosis_high_number_auth_failures",
)
def bad_sury_packages(self): def bad_sury_packages(self):
packages_to_check = ["openssl", "libssl1.1", "libssl-dev"] packages_to_check = ["openssl", "libssl1.1", "libssl-dev"]
@ -154,6 +161,20 @@ class BaseSystemDiagnoser(Diagnoser):
cmd = "grep -q -nr '^ *deb .*-backports' /etc/apt/sources.list*" cmd = "grep -q -nr '^ *deb .*-backports' /etc/apt/sources.list*"
return os.system(cmd) == 0 return os.system(cmd) == 0
def number_of_recent_auth_failure(self):
# Those syslog facilities correspond to auth and authpriv
# c.f. https://unix.stackexchange.com/a/401398
# and https://wiki.archlinux.org/title/Systemd/Journal#Facility
cmd = "journalctl -q SYSLOG_FACILITY=10 SYSLOG_FACILITY=4 --since '1day ago' | grep 'authentication failure' | wc -l"
n_failures = check_output(cmd)
try:
return int(n_failures)
except Exception:
self.logger_warning("Failed to parse number of recent auth failures, expected an int, got '%s'" % n_failures)
return -1
def is_vulnerable_to_meltdown(self): def is_vulnerable_to_meltdown(self):
# meltdown CVE: https://security-tracker.debian.org/tracker/CVE-2017-5754 # meltdown CVE: https://security-tracker.debian.org/tracker/CVE-2017-5754

1
locales/en.json
View file

@ -239,6 +239,7 @@
"diagnosis_rootfstotalspace_critical": "The root filesystem only has a total of {space} which is quite worrisome! You will likely run out of disk space very quickly! It's recommended to have at least 16 GB for the root filesystem.", "diagnosis_rootfstotalspace_critical": "The root filesystem only has a total of {space} which is quite worrisome! You will likely run out of disk space very quickly! It's recommended to have at least 16 GB for the root filesystem.",
"diagnosis_security_vulnerable_to_meltdown": "You appear vulnerable to the Meltdown criticial security vulnerability", "diagnosis_security_vulnerable_to_meltdown": "You appear vulnerable to the Meltdown criticial security vulnerability",
"diagnosis_security_vulnerable_to_meltdown_details": "To fix this, you should upgrade your system and reboot to load the new linux kernel (or contact your server provider if this doesn't work). See https://meltdownattack.com/ for more infos.", "diagnosis_security_vulnerable_to_meltdown_details": "To fix this, you should upgrade your system and reboot to load the new linux kernel (or contact your server provider if this doesn't work). See https://meltdownattack.com/ for more infos.",
"diagnosis_high_number_auth_failures": "There's been a suspiciously high number of authentication failures recently. You may want to make sure that fail2ban is running and is correctly configured, or use a custom port for SSH as explained in https://yunohost.org/security.",
"diagnosis_description_basesystem": "Base system", "diagnosis_description_basesystem": "Base system",
"diagnosis_description_ip": "Internet connectivity", "diagnosis_description_ip": "Internet connectivity",
"diagnosis_description_dnsrecords": "DNS records", "diagnosis_description_dnsrecords": "DNS records",