I have written a patch that makes log_badlogins, use the "raddb/clients.conf" file to determine the NAS-IP-Address.
This patch is not in CVS yet, I am waiting for some more important patches to applied to CVS before I resubmit this patch.
Here is a patched version for you to try.
Joe Bonow wrote:
Hello:
After searching the limited archive I am unable to find info on how to have the Login Incorrect return the name of the nas that the login failed on. As an example my radius.log file shows this line:
Thu Dec 11 11:42:17 2003 : Auth: Login incorrect: [test/abc] (from client ip99 port 1)
I am using dialup admin to check for bad logins and after reviewing the script it seems that the ip99 response should be more long the lines of say nameofnas or nameofnas.domain. Any help would be appreciated. Oh I am using a Livingston Portmaster 2e as the nas and the version of freeradius i am running is 0.9.2. Thanks in advance for assistance.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Guy Fraser Network Administrator The Internet Centre 780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the line with pride. Not all things will end up as you wanted, but you will certainly discover things the meek and timid will miss out on.
#!/usr/bin/perl
#
# Log failed logins in the sql database
# Works only with mysql an postgresql {look for PG and change commented lines}
# It will read the sql parameters from the admin.conf file
#
# Usage:
# log_badlogins <radius.log> [<admin.conf>] [all]
#
# Defaults:
# radius.log: none
# admin.conf: /usr/local/dialup_admin/conf/admin.conf
# all: no. Go to the end of the file. Don't read it all.
use Date::Manip qw(ParseDate UnixDate);
use Digest::MD5;
$|=1;
$file=shift||'none';
$conf=shift||'/usr/local/dialup_admin/conf/admin.conf';
$all_file=shift||'no';
#
#
# CHANGE THESE TO MATCH YOUR SETUP
#
#$regexp = 'from client localhost port 135|from client blabla ';
$tmpfile='/var/tmp/sql.input';
#
#
open CONF, "<$conf"
or die "Could not open configuration file\n";
while(<CONF>){
chomp;
($key,$val)=(split /:\s*/,$_);
$sql_server = $val if ($key eq 'sql_server');
$sql_username = $val if ($key eq 'sql_username');
$sql_password = $val if ($key eq 'sql_password');
$sql_database = $val if ($key eq 'sql_database');
$sql_accounting_table = $val if ($key eq 'sql_accounting_table');
$realm_strip = $val if ($key eq 'general_strip_realms');
$realm_del = $val if ($key eq 'general_realm_delimiter');
$realm_for = $val if ($key eq 'general_realm_format');
$domain = $val if ($key eq 'general_domain');
$sql_timeout = $val if ($key eq 'sql_connect_timeout');
$sql_extra = $val if ($key eq 'sql_extra_servers');
$sqlcmd = $val if ($key eq 'sql_command');
$clients= $val if ($key eq 'general_clients_conf');
}
close CONF;
open CLIENTS, "<$clients"
or die "Could not open $clients file\n";
while(<CLIENTS>){
chomp;
s/^\s*//g;
s/\s*#.*//g;
if (!/^\s*$/ && /=/) {
($key,$val)=(split /\s*=\s*/,$_);
$client_short = $val if ($key eq 'shortname');
} else {
if (/\{/) {
s/.*client\s+([^\s]*)\s+\{.*$/\1/;
if (/^\d+\.\d+\.\d+\.\d+/) {
$client = $_;
} else {
if (/\./ || /localhost/) {
$name = $_ ;
} else {
$name = $_.".".$domain;
}
$addr = gethostbyname $name;
($a,$b,$c,$d)=unpack('C4',$addr);
$client = "$a.$b.$c.$d";
#DEBUG# print $name." = ".$client."\n";
}
} else {
if (/\}/) {
$client_array{$client_short} .= $client;
}
}
}
}
close CLIENTS;
$realm_del = '@' if ($realm_del eq '');
$realm_for = 'suffix' if ($realm_for eq '');
$pass = ($sql_password ne '') ? "-p$sql_password" : '';
die "SQL server not defined\n" if ($sql_server eq '');
die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq '');
die "Could not find sql binary. Please make sure that the \$sqlcmd variable points to
the right location\n" if (! -x $sqlcmd);
$opt = "-O connect_timeout=$sql_timeout" if ($sql_timeout);
@servers = (split /\s+/,$sql_extra) if ($sql_extra ne '');
unshift @servers, $sql_server;
open LOG, "<$file"
or die "Could not open file $file\n";
seek LOG, 0, 2 if ($all_file eq 'no');
for(;;){
while(<LOG>){
$do=0;
chomp;
next if ($regexp ne '' && !/$regexp/);
if ($_ ne ''){
$user = $nas = $port = $caller = '-';
if (/Login incorrect/){
if (/Login incorrect \((.+?)\):/){
$cause = "Login-Incorrect ($1)";
}else{
$cause='Login-Incorrect';
}
$do=1;
}
elsif (/Invalid user/){
if (/Invalid user \((.+?)\):/){
$cause = "Invalid-User ($1)";
}else{
$cause='Invalid-User';
}
$do=1;
}
elsif (/Multiple logins/){
$cause='Multiple-Logins';
$do=1;
}
elsif (/(Outside allowed timespan \(.+?\)):/){
$cause = "$1";
$do=1;
}
if ($do){
$date = (split / : /,$_)[0];
$date2 = ParseDate($date);
if ($date2){
($year,$mon,$mday,$hour,$min,$sec)=UnixDate($date2,'%Y','%m','%d','%H','%M','%S');
}
$time = "$year-$mon-$mday $hour:$min:$sec";
if (/\[([EMAIL PROTECTED])\]\s+\(from (.+?)\)/){
$user = $1;
($nas,$port) = (split /\s+/,$2)[1,3];
if ($2 =~ /cli (.+?)$/){
$caller = $1;
}
}
elsif (/\[([EMAIL PROTECTED])\/.+?\]\s+\(from
(.+?)\)/){
$user = $1;
($nas,$port) = (split /\s+/,$2)[1,3];
if ($2 =~ /cli (.+?)$/){
$caller = $1;
}
}
$caller='' if (!defined($caller));
$user =~s/[EMAIL PROTECTED]//g;
$nas =~s/[^\w\.]//g;
$port =~s/[^\d]//g;
$addr = $client_array{$nas};
if ($user ne '' && $realm_strip eq 'yes'){
($one,$two) = (split /$realm_del/, $user)[0,1];
if ($two ne ''){
$user = ($realm_for eq 'suffix') ?
$one : $two;
}
}
foreach $server (@servers){
unlink "$tmpfile.$server" if
($delete{$server});
open TMP, ">>$tmpfile.$server"
or die "Could not open temporary
file\n";
$ctx = Digest::MD5->new;
$ctx->add($user);
$ctx->add($addr);
$ctx->add($port);
$ctx->add($time);
$ctx->add('badlogin');
$uniqueid = $ctx->hexdigest;
#DEBUG# print "INSERT INTO $sql_accounting_table
(UserName,AcctUniqueId,NASIPAddress,NASPortId,AcctStartTime,AcctStopTime,AcctSessionTime,AcctInputOctets,AcctOutputOctets,CallingStationId,AcctTerminateCause)
VALUES
('$user','$uniqueid','$addr','$port','$time','$time','0','0','0','$caller','$cause');";
print TMP "INSERT INTO $sql_accounting_table
(UserName,AcctUniqueId,NASIPAddress,NASPortId,AcctStartTime,AcctStopTime,AcctSessionTime,AcctInputOctets,AcctOutputOctets,CallingStationId,AcctTerminateCause)
VALUES
('$user','$uniqueid','$addr','$port','$time','$time','0','0','0','$caller','$cause');";
close TMP;
#MYSQL
`$sqlcmd -h$server $opt -u$sql_username $pass
$sql_database <$tmpfile.$server`;
#PG
# `$sqlcmd -U $sql_username -f $tmpfile.$server
$sql_database`;
$exit = $? >> 8;
$delete{$server} = ($exit == 0) ? 1 : 0;
print "ERROR: SQL query failed for host
$server\n" if ($exit != 0);
}
}
}
}
sleep 2;
seek LOG,0,1;
}
