Re: [owncloud-user] How-to check authentication failures & authentication consistency

Tue, 14 Oct 2014 00:37:10 -0700 

Le 13/10/2014 22:48, Chris a écrit :

Hi,


Do *all* differents access types (API, owncloud sync engine, CardDAV)
provide

login failures in the *same* log file using the *same* format ?

i think the easiest way is to just try it out and create wrong logins.
Then you see the current status / syntax.

Hello Chris,
Of course I have done some tests and I supposed there is only one log format and one log location. 

But I ask the question to be sure.
With my own tests, I am not totally sure to test all cases due to my lack of understanding about OC authentication mechanisms for all types of access : API, CardDAV, sync etc.
So if an OC developer may confirm this assertion (or not), it would be very valuable imho :-) 
But when reading this PR correctly:

https://github.com/owncloud/core/pull/10442

there is only one single format of the logging.
Effectively, I also have seen this code that changes the log format for the 7.0.2 release. 

* Advice for future release management :
The 7.0.2 changelog was not very clear about the change despite the mention in this PR.
OC release manager should be more clear in the changelog than this 0.7.2 changelog for this type of log format change. These are the 2 lines mentioning "log" items in the 7.0.2 changelog (http://owncloud.org/changelog/) : 

. Log failed authentication
. Remove confusing 'automatic logon rejected' message
It does not say clearly that the log format evolves and for my part, I noticed this change by pure chance in september. I really think there are currently out in the wild a lot of Fail2ban installations that do not filter bruteforce anymore for OC :/
May be an official page in OC documentation giving/maintaining the Fail2ban regex with corresponding OC version ? 

BR
Christophe



*****************************************************
"Le contenu de ce courriel et ses eventuelles pièces jointes sont 
confidentiels. Ils s'adressent exclusivement à la personne destinataire. Si cet 
envoi ne vous est pas destiné, ou si vous l'avez reçu par erreur, et afin de ne pas 
violer le secret des correspondances, vous ne devez pas le transmettre à d'autres 
personnes ni le reproduire. Merci de le renvoyer à l'émetteur et de le détruire.

Attention : L'Organisme de l'émetteur du message ne pourra être tenu responsable de 
l'altération du présent courriel. Il appartient au destinataire de vérifier que les 
messages et pièces jointes reçus ne contiennent pas de virus. Les opinions contenues 
dans ce courriel et ses éventuelles pièces jointes sont celles de l'émetteur. Elles 
ne reflètent pas la position de l'Organisme sauf s'il en est disposé autrement dans 
le présent courriel."
******************************************************

_______________________________________________
User mailing list
[email protected]
http://mailman.owncloud.org/mailman/listinfo/user

Reply via email to