web interface failed password logging for sshguard/fail2ban
Issue #79
closed
monit doesn't pass failed log in attempts of the web interface to syslog-ng so fail2ban/sshguard can not detect when passwords are streamed to monits web interface, or source to ban/block.
https://wiki.gentoo.org/wiki/Monit#Users
monits web interface is vulnerable to brute force attacks. usernames and passwords must be guessed so its not that big of a deal but kicking people out that are probing a bit too much, or outright streaming passwords would be excellent.
"File/etc/monitrc allow admin:monit" if that's not a gentoo specific thing, monit should ship secure by default.
thanks a zillion... -threesixes
Comments (3)
-
repo owner -
repo owner - changed status to closed
-
repo owner - removed version
Removing version: 5.8.1 (automated comment)
- Log in to comment
Monit logs error if wrong user or password is provided:
1.) Invalid user:
2.) wrong password:
Please check that you have Monit log enabled ("set logfile ..." statement) and that you're not using some old Monit version.