1. Tildeslash Avatar Tildeslash
  2. Untitled project
  3. Monit
  4. Issues

web interface failed password logging for sshguard/fail2ban

Issue #79 closed
three sixes created an issue

monit doesn't pass failed log in attempts of the web interface to syslog-ng so fail2ban/sshguard can not detect when passwords are streamed to monits web interface, or source to ban/block.

https://wiki.gentoo.org/wiki/Monit#Users

monits web interface is vulnerable to brute force attacks. usernames and passwords must be guessed so its not that big of a deal but kicking people out that are probing a bit too much, or outright streaming passwords would be excellent.

"File/etc/monitrc allow admin:monit" if that's not a gentoo specific thing, monit should ship secure by default.

thanks a zillion... -threesixes

Comments (3)

  1. Tildeslash repo owner

    Monit logs error if wrong user or password is provided:

    1.) Invalid user:

    Warning: Client '<IP>' supplied unknown user '<USER>' accessing monit httpd

    2.) wrong password:

    Warning: Client '<IP>' supplied wrong password for user '<USER>' accessing monit httpd

    Please check that you have Monit log enabled ("set logfile ..." statement) and that you're not using some old Monit version.

  4. Log in to comment
Assignee
Type
bug
Priority
trivial
Status
closed
Component
Monit
Version
Votes
0
Watchers
2