Guardian@JUMPERZ.NET :Plugins :Standard plugins :

BasicAuthenticationManager

Prev Next
This plugin detects brute force attacks against BASIC authentication, and additionaly it logs username and password when login attempt fails.

This plugin denies following login attempts if the client from same IP address has made more than a specified number of failed login attempts. This number is called "maxDenial" and the value is 0 by default. 0 means infinite. To set this value, add a line to "control" file like this:

basicAuthenticationManager.maxDenial=20


In this example, "maxDenial" is set to 20. If the plugin detects 20 times of failed login attempts from an IP address, following login attempts from that IP address will be denied. So to speak, the IP addresses will be treated as a "BLACKLIST".

By default, the "BLACKLIST" is cleared at each reboot. If you want to keep the "BLACKLIST" permanently, add two lines to "control" file like this:

basicAuthenticationManager.permanent=true
basicAuthenticationManager.blackListFileName=/etc/guardian/auth_blacklist.txt


The first line indicates that the "BLACKLIST" is permanent. The second line indicates the name of the "BLACKLIST" file. This file must be readable and writable. Guardian@JUMPERZ.NET writes IP addresses to this file on shutdown, and reads IP addresses from this file on startup.

Regardless of these settings, this plugin logs username ( and password if you want ) like the following example when login attempt failes.

Wed Sep 29 14:05:45 JST 2004 : Alert:192.168.1.2:1913:PLUGIN:net.jumperz.app.MGuardian.plugin.MBasicAuthenticationManager:johndoe:1096434345533_1913


In this example, we can see that username "johndoe" is used as the authentication data.

If you want to log passwords, add a line to "control" file like this:

basicAuthenticationManager.logPassword=true


If the "logPassword" is set to "true", the plugin logs username and password like the following example when login attempt failes.

Wed Sep 29 14:05:45 JST 2004 : Alert:192.168.1.2:1913:PLUGIN:net.jumperz.app.MGuardian.plugin.MBasicAuthenticationManager:johndoe:madmax:1096434345533_1913


In this example, we can see that username "johndoe" and password "madmax" is used as the authentication data.

If you don't need to log username and password, add a line to the "control" file like this:

basicAuthenticationManager.logFailure=false


This plugin is made on the assumption that it would be called by GID30 and GID32.
Standard plugins