Are Web UI password errors logged?

General support for problems installing or using Deluge
ricksebak
Member
Member
Posts: 12
Joined: Wed Jan 02, 2013 2:11 am
OS or Distro: Ubuntu 12.04

Are Web UI password errors logged?

Postby ricksebak » Wed Jan 23, 2013 1:33 am

If someone uses the wrong password when attempting to use the web UI, is that logged anywhere? I tried all available log levels when starting deluge-web, then put in the wrong password at the web UI, but didn't see it in the logs.

In case it matters, the reason I'm asking is because I'd like to integrate it into fail2ban ( http://www.fail2ban.org/wiki/index.php/Main_Page )

Cas
Top Bloke
Top Bloke
Posts: 3426
Joined: Mon Dec 07, 2009 6:04 am
OS or Distro: Ubuntu 16.04
Location: Scotland

Re: Are Web UI password errors logged?

Postby Cas » Wed Jan 23, 2013 12:09 pm

No not currently but it is quite trivial to add to webui by adding the following line just before the last line of auth.py

Code: Select all

log.error('Login failed (ClientIP %s)', __request__.getClientIP())

This is how it should look:

Code: Select all

         if self.check_password(password):
             return self._create_session(__request__)
         else:
             log.error('Login failed (ClientIP %s)', __request__.getClientIP())
             return False

and the resulting log message:

Code: Select all

[ERROR   ] 11:59:30 auth:325 Login failed (ClientIP 127.0.0.1)

ricksebak
Member
Member
Posts: 12
Joined: Wed Jan 02, 2013 2:11 am
OS or Distro: Ubuntu 12.04

Re: Are Web UI password errors logged?

Postby ricksebak » Wed Jan 23, 2013 2:36 pm

Thanks, the log entry that you posted is exactly what I want. But I wasn't able to get it to output that entry. Here's what I have:

Code: Select all

$ tail -5 /usr/share/pyshared/deluge/ui/web/auth.py
        if self.check_password(password):
            return self._create_session(__request__)
        else:
            log.error('Login failed (ClientIP %s)', __request__.getClientIP())
            return False

$ grep DAEMON2_ARGS= /etc/init.d/deluge-daemon
DAEMON2_ARGS="-L error -l /var/log/deluge/web/error.log"

$ /etc/init.d/deluge-daemon restart
 * Restarting Deluge Daemon deluged                                            [ OK ]


Then I try to log in to the webui with the wrong password, which it rejects, but /var/log/deluge/web/error.log is still empty. Do you know what I'm missing?

Cas
Top Bloke
Top Bloke
Posts: 3426
Joined: Mon Dec 07, 2009 6:04 am
OS or Distro: Ubuntu 16.04
Location: Scotland

Re: Are Web UI password errors logged?

Postby Cas » Wed Jan 23, 2013 4:17 pm

You need to be logging deluge-web not deluged.

ricksebak
Member
Member
Posts: 12
Joined: Wed Jan 02, 2013 2:11 am
OS or Distro: Ubuntu 12.04

Re: Are Web UI password errors logged?

Postby ricksebak » Thu Jan 24, 2013 3:59 am

As it turned out, I had everything set up correctly, but deluge-web hadn't restarted. I thought the init script would've done that, but it didn't. After I killed off deluge-web and started it up again it started logging the way I want. Thanks!

ricksebak
Member
Member
Posts: 12
Joined: Wed Jan 02, 2013 2:11 am
OS or Distro: Ubuntu 12.04

Re: Are Web UI password errors logged?

Postby ricksebak » Thu Jan 24, 2013 4:00 am

In case anyone sees this from google or anyone else wants to get fail2ban to work with deluge-web, here's what I ended up doing:

I'm running Ubuntu 12.04, with deluge installed from apt-get, so the locations of files may vary if you are using something else, I guess.

I set line 325 of /usr/share/pyshared/deluge/ui/web/auth.py to basicly what Cas said above:

Code: Select all

            log.error('Login failed from %s', __request__.getClientIP())


I modified the startup script so that it would log errors in deluge-web (line 24 of /etc/init.d/deluge-daemon):

Code: Select all

DAEMON2_ARGS="-L error -l /var/log/deluge/web/error.log"


Then install fail2ban.

fail2ban wouldn't work without having the timestamp at the beginning of the line, so I changed the log format of deluge so that it would do that. Line 62 of /usr/share/pyshared/deluge/log.py:

Code: Select all

        format="%(asctime)s %(levelname)-8s %(module)s:%(lineno)d %(message)s",


If Cas or anyone else has a reason why I shouldn't have changed that, please let me know.

Then restart deluge-web, as I failed to do initially, and deluge-web should be logging in a way that fail2ban can work with. Then I created this filter file for fail2ban (/etc/fail2ban/filter.d/deluge-web.conf):

Code: Select all

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf


[Definition]

_daemon = deluge-web

failregex = .*ERROR.* Login failed from <HOST>


And added this to the end of /etc/fail2ban/jail.conf:

Code: Select all

[deluge-web]

enabled  = true
port     = 8112
filter   = deluge-web
action   = iptables[name=deluge-web, port=8112, protocol=tcp]
logpath  = /var/log/deluge/web/error.log
maxretry = 5


Then reload fail2ban:

Code: Select all

sudo fail2ban-client reload


And that worked. After 5 failed logins at the WebUI the offending IP will be firewalled. Since I have port forwarding set so that the WebUI is accessible from the internet, this should prevent brute force login attempts.

EdoubleDee
New User
New User
Posts: 2
Joined: Tue Mar 21, 2017 11:17 pm
OS or Distro: Raspbian Jessie

Re: Are Web UI password errors logged?

Postby EdoubleDee » Tue Mar 21, 2017 11:29 pm

The above is a bit outdated. I tried to get it to work but I get a fail2ban error. (ERROR Unable to contact server. Is it running?) Can anyone help me resolve this?
I did the following on Raspbian Jessie:

Code: Select all

PORT_DELUGE=8112
DELUGE_USER=pi
apt-get install deluged deluge-console deluge deluge-web fail2ban

# Run on Startup: https://www.howtogeek.com/142044/how-to-turn-a-raspberry-pi-into-an-always-on-bittorrent-box/
wget -O /etc/default/deluge-daemon https://www.howtogeek.com/wp-content/uploads/gg/up/sshot5151a8c86fb85.txt
sed -i "s/DELUGED_USER=\"pi\"/DELUGED_USER=\"${DELUGE_USER}\"/" /etc/default/deluge-daemon
chmod 755 /etc/default/deluge-daemon
wget -O /etc/init.d/deluge-daemon https://www.howtogeek.com/wp-content/uploads/gg/up/sshot5151aa042ad11.txt
chmod 755 /etc/init.d/deluge-daemon
update-rc.d deluge-daemon defaults

DELUGE_INSTALL_LOCATION=/usr/lib/python2.7/dist-packages/deluge
DELUGE_ERROR_LOG_LOCATION=/var/log/deluge/web/error.log
   
#nano /usr/lib/python2.7/dist-packages/deluge/ui/web/auth.py
DELUGE_LOG_ERROR_MESSAGE=$(grep log.error $DELUGE_INSTALL_LOCATION/ui/web/auth.py | cut -d"'" -f2)
   
# modify the startup script so that it will log errors in deluge-web (line 24 of /etc/init.d/deluge-daemon)
sed -i "/DAEMON2_ARGS=/c\DAEMON2_ARGS=\"-L error -l $DELUGE_ERROR_LOG_LOCATION\"" /etc/init.d/deluge-daemon
service deluge-daemon start

# Create the Deluge-filter for fail2ban
#nano /etc/fail2ban/filter.d/deluge-web.conf
cat > /etc/fail2ban/filter.d/deluge-web.conf <<EOF
[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = deluge-daemon

failregex = .*ERROR.* Login failed from ${DELUGE_LOG_ERROR_MESSAGE/\%s/<HOST>}
ignoreregex =
EOF
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak
#nano /etc/fail2ban/jail.conf
cat >> /etc/fail2ban/jail.conf <<EOF

[deluge-web]
enabled  = true
port     = $PORT_DELUGE
filter   = deluge-web
action   = iptables[name=deluge-web, port=$PORT_DELUGE, protocol=tcp]
logpath  = $DELUGE_ERROR_LOG_LOCATION
maxretry = 5
EOF
service fail2ban restart
fail2ban-client status deluge-web


Does anyone know what is wrong with the fail2ban config?

EdoubleDee
New User
New User
Posts: 2
Joined: Tue Mar 21, 2017 11:17 pm
OS or Distro: Raspbian Jessie

Re: Are Web UI password errors logged?

Postby EdoubleDee » Wed Mar 22, 2017 1:18 am

I also tried to find an error message for the daemon but the error does not include the host:

Code: Select all

[INFO    ] 14:15:09 rpcserver:204 Deluge Client connection made from: 192.168.1.2:64503
[ERROR   ] 14:15:09 rpcserver:266 Username does not exist
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/deluge/core/rpcserver.py", line 260, in dispatch
    ret = component.get("AuthManager").authorize(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/deluge/core/authmanager.py", line 87, in authorize
    raise BadLoginError("Username does not exist")
BadLoginError: Username does not exist
[INFO    ] 14:15:09 rpcserver:224 Deluge client disconnected: Connection to the other side was lost$
[INFO    ] 14:16:03 rpcserver:204 Deluge Client connection made from: 192.168.1.2:64788
[ERROR   ] 14:16:03 rpcserver:266 Password does not match
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/deluge/core/rpcserver.py", line 260, in dispatch
    ret = component.get("AuthManager").authorize(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/deluge/core/authmanager.py", line 93, in authorize
    raise BadLoginError("Password does not match")
BadLoginError: Password does not match
[INFO    ] 14:16:03 rpcserver:224 Deluge client disconnected: Connection to the other side was lost$


ovidiu.birgu
New User
New User
Posts: 1
Joined: Tue May 16, 2017 6:22 am
OS or Distro: Ubuntu
Location: Turin
Contact:

Re: Are Web UI password errors logged?

Postby ovidiu.birgu » Tue May 16, 2017 9:21 am

I was having problems with the solution above, so I made an updated version (operating system: ubuntu 16.04.02 with systemd) .
more information can be found here:
http://dev.deluge-torrent.org/wiki/UserGuide/Service/systemd

install deluge web ui

Code: Select all

sudo apt-get install deluged deluge-web


create Deluge Daemon (deluged) Service

Code: Select all

nano /etc/systemd/system/deluged.service

content

Code: Select all

[Unit]
Description=Deluge Bittorrent Client Daemon
After=network-online.target

[Service]
Type=simple
User=ubuntu
Group=ubuntu
UMask=007

ExecStart=/usr/bin/deluged -d

Restart=on-failure

# Configures the time to wait before service is stopped forcefully.
TimeoutStopSec=300

[Install]
WantedBy=multi-user.target


Now enable it to start up on boot, start the service and verify it is running

Code: Select all

systemctl enable /etc/systemd/system/deluged.service
systemctl start deluged
systemctl status deluged


create Deluge Web UI (deluge-web) Service

Code: Select all

nano /etc/systemd/system/deluge-web.service

content

Code: Select all

[Unit]
Description=Deluge Bittorrent Client Web Interface
After=network-online.target

[Service]
Type=simple
User=ubuntu
Group=ubuntu
UMask=027

ExecStart=/usr/bin/deluge-web -l /var/log/deluge/web/error.log -L error

Restart=on-failure

[Install]
WantedBy=multi-user.target


Now enable it to start up on boot, start the service and verify it is running

Code: Select all

systemctl enable /etc/systemd/system/deluge-web.service
systemctl start deluge-web
systemctl status deluge-web


modify deluge so that it logs errors

Code: Select all

nano /usr/lib/python2.7/dist-packages/deluge/ui/web/auth.py


content

Code: Select all

    @export(AUTH_LEVEL_NONE)
    def login(self, password):
        """
        Test a password to see if it's valid.

        :param password: the password to test
        :type password: string
        :returns: a session id or False
        :rtype: string or False
        """
        if self.check_password(password):
            log.info('Login success (ClientIP %s)', __request__.getClientIP())
            return self._create_session(__request__)
        else:
            log.error('Login failed (ClientIP %s)', __request__.getClientIP())
            return False


change format of error log entries so that time appears first

Code: Select all

nano /usr/lib/python2.7/dist-packages/deluge/log.py


content

Code: Select all

def setupLogger(level="error", filename=None, filemode="w"):
    """
    Sets up the basic logger and if `:param:filename` is set, then it will log
    to that file instead of stdout.

    :param level: str, the level to log
    :param filename: str, the file to log to
    """

    if not level or level not in levels:
        level = "error"

    logging.basicConfig(
        level=levels[level],
        format="%(asctime)s %(levelname)-8s %(module)s:%(lineno)d %(message)s",
        datefmt="%H:%M:%S",
        filename=filename,
        filemode=filemode
    )


test that logging works

Code: Select all

cat /var/log/deluge/web/error.log


sample output

Code: Select all

21:47:53 ERROR    auth:330 Login failed (ClientIP 192.168.1.15)


install fail2ban

Code: Select all

sudo apt-get install fail2ban


create new fail2ban jail in jails section

Code: Select all

nano /etc/fail2ban/jail.local


content

Code: Select all

[deluge-web]
enabled  = true
port     = 8112
filter   = deluge-web
action   = iptables[name=deluge-web, port=8112, protocol=tcp]
logpath  = /var/log/deluge/web/error.log
maxretry = 2


create filter configuration for deluge jail

Code: Select all

nano /etc/fail2ban/filter.d/deluge-web.conf


content

Code: Select all

[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]
_daemon = deluge-web
failregex = .*ERROR.* Login failed .*ClientIP <HOST>.*


restart fail2ban

Code: Select all

sudo service fail2ban stop
sudo service fail2ban start


check if it works

Code: Select all

cat /var/log/fail2ban.log
sudo fail2ban-client status deluge-web


Return to “Support”

Who is online

Users browsing this forum: Bing [Bot] and 4 guests