Are Web UI password errors logged?
Are Web UI password errors logged?
If someone uses the wrong password when attempting to use the web UI, is that logged anywhere? I tried all available log levels when starting deluge-web, then put in the wrong password at the web UI, but didn't see it in the logs.
In case it matters, the reason I'm asking is because I'd like to integrate it into fail2ban ( http://www.fail2ban.org/wiki/index.php/Main_Page )
In case it matters, the reason I'm asking is because I'd like to integrate it into fail2ban ( http://www.fail2ban.org/wiki/index.php/Main_Page )
Re: Are Web UI password errors logged?
No not currently but it is quite trivial to add to webui by adding the following line just before the last line of auth.py
This is how it should look:
and the resulting log message:
Code: Select all
log.error('Login failed (ClientIP %s)', __request__.getClientIP())
Code: Select all
if self.check_password(password):
return self._create_session(__request__)
else:
log.error('Login failed (ClientIP %s)', __request__.getClientIP())
return False
Code: Select all
[ERROR ] 11:59:30 auth:325 Login failed (ClientIP 127.0.0.1)
Re: Are Web UI password errors logged?
Thanks, the log entry that you posted is exactly what I want. But I wasn't able to get it to output that entry. Here's what I have:
Then I try to log in to the webui with the wrong password, which it rejects, but /var/log/deluge/web/error.log is still empty. Do you know what I'm missing?
Code: Select all
$ tail -5 /usr/share/pyshared/deluge/ui/web/auth.py
if self.check_password(password):
return self._create_session(__request__)
else:
log.error('Login failed (ClientIP %s)', __request__.getClientIP())
return False
$ grep DAEMON2_ARGS= /etc/init.d/deluge-daemon
DAEMON2_ARGS="-L error -l /var/log/deluge/web/error.log"
$ /etc/init.d/deluge-daemon restart
* Restarting Deluge Daemon deluged [ OK ]
Re: Are Web UI password errors logged?
You need to be logging deluge-web not deluged.
Re: Are Web UI password errors logged?
As it turned out, I had everything set up correctly, but deluge-web hadn't restarted. I thought the init script would've done that, but it didn't. After I killed off deluge-web and started it up again it started logging the way I want. Thanks!
Re: Are Web UI password errors logged?
In case anyone sees this from google or anyone else wants to get fail2ban to work with deluge-web, here's what I ended up doing:
I'm running Ubuntu 12.04, with deluge installed from apt-get, so the locations of files may vary if you are using something else, I guess.
I set line 325 of /usr/share/pyshared/deluge/ui/web/auth.py to basicly what Cas said above:
I modified the startup script so that it would log errors in deluge-web (line 24 of /etc/init.d/deluge-daemon):
Then install fail2ban.
fail2ban wouldn't work without having the timestamp at the beginning of the line, so I changed the log format of deluge so that it would do that. Line 62 of /usr/share/pyshared/deluge/log.py:
If Cas or anyone else has a reason why I shouldn't have changed that, please let me know.
Then restart deluge-web, as I failed to do initially, and deluge-web should be logging in a way that fail2ban can work with. Then I created this filter file for fail2ban (/etc/fail2ban/filter.d/deluge-web.conf):
And added this to the end of /etc/fail2ban/jail.conf:
Then reload fail2ban:
And that worked. After 5 failed logins at the WebUI the offending IP will be firewalled. Since I have port forwarding set so that the WebUI is accessible from the internet, this should prevent brute force login attempts.
I'm running Ubuntu 12.04, with deluge installed from apt-get, so the locations of files may vary if you are using something else, I guess.
I set line 325 of /usr/share/pyshared/deluge/ui/web/auth.py to basicly what Cas said above:
Code: Select all
log.error('Login failed from %s', __request__.getClientIP())
Code: Select all
DAEMON2_ARGS="-L error -l /var/log/deluge/web/error.log"
fail2ban wouldn't work without having the timestamp at the beginning of the line, so I changed the log format of deluge so that it would do that. Line 62 of /usr/share/pyshared/deluge/log.py:
Code: Select all
format="%(asctime)s %(levelname)-8s %(module)s:%(lineno)d %(message)s",
Then restart deluge-web, as I failed to do initially, and deluge-web should be logging in a way that fail2ban can work with. Then I created this filter file for fail2ban (/etc/fail2ban/filter.d/deluge-web.conf):
Code: Select all
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = deluge-web
failregex = .*ERROR.* Login failed from <HOST>
Code: Select all
[deluge-web]
enabled = true
port = 8112
filter = deluge-web
action = iptables[name=deluge-web, port=8112, protocol=tcp]
logpath = /var/log/deluge/web/error.log
maxretry = 5
Code: Select all
sudo fail2ban-client reload
-
- New User
- Posts: 2
- Joined: Tue Mar 21, 2017 11:17 pm
Re: Are Web UI password errors logged?
The above is a bit outdated. I tried to get it to work but I get a fail2ban error. (ERROR Unable to contact server. Is it running?) Can anyone help me resolve this?
I did the following on Raspbian Jessie:
Does anyone know what is wrong with the fail2ban config?
I did the following on Raspbian Jessie:
Code: Select all
PORT_DELUGE=8112
DELUGE_USER=pi
apt-get install deluged deluge-console deluge deluge-web fail2ban
# Run on Startup: https://www.howtogeek.com/142044/how-to-turn-a-raspberry-pi-into-an-always-on-bittorrent-box/
wget -O /etc/default/deluge-daemon https://www.howtogeek.com/wp-content/uploads/gg/up/sshot5151a8c86fb85.txt
sed -i "s/DELUGED_USER=\"pi\"/DELUGED_USER=\"${DELUGE_USER}\"/" /etc/default/deluge-daemon
chmod 755 /etc/default/deluge-daemon
wget -O /etc/init.d/deluge-daemon https://www.howtogeek.com/wp-content/uploads/gg/up/sshot5151aa042ad11.txt
chmod 755 /etc/init.d/deluge-daemon
update-rc.d deluge-daemon defaults
DELUGE_INSTALL_LOCATION=/usr/lib/python2.7/dist-packages/deluge
DELUGE_ERROR_LOG_LOCATION=/var/log/deluge/web/error.log
#nano /usr/lib/python2.7/dist-packages/deluge/ui/web/auth.py
DELUGE_LOG_ERROR_MESSAGE=$(grep log.error $DELUGE_INSTALL_LOCATION/ui/web/auth.py | cut -d"'" -f2)
# modify the startup script so that it will log errors in deluge-web (line 24 of /etc/init.d/deluge-daemon)
sed -i "/DAEMON2_ARGS=/c\DAEMON2_ARGS=\"-L error -l $DELUGE_ERROR_LOG_LOCATION\"" /etc/init.d/deluge-daemon
service deluge-daemon start
# Create the Deluge-filter for fail2ban
#nano /etc/fail2ban/filter.d/deluge-web.conf
cat > /etc/fail2ban/filter.d/deluge-web.conf <<EOF
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = deluge-daemon
failregex = .*ERROR.* Login failed from ${DELUGE_LOG_ERROR_MESSAGE/\%s/<HOST>}
ignoreregex =
EOF
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak
#nano /etc/fail2ban/jail.conf
cat >> /etc/fail2ban/jail.conf <<EOF
[deluge-web]
enabled = true
port = $PORT_DELUGE
filter = deluge-web
action = iptables[name=deluge-web, port=$PORT_DELUGE, protocol=tcp]
logpath = $DELUGE_ERROR_LOG_LOCATION
maxretry = 5
EOF
service fail2ban restart
fail2ban-client status deluge-web
-
- New User
- Posts: 2
- Joined: Tue Mar 21, 2017 11:17 pm
Re: Are Web UI password errors logged?
I also tried to find an error message for the daemon but the error does not include the host:
Code: Select all
[INFO ] 14:15:09 rpcserver:204 Deluge Client connection made from: 192.168.1.2:64503
[ERROR ] 14:15:09 rpcserver:266 Username does not exist
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/deluge/core/rpcserver.py", line 260, in dispatch
ret = component.get("AuthManager").authorize(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/deluge/core/authmanager.py", line 87, in authorize
raise BadLoginError("Username does not exist")
BadLoginError: Username does not exist
[INFO ] 14:15:09 rpcserver:224 Deluge client disconnected: Connection to the other side was lost$
[INFO ] 14:16:03 rpcserver:204 Deluge Client connection made from: 192.168.1.2:64788
[ERROR ] 14:16:03 rpcserver:266 Password does not match
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/deluge/core/rpcserver.py", line 260, in dispatch
ret = component.get("AuthManager").authorize(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/deluge/core/authmanager.py", line 93, in authorize
raise BadLoginError("Password does not match")
BadLoginError: Password does not match
[INFO ] 14:16:03 rpcserver:224 Deluge client disconnected: Connection to the other side was lost$
Re: Are Web UI password errors logged?
I was having problems with the solution above, so I made an updated version (operating system: ubuntu 16.04.02 with systemd) .
more information can be found here:
http://dev.deluge-torrent.org/wiki/User ... ce/systemd
install deluge web ui
create Deluge Daemon (deluged) Service
content
Now enable it to start up on boot, start the service and verify it is running
create Deluge Web UI (deluge-web) Service
content
Now enable it to start up on boot, start the service and verify it is running
modify deluge so that it logs errors
content
change format of error log entries so that time appears first
content
test that logging works
sample output
install fail2ban
create new fail2ban jail in jails section
content
create filter configuration for deluge jail
content
restart fail2ban
check if it works
more information can be found here:
http://dev.deluge-torrent.org/wiki/User ... ce/systemd
install deluge web ui
Code: Select all
sudo apt-get install deluged deluge-web
Code: Select all
nano /etc/systemd/system/deluged.service
Code: Select all
[Unit]
Description=Deluge Bittorrent Client Daemon
After=network-online.target
[Service]
Type=simple
User=ubuntu
Group=ubuntu
UMask=007
ExecStart=/usr/bin/deluged -d
Restart=on-failure
# Configures the time to wait before service is stopped forcefully.
TimeoutStopSec=300
[Install]
WantedBy=multi-user.target
Code: Select all
systemctl enable /etc/systemd/system/deluged.service
systemctl start deluged
systemctl status deluged
Code: Select all
nano /etc/systemd/system/deluge-web.service
Code: Select all
[Unit]
Description=Deluge Bittorrent Client Web Interface
After=network-online.target
[Service]
Type=simple
User=ubuntu
Group=ubuntu
UMask=027
ExecStart=/usr/bin/deluge-web -l /var/log/deluge/web/error.log -L error
Restart=on-failure
[Install]
WantedBy=multi-user.target
Code: Select all
systemctl enable /etc/systemd/system/deluge-web.service
systemctl start deluge-web
systemctl status deluge-web
Code: Select all
nano /usr/lib/python2.7/dist-packages/deluge/ui/web/auth.py
Code: Select all
@export(AUTH_LEVEL_NONE)
def login(self, password):
"""
Test a password to see if it's valid.
:param password: the password to test
:type password: string
:returns: a session id or False
:rtype: string or False
"""
if self.check_password(password):
log.info('Login success (ClientIP %s)', __request__.getClientIP())
return self._create_session(__request__)
else:
log.error('Login failed (ClientIP %s)', __request__.getClientIP())
return False
Code: Select all
nano /usr/lib/python2.7/dist-packages/deluge/log.py
Code: Select all
def setupLogger(level="error", filename=None, filemode="w"):
"""
Sets up the basic logger and if `:param:filename` is set, then it will log
to that file instead of stdout.
:param level: str, the level to log
:param filename: str, the file to log to
"""
if not level or level not in levels:
level = "error"
logging.basicConfig(
level=levels[level],
format="%(asctime)s %(levelname)-8s %(module)s:%(lineno)d %(message)s",
datefmt="%H:%M:%S",
filename=filename,
filemode=filemode
)
Code: Select all
cat /var/log/deluge/web/error.log
Code: Select all
21:47:53 ERROR auth:330 Login failed (ClientIP 192.168.1.15)
Code: Select all
sudo apt-get install fail2ban
Code: Select all
nano /etc/fail2ban/jail.local
Code: Select all
[deluge-web]
enabled = true
port = 8112
filter = deluge-web
action = iptables[name=deluge-web, port=8112, protocol=tcp]
logpath = /var/log/deluge/web/error.log
maxretry = 2
Code: Select all
nano /etc/fail2ban/filter.d/deluge-web.conf
Code: Select all
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = deluge-web
failregex = .*ERROR.* Login failed .*ClientIP <HOST>.*
Code: Select all
sudo service fail2ban stop
sudo service fail2ban start
Code: Select all
cat /var/log/fail2ban.log
sudo fail2ban-client status deluge-web
Re: Are Web UI password errors logged?
hello,
thank you for all this informations.
I'm using nginx as front proxy. this makes me unable to get the real ip.
I've made a ticket : https://dev.deluge-torrent.org/ticket/3363
but any help will be appreciate.
thank you for all this informations.
I'm using nginx as front proxy. this makes me unable to get the real ip.
I've made a ticket : https://dev.deluge-torrent.org/ticket/3363
but any help will be appreciate.