Feature Request: More security-related info sent to console/logged by the network portal
See original GitHub issueBrief summary of issue / Description of requested feature:
As mentioned in #1375 , failed login attempts and temporary account lock-outs are not sent to console or logged, nor are connections that never reach the login authentication point.
Reasons for adding feature:
Security in the form of malicious activity detection/documentation, and getting a better idea of who/how many connections never result in any login attempt, failed or otherwise.
Error output / Expected result of feature
Similar to the entry for a successful login:
2417-04-30T06:33:20+0000 [AMPProtocol,0,127.0.0.1] [..] Logged in: Golem(player 17) 8.282.39.12 (1 session(s) total)
Perhaps something like:
2417-04-30T06:33:20+0000 [AMPProtocol,0,127.0.0.1] [..] Failed to log in: Golem(player 17) 8.282.39.12 (1 session(s) total)
and
2417-04-30T06:33:20+0000 [AMPProtocol,0,127.0.0.1] [..] Connection established with 8.282.39.12 (1 session(s) from that address total)
Finally, something similar for a temporary account lockout on multiple login failures:
2417-04-30T06:33:20+0000 [AMPProtocol,0,127.0.0.1] [..] Locked out: Golem(player 17) 8.282.39.12 (5 failed login attempts total in last 2 minutes)
Extra information, such as Evennia revision/repo/branch, operating system and ideas for how to solve / implement:
master/devel branch as appropriate, though this doesn’t seem like a major change.
<bountysource-plugin>Want to back this issue? Post a bounty on it! We accept bounties via Bountysource. </bountysource-plugin>
Issue Analytics
- State:
- Created 6 years ago
- Reactions:1
- Comments:9 (8 by maintainers)
Top GitHub Comments
This is a feature that should be present, but I would add some additional thoughts:
As in most things with Evennia, within reason, features should be designed around the lowest level of technical understanding that we could put them at while still being useful. If more advanced users want more advanced behavior, that should be up to them to introduce. For example, with a syslog-formatted log file of security events, one could create a dashboard with Kibana and Logstash and even have automated alerts.
I think this is implemented. We are still missing a per-account IP store as suggested in #1375.