You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Alain Palamara <al...@ces.ch> on 2009/03/26 08:32:59 UTC
Login failure tracking
Hi all,
I'm using svnserve as a service on our server and try to control repositories
accesses by the way of the password and authz files. I set all the hooks
scripts to log activity (in a process to learn more what I can do, for now)
and one thing that I saw, is in case of a authorization failure, is that nothing
is reported by my hooks (start-commit, pre-commit, post-commit, pre-revprop-change,
post-rev-prop-change, pre-lock, post-lock, pre-unlock, post-unlock).
First of all, did I miss a hook script?
Is there a way to catch the autentication phase?
Thanks,
Alain
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1427097
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re[2]: Login failure tracking
Posted by Andrey Repin <an...@freemail.ru>.
Greetings, Alain Palamara!
AP> Does it mean there is no way to automatically block a brute force attack
AP> (someone trying a username with a lot of passwords)?
If you want a good level of control over authorization, you better use Apache.
It has logs...
[Sat Mar 28 03:11:34 2009] [error] [client 192.168.1.10] (OS 1326)Logon failure: unknown user name or bad password. : user xxxx
--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 28.03.2009, <17:43>
Sorry for my terrible english...
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1456939
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Login failure tracking
Posted by Alain Palamara <al...@ces.ch>.
>> Hi all,
>>
>> I'm using svnserve as a service on our server and try to control repositories
>> accesses by the way of the password and authz files. I set all the hooks
>> scripts to log activity (in a process to learn more what I can do, for now)
>> and one thing that I saw, is in case of a authorization failure, is that nothing
>> is reported by my hooks (start-commit, pre-commit, post-commit, pre-revprop-change,
>> post-rev-prop-change, pre-lock, post-lock, pre-unlock, post-unlock).
>>
>> First of all, did I miss a hook script?
>>
>
>svnserve --log-file
>
>(in 1.6)
>
>> Is there a way to catch the autentication phase?
>>
>
>Log it? There are no "on-failed-auth" hooks.
Of course I don't want to log it, I just need to track unsuccessful attempt.
Does it mean there is no way to automatically block a brute force attack
(someone trying a username with a lot of passwords)?
>> Thanks, Alain
>>
>> ------------------------------------------------------
>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1427097
>>
>> To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
>>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1427526
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Login failure tracking
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
Alain Palamara wrote on Thu, 26 Mar 2009 at 09:32 +0100:
> Hi all,
>
> I'm using svnserve as a service on our server and try to control repositories
> accesses by the way of the password and authz files. I set all the hooks
> scripts to log activity (in a process to learn more what I can do, for now)
> and one thing that I saw, is in case of a authorization failure, is that nothing
> is reported by my hooks (start-commit, pre-commit, post-commit, pre-revprop-change,
> post-rev-prop-change, pre-lock, post-lock, pre-unlock, post-unlock).
>
> First of all, did I miss a hook script?
>
svnserve --log-file
(in 1.6)
> Is there a way to catch the autentication phase?
>
Log it? There are no "on-failed-auth" hooks.
> Thanks, Alain
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1427097
>
> To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1427252
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].