Auth_failure_listeners

ogulman · November 22, 2019, 2:34pm

There is no documentation that describes how to configure auth_failure_listeners, with demo configuration it didn’t work:

      auth_failure_listeners:
        ip_rate_limiting:
          type: ip
          allowed_tries: 10
          time_window_seconds: 3600
          block_expiry_seconds: 600
          max_blocked_clients: 100000
          max_tracked_clients: 100000
        internal_authentication_backend_limiting:
          type: username
          authentication_backend: intern
          allowed_tries: 10
          time_window_seconds: 3600
          block_expiry_seconds: 600
          max_blocked_clients: 100000
          max_tracked_clients: 100000

pls, share knowledge about it, thanks

Anthony · May 20, 2021, 12:36pm

@ogulman Did you get this resolved? If not which version of odfe are you using?

ogulman · May 20, 2021, 12:50pm

@Anthony No, I’ve not. odfe 1.7

Anthony · May 20, 2021, 1:15pm

@ogulman I just tested it with this version and it works as expected.

authz:    
  ....
auth_failure_listeners:
  ip_rate_limiting:
    type: ip
    allowed_tries: 3
    time_window_seconds: 3600
    block_expiry_seconds: 20
    max_blocked_clients: 100000
    max_tracked_clients: 100000
  internal_authentication_backend_limiting:
    type: username
    authentication_backend: internal        
    allowed_tries: 3
    time_window_seconds: 3600
    block_expiry_seconds: 20
    max_blocked_clients: 100000
    max_tracked_clients: 100000

Try to use the above in config.yml, don’t forget to upload new configuration using securityadmin.sh script, then enter wrong password for admin user 5 times, then enter correct password - it should fail until block_expiry_seconds is reached.

If that doesn’t work, can describe the behaviour you are seeing?

ogulman · May 20, 2021, 3:01pm

Starting from 1.0.* odfe save settings into an index, and If I run securityadmin.sh, it will overwrite all my settings that were done from UI.
Currently, I don’t know how to deal with it.

Anthony · May 20, 2021, 3:13pm

@ogulman You can extract/backup the current settings in the index using -r (–retrieve) option with securityadmin.sh script:

./securityadmin.sh -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ -icl -nhnv -cacert /usr/share/elasticsearch/config/root-ca.pem -cert /usr/share/elasticsearch/config/kirk.pem -key /usr/share/elasticsearch/config/kirk-key.pem -h localhost -r

You can then update the config with necessary details and upload it using same command without “-r” option.

Ensure to try this on dev environment first

Topic		Replies	Views
Auth_failure_listeners type: ip not working Security	2	374	April 21, 2022
Authentication Limitation Security	1	593	May 19, 2021
Securityadmin.sh expired certificates how to recover Security	2	1618	November 18, 2020
Getting error in Elasticsearch log saying "Authentication finally failed for null from " Security	1	1048	March 16, 2021
Block user/ip range via API or configurate Security	4	372	May 3, 2021

Auth_failure_listeners

Related Topics