Hi Guys
If an approved user attempts to log in to WEBMIN we get an entry in /var/log/auth.log like
May 11 16:21:10 server1 perl: pam_unix(webmin:session): session opened for user domain by (uid=0)
May 11 16:21:10 domain webmin[1727]: Successful login as first.name.domain from 230..xxx.xxx.xxxCoded
If someone (unauthorised) attempts to log in to WEBMIN we get an entry in /var/log/auth.log like
May 11 12:34:32 server1 webmin[26336]: Non-existent login as xxx from 230..xxx.xxx.xxx
May 11 12:34:35 server1 webmin[26337]: Non-existent login as xxxaaa from 230..xxx.xxx.xxxCoded
If an approved user attempts to log in to USERMIN we get an entry in /var/log/auth.log like
May 11 15:18:38 server1 perl: pam_unix(usermin:session): session opened for user first.name.domain by (uid=0)
If someone (unauthorised) attempts to log in to USERMIN there appears to be nothing?
Where are the unauthorised attempts logged for USERMIN.
If they are not logged then they should be so that programs like fail2ban can be used to ban the IP Addresses. If USERMIN does not log failed attempts then this should be pointed out to the developers.
Thanks
Allan
I do see failed login attempts for valid users showing up in auth.log, though invalid users don't appear to show up.
As far as tools like fail2ban go -- you can always setup something similar within Usermin, which has the ability to deny IP addresses with too many failed login attempts. You can set that up by logging into Virtualmin, and going into Webmin -> Webmin -> Usermin Configuration -> Authentication.
From there, you can tweak the "Block hosts" lines there for whatever length you wish to block them for.
If your preference is to use fail2ban rather than Usermin's internal blocking, you may want to file a bug report using the Support link above, and Jamie can look into the issue of logging in Usermin.
-Eric