<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:41:05 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-16452] Failed login attempts should log source IP address</title>
                <link>https://jira.mongodb.org/browse/SERVER-16452</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;MongoDB does not log failed login attempts.&lt;/p&gt;

&lt;p&gt;For installations which need to be open to the public internet (for example because you have mobile clients), this makes it basically impossible to implement some sort of brute force prevention, like &lt;a href=&quot;http://www.fail2ban.org/wiki/index.php/Main_Page&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;fail2ban&lt;/a&gt;. Fail2Ban scans log files for failed login attempts and uses various mechanisms like iptables or libwrap (not applicable to mongodb) to locks ipadresses out after a certain amount of failed login attempts.&lt;/p&gt;</description>
                <environment></environment>
        <key id="173202">SERVER-16452</key>
            <summary>Failed login attempts should log source IP address</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="spencer.jackson@mongodb.com">Spencer Jackson</assignee>
                                    <reporter username="markus.mahlberg@icloud.com">Markus Mahlberg</reporter>
                        <labels>
                            <label>connection</label>
                    </labels>
                <created>Mon, 8 Dec 2014 13:28:24 +0000</created>
                <updated>Fri, 6 Jan 2017 02:46:15 +0000</updated>
                            <resolved>Wed, 18 Feb 2015 23:38:00 +0000</resolved>
                                    <version>2.6.5</version>
                                    <fixVersion>3.0.1</fixVersion>
                    <fixVersion>3.1.0</fixVersion>
                                    <component>Logging</component>
                    <component>Security</component>
                                        <votes>0</votes>
                                    <watches>12</watches>
                                                                                                                <comments>
                            <comment id="842240" author="xgen-internal-githook" created="Tue, 3 Mar 2015 23:35:29 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;spencerjackson&apos;, u&apos;name&apos;: u&apos;Spencer Jackson&apos;, u&apos;email&apos;: u&apos;spencer.jackson@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-16452&quot; title=&quot;Failed login attempts should log source IP address&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-16452&quot;&gt;&lt;del&gt;SERVER-16452&lt;/del&gt;&lt;/a&gt; Add IP address to authentication failure error message&lt;/p&gt;

&lt;p&gt;(cherry picked from commit 1cdc79db66bea34430da70c10b12ec61255da003)&lt;br/&gt;
Branch: v3.0&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/760211f7b8ab5a1cf3c75994255653530cf12285&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/760211f7b8ab5a1cf3c75994255653530cf12285&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="836929" author="spencer.jackson@10gen.com" created="Wed, 25 Feb 2015 15:35:15 +0000"  >&lt;p&gt;If we backport this to v3.0, we should probably hold it out of the initial release, and merge it into v3.0.1.&lt;/p&gt;</comment>
                            <comment id="832310" author="xgen-internal-githook" created="Wed, 18 Feb 2015 23:36:41 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;spencerjackson&apos;, u&apos;name&apos;: u&apos;Spencer Jackson&apos;, u&apos;email&apos;: u&apos;spencer.jackson@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-16452&quot; title=&quot;Failed login attempts should log source IP address&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-16452&quot;&gt;&lt;del&gt;SERVER-16452&lt;/del&gt;&lt;/a&gt; Add IP address to authentication failure error message&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/1cdc79db66bea34430da70c10b12ec61255da003&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/1cdc79db66bea34430da70c10b12ec61255da003&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="781753" author="markus.mahlberg@icloud.com" created="Tue, 9 Dec 2014 14:35:48 +0000"  >&lt;p&gt;Absolutely. Most brute force blockers parse single lines in the log file and extract the information needed. I would like to suggest to put the format as easy as possible something like &lt;tt&gt;&lt;em&gt;FAILED.*IP:_127.0.0.1&lt;/em&gt;&lt;/tt&gt; (the underscores denoting word boundaries) to make parsing efficient and easy to implement.&lt;/p&gt;

&lt;p&gt;Furthermore, if not already the case, the log messages should be sent via the security facility when using syslog instead of file based logging.&lt;/p&gt;

&lt;p&gt;I&apos;ll be happy to provide the according configuration for fail2ban and denyhosts (which would need &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-16453?filter=-2&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;SERVER-16453&lt;/a&gt; to be fixed, too.&lt;/p&gt;</comment>
                            <comment id="781227" author="schwerin" created="Mon, 8 Dec 2014 21:48:07 +0000"  >&lt;p&gt;MongoDB does log authentication failures, in 2.6 and 2.8.  However, it does not presently log the IP address of the attempt on the same log line as the failure message.  The IP address of the remote is currently logged only when the connection is established, and the authentication failure, is logged subsequently.  The lines can be linked by the unique integer identifying the connection (i.e., &lt;tt&gt;[conn123]&lt;/tt&gt;), but that&apos;s not useful for a regex parser.&lt;/p&gt;

&lt;p&gt;Would it suffice to add the IP address to the existing failure messages, &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=markus.mahlberg%40icloud.com&quot; class=&quot;user-hover&quot; rel=&quot;markus.mahlberg@icloud.com&quot;&gt;markus.mahlberg@icloud.com&lt;/a&gt;?&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="245514">SERVER-22054</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="343129">SERVER-27595</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="173203">SERVER-16453</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12451" key="com.atlassian.jira.plugin.system.customfieldtypes:multiversion">
                        <customfieldname>Backport Completed</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="14846">3.0.1</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 8 Dec 2014 14:08:56 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        8 years, 50 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>stephen.steneker@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            8 years, 50 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>schwerin@mongodb.com</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>markus.mahlberg@icloud.com</customfieldvalue>
            <customfieldvalue>spencer.jackson@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrlh7b:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrfoef:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3868</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="407">Security [00-02-20-15]</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hsgey7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>