function security_review_check_failed_logins in Security Review 7
Same name and namespace in other branches
- 6 security_review.inc \security_review_check_failed_logins()
1 call to security_review_check_failed_logins()
1 string reference to 'security_review_check_failed_logins'
- _security_review_security_checks in ./
security_review.inc - Core Security Review's checks.
File
- ./
security_review.inc, line 427 - Stand-alone security checks and review system.
Code
function security_review_check_failed_logins($last_check = NULL) {
$result = TRUE;
$timestamp = NULL;
$check_result_value = array();
$query = db_select('watchdog', 'w')
->fields('w', array(
'message',
'hostname',
))
->condition('type', 'php')
->condition('severity', WATCHDOG_NOTICE);
if (isset($last_check['lastrun'])) {
$query
->condition('timestamp', $last_check['lastrun'], '>=');
}
$result = $query
->execute();
foreach ($result as $row) {
if (strpos($row->message, 'Login attempt failed') !== FALSE) {
$entries[$row->hostname][] = $row;
}
}
if (!empty($entries)) {
foreach ($entries as $ip => $records) {
if (count($records) > 10) {
$check_result_value[] = $ip;
}
}
}
if (!empty($check_result_value)) {
$result = FALSE;
}
else {
// Rather than worrying the user about the idea of failed logins we skip reporting a pass.
$result = NULL;
}
return array(
'result' => $result,
'value' => $check_result_value,
);
}