You are here

function security_review_check_failed_logins in Security Review 7

Same name and namespace in other branches
  1. 6 security_review.inc \security_review_check_failed_logins()
1 call to security_review_check_failed_logins()
SecurityReviewTestCase::testCheckResults in tests/security_review.test
1 string reference to 'security_review_check_failed_logins'
_security_review_security_checks in ./security_review.inc
Core Security Review's checks.

File

./security_review.inc, line 427
Stand-alone security checks and review system.

Code

function security_review_check_failed_logins($last_check = NULL) {
  $result = TRUE;
  $timestamp = NULL;
  $check_result_value = array();
  $query = db_select('watchdog', 'w')
    ->fields('w', array(
    'message',
    'hostname',
  ))
    ->condition('type', 'php')
    ->condition('severity', WATCHDOG_NOTICE);
  if (isset($last_check['lastrun'])) {
    $query
      ->condition('timestamp', $last_check['lastrun'], '>=');
  }
  $result = $query
    ->execute();
  foreach ($result as $row) {
    if (strpos($row->message, 'Login attempt failed') !== FALSE) {
      $entries[$row->hostname][] = $row;
    }
  }
  if (!empty($entries)) {
    foreach ($entries as $ip => $records) {
      if (count($records) > 10) {
        $check_result_value[] = $ip;
      }
    }
  }
  if (!empty($check_result_value)) {
    $result = FALSE;
  }
  else {

    // Rather than worrying the user about the idea of failed logins we skip reporting a pass.
    $result = NULL;
  }
  return array(
    'result' => $result,
    'value' => $check_result_value,
  );
}