pfSense Gold Subscription

Poll

Is there anyone interested in such a feature? If so how much would you be willing to donate?

None - Not interested
3 (33.3%)
Interested
4 (44.4%)
Highly Interested ~ $20
1 (11.1%)
Very Interested ~ $30
0 (0%)
Extremely Interested ~ $50+
1 (11.1%)

Total Members Voted: 9

Voting closed: April 24, 2016, 06:48:11 am

Author Topic: Failed Login Alerts via e-mail notification  (Read 2315 times)

0 Members and 1 Guest are viewing this topic.

Offline Visseroth

  • Sr. Member
  • ****
  • Posts: 308
  • Karma: +7/-1
    • View Profile
Failed Login Alerts via e-mail notification
« on: January 25, 2016, 05:48:11 am »
This is a feature that would notify if someone is trying to break into the firewall if there are to many failed login attempts within x amount of seconds.
For those running multiple firewalls at multiple locations this would be EXTREMELY handy because having the firewall push syslogs to a central site just isn't practical unless those logs are also being filtered.
My thought was that this would include Web GUI and SSH failed login attempts.
Heck, if you could just set, "If you see this string then execute this action", that would even work. Because then the notifications could be customized for all sorts of stuff! Downed link(s), errors, ect.

Thoughts? Anyone willing to donate? I am! I'm not rich but I'd be willing to send $50+

Offline haddock

  • Jr. Member
  • **
  • Posts: 29
  • Karma: +1/-0
    • View Profile
Re: Failed Login Alerts via e-mail notification
« Reply #1 on: January 26, 2016, 09:51:46 am »
Any sensible user would firewall down management of the firewall to start with.

In my world centralized syslog with triggers/filters would be the way to go. I can recommend the ELK-stack to solve that.

Offline Visseroth

  • Sr. Member
  • ****
  • Posts: 308
  • Karma: +7/-1
    • View Profile
Re: Failed Login Alerts via e-mail notification
« Reply #2 on: January 26, 2016, 10:54:09 am »
I completely agree, on a enterprise or network where there is always IT staff, but the firewalls I have in place are managed by me, I'm a 1 man crew 99% of the time managing multiple small networks which don't have syslog servers.

Offline haddock

  • Jr. Member
  • **
  • Posts: 29
  • Karma: +1/-0
    • View Profile
Re: Failed Login Alerts via e-mail notification
« Reply #3 on: February 02, 2016, 02:57:22 am »
Well, even a 1 man army can register a dynamic DNS.

Here, have a free tip on me:

Register a free dyndns service of your choice (I can recommend https://freedns.afraid.org/ ).

Create an alias in each of your managed pfsense installs with the FQDN of your DNS.

Create a firewall rule to allow external management of your firewalls using your newly created alias as source adress.

Delete any other external management rules that you may have created.

Now configure the site where you spend most of your time to update your dyndns record.

If you are on any other site and need to manage any of the pfsense installs, VPN to your primary site (either push default route there, or just push routes to your managed firewalls.)

Boom! A much more secure setup and no more failed login attempts.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21373
  • Karma: +1431/-26
    • View Profile
Re: Failed Login Alerts via e-mail notification
« Reply #4 on: February 02, 2016, 07:38:25 am »
As others have said, do not expose the GUI and SSH to the world -- ssh may be OK using key-based auth, not password auth, but even so it's best to use a VPN.

While knowing about failed login attempts is good, being reactionary to that is bad. The system will automatically shut out bad attempts from an IP address after a few failures, but it's best not to expose it at all. Using a distributed system it could still be possible for someone to brute force things, especially if you use weak passwords.

Spend a couple moments per site to setup a proper VPN that you can use to remote in and manage and you'll be much better off. DynDNS filtering for a rule is OK but not as secure as a VPN.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline dcol

  • Full Member
  • ***
  • Posts: 193
  • Karma: +7/-5
    • View Profile
Re: Failed Login Alerts via e-mail notification
« Reply #5 on: October 04, 2017, 10:31:35 am »
It would be nice if we were notified about anything. There is no documentation anywhere stating which alerts trigger an email. Also, there should be a GUI letting us choose which alerts to turn on/off, if there are any.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21373
  • Karma: +1431/-26
    • View Profile
Re: Failed Login Alerts via e-mail notification
« Reply #6 on: October 04, 2017, 10:35:59 am »
Please keep your posts in a single, relevant thread. Spamming across a half dozen threads is not going to win anyone over. Locking this.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!