The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Filter successful logins to cPanel and Webmail

Discussion in 'cPanel Developers' started by tracktor1, May 21, 2012.

  1. tracktor1

    tracktor1 Registered

    May 21, 2012
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hi guys!

    I am building a cPanel plugin that allow a customer define from which country a user can enter to the following services:

    - cPanel / Webmail
    - FTP
    - SFTP, SSH

    I built a daemon that monitor the logs in real time to find the first successful access from X IP, check the country and deny or allow the access to the service.

    I finished the plugin and it work fine but I have a problem checking the first successful access from X IP to cPanel / Webmail.

    With FTP and SSH is really simple, using "grep" with the log and I can locate the first access, for example for ssh:

     tail -F /var/log/secure | grep "Accepted"
    And I obtain:

    May 21 09:11:04 server sshd[233588]: Accepted password for USER from IP port 4970 ssh2
    But this is difficult with cPanel / Webmail access, I can not filter the first successful access after login. I want to minimize the number of checkings for reduce the resource usage of this daemon.

    I am using:

    tail -F /usr/local/cpanel/logs/access_log 
    | egrep --line-buffered  "HTTP\/1.(1|0)\" 200 0" 
    | egrep -v --line-buffered "|root" 
    | egrep --line-buffered -v ".jpg|.gif|.css|.js|.png|.ico"
    I think I cover all possible attempts to access, but I have too many duplicate records for the same IP.

    I want to avoid making further checks if the user already agreed and passed the first check. But without relying on a database or similar, I'd do the same as for other services, filtering logs.

    Any ideas to reduce the number of records to verify?

    P.S: I hope I explained well, sorry for my bad English


Share This Page