Lxd failled authentication attempts logs

Hi there,

I am trying to find some logs I could feed to fail2ban in order to block undesired attempt to authenticate on the lxd service.

I am using snap 3.1 version of LXD. And had a look at:

• /var/log/auth.log
• /var/log/syslog
• /var/snap/lxd/common/lxd/logs/lxd.log

unfortunatelly nothing refers to any authentication failure.

I did also inspect on the lxd server side with lxc monitor but nothing relevant seems to be logged there neitger:

lxc monitor
metadata:
  context: {}
  level: dbug
  message: 'New event listener: 55b4dc90-...'
timestamp: "2018-06-14T19:29:10.340447871Z"
type: logging


metadata:
  context:
    ip: x.x.x.x:56864
    url: /1.0
  level: dbug
  message: allowing untrusted GET
timestamp: "2018-06-14T19:29:12.971565317Z"
type: logging


metadata:
  context:
    ip: x.x.x.x:56866
    url: /1.0
  level: dbug
  message: allowing untrusted GET
timestamp: "2018-06-14T19:29:13.034282642Z"
type: logging


metadata:
  context:
    ip: x.x.x.x:56868
    url: /1.0/certificates
  level: dbug
  message: allowing untrusted POST
timestamp: "2018-06-14T19:29:14.32007926Z"
type: logging

Any hints where these kind of events are logged?

metadata:
  context:
    ip: 127.0.0.1:33680
  level: warn
  message: rejecting request from untrusted client
timestamp: "2018-06-19T00:52:59.664274262-04:00"
type: logging

That’s what you’ll get if someone attempts to access an authenticated endpoint without presenting a valid certificate. You can trigger this with:

curl -k https://127.0.0.1:8443/1.0/containers

Warnings should be logged in lxd.log

Hi Stephane,

Thanks for your answer.
What I tried to prevent is more the people hammering the server with trying out password like:

lxc remote add alxd https://alxd.foobar.com:8443 --accept-certificate --password foobar

This seems not to be logged into the lxd.log file…

Ah yeah, we should be logging a warning when someone gives us a bad password, feel free to open an issue at https://github.com/lxc/lxd/issues about that.