Security section: Report on failed logins

[ywarnier]

As web security becomes more and more relevant, we need to start ramping up security measures to give Chamilo administrators tools to analyse their risks and defend against them.

We recently added in 1.11.18 the possibility to track and limit the number of login attempts (see 3fddcc0), but we still lack a screen to view those failed attempt and get a grasp of their importance.

Create a new block of links called "Security" in the main administration panel, with one link "Login attempts".

On the page, give a paginated list of login attempts (from track_e_login_record), plus a series of stats on top:

• Number of failed login attempts in the last 12 months, per month
• 5 top accounts (usernames) with most failed logins (with the number of failed logins) in the last month
• 5 top IP addresses with most failed logins (with the number of failed logins) in the last month

[ywarnier]

This is just a draft idea (it doesn't have the right charts), but it's there to help a little understand what I want to get to, roughly.

[christianbeeznest]

Implemented Security: Login attempts (Symfony controller + Twig): paginated table with filters (username/IP/date) from track_e_login_record, plus charts for failed/month (12m) and Top 5 usernames/IPs (30d) using Chart.js via Encore. Aggregations done with DBAL for performance.

All changes in PR: #6603

Thanks for confirmation.

[ywarnier]

2 small changes:

• in the charts in general, revert the colors (currently success is red and failure is blue, which is counter-intuitive)
• Add a title to the table at the bottom ("Failed login attempts")

Then you can close this issue (feature-wise, it's already better than I asked for).