ADM-003 recommended Admin Panel Security
Track login IPs and login frequency
Admin logins are tracked with timestamp, IP address, and success/failure. Login history is viewable for security review.
Question to ask
"Would you notice if someone logged in from a foreign country?"
What to check
- ☐ Find login event logging
- ☐ Check for IP capture on login
- ☐ Look for login frequency/count tracking
Verification guide
Severity: Recommended
Check automatically:
- Find login tracking:
# Look for login event logging
grep -riE "(login|sign.?in).*(log|track|event|record)" --include="*.ts" --include="*.js" | head -10
# Look for session/login history
grep -riE "login.?history|session.?history|auth.?log" --include="*.ts" --include="*.js" | head -10
- Check for IP capture:
# Find IP address capture
grep -riE "ip.?address|req\.ip|x-forwarded-for|clientIp|remoteAddress" --include="*.ts" --include="*.js" | head -10
# Look for IP storage in user/session models
grep -riE "ip.*string|last_ip|login_ip" --include="*.prisma" --include="*.ts" --include="*.js" | head -10
- Check for login frequency tracking:
# Look for login count or frequency fields
grep -riE "login_count|loginCount|sign_in_count|failed_attempts" --include="*.ts" --include="*.js" --include="*.prisma" | head -10
Ask user:
- Do you track when admins log in and from where?
- Can you see login history for admin users?
- Would unusual login patterns (new IP, odd hours, multiple failures) be noticed?
Pass criteria:
- Admin logins are logged with timestamp and IP
- Login history is viewable (at least for security review)
- Failed login attempts are tracked
Fail criteria:
- No login tracking for admin users
- Can't tell when or where an admin logged in from
- No visibility into failed login attempts
Evidence to capture:
- Login tracking implementation (if any)
- What's captured (timestamp, IP, user agent, success/failure?)
- Where logs are stored (database, log service, etc.)