Created Fail2Ban Setup (markdown)

2024-06-18 20:08:22 +02:00 · 2019-01-01 01:37:08 +00:00 · 2019-01-01 01:37:08 +00:00 · 28494e85ae
parent 5b00357082
commit 28494e85ae
1 changed files with 54 additions and 0 deletions
--- a/Fail2Ban-Setup.md
+++ b/Fail2Ban-Setup.md
@ -0,0 +1,54 @@
+As of release 1.5.0, bitwarden_rs supports logging to file. See [Logging](#logging) above for information on how to set this up.
+
+## Logging Failed Login Attempts
+
+After specifying the log file location, failed login attempts will appear in the logs in the following format:
+
+```
+[YYYY-MM-DD hh:mm:ss][bitwarden_rs::api::identity][ERROR] Username or password is incorrect. Try again. IP: XXX.XXX.XXX.XXX. Username: email@domain.com.
+```
+
+## Fail2Ban Filter
+
+Create the filter file
+```
+sudo nano /etc/fail2ban/filter.d/bitwarden.conf
+```
+And add the following
+```
+[INCLUDES]
+before = common.conf
+
+[Definition]
+failregex = ^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$
+ignoreregex =
+```
+
+## Fail2Ban Jail
+
+Now we need the jail, create the jail file
+```
+sudo nano /etc/fail2ban/jail.d/bitwarden.local
+```
+and add:
+```
+[bitwarden]
+enabled = true
+port = 80,443,8081
+filter = bitwarden
+action = iptables-allports[name=bitwarden]
+logpath = /path/to/bitwarden/log
+backend = polling
+maxretry = 3
+bantime = 14400
+findtime = 14400
+```
+Feel free to change the options as you see fit.
+
+## Testing Fail2Ban
+
+Now just try to login to bitwarden using any email (it doesnt have to be a valid email, just an email format)
+If it works correctly and your IP is banned, you can unban the ip by running:
+```
+sudo fail2ban-client unban XX.XX.XX.XX bitwarden
+```