From 28494e85ae93c9280ff06930fa48ec290d86c1e5 Mon Sep 17 00:00:00 2001 From: Nick Fox Date: Tue, 1 Jan 2019 01:37:08 +0000 Subject: [PATCH] Created Fail2Ban Setup (markdown) --- Fail2Ban-Setup.md | 54 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 Fail2Ban-Setup.md diff --git a/Fail2Ban-Setup.md b/Fail2Ban-Setup.md new file mode 100644 index 0000000..bae93c2 --- /dev/null +++ b/Fail2Ban-Setup.md @@ -0,0 +1,54 @@ +As of release 1.5.0, bitwarden_rs supports logging to file. See [Logging](#logging) above for information on how to set this up. + +## Logging Failed Login Attempts + +After specifying the log file location, failed login attempts will appear in the logs in the following format: + +``` +[YYYY-MM-DD hh:mm:ss][bitwarden_rs::api::identity][ERROR] Username or password is incorrect. Try again. IP: XXX.XXX.XXX.XXX. Username: email@domain.com. +``` + +## Fail2Ban Filter + +Create the filter file +``` +sudo nano /etc/fail2ban/filter.d/bitwarden.conf +``` +And add the following +``` +[INCLUDES] +before = common.conf + +[Definition] +failregex = ^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$ +ignoreregex = +``` + +## Fail2Ban Jail + +Now we need the jail, create the jail file +``` +sudo nano /etc/fail2ban/jail.d/bitwarden.local +``` +and add: +``` +[bitwarden] +enabled = true +port = 80,443,8081 +filter = bitwarden +action = iptables-allports[name=bitwarden] +logpath = /path/to/bitwarden/log +backend = polling +maxretry = 3 +bantime = 14400 +findtime = 14400 +``` +Feel free to change the options as you see fit. + +## Testing Fail2Ban + +Now just try to login to bitwarden using any email (it doesnt have to be a valid email, just an email format) +If it works correctly and your IP is banned, you can unban the ip by running: +``` +sudo fail2ban-client unban XX.XX.XX.XX bitwarden +``` \ No newline at end of file