mirror of
https://github.com/dani-garcia/vaultwarden
synced 2024-09-27 21:08:55 +02:00
Created Fail2Ban Setup (markdown)
parent
5b00357082
commit
28494e85ae
1 changed files with 54 additions and 0 deletions
54
Fail2Ban-Setup.md
Normal file
54
Fail2Ban-Setup.md
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
As of release 1.5.0, bitwarden_rs supports logging to file. See [Logging](#logging) above for information on how to set this up.
|
||||||
|
|
||||||
|
## Logging Failed Login Attempts
|
||||||
|
|
||||||
|
After specifying the log file location, failed login attempts will appear in the logs in the following format:
|
||||||
|
|
||||||
|
```
|
||||||
|
[YYYY-MM-DD hh:mm:ss][bitwarden_rs::api::identity][ERROR] Username or password is incorrect. Try again. IP: XXX.XXX.XXX.XXX. Username: email@domain.com.
|
||||||
|
```
|
||||||
|
|
||||||
|
## Fail2Ban Filter
|
||||||
|
|
||||||
|
Create the filter file
|
||||||
|
```
|
||||||
|
sudo nano /etc/fail2ban/filter.d/bitwarden.conf
|
||||||
|
```
|
||||||
|
And add the following
|
||||||
|
```
|
||||||
|
[INCLUDES]
|
||||||
|
before = common.conf
|
||||||
|
|
||||||
|
[Definition]
|
||||||
|
failregex = ^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$
|
||||||
|
ignoreregex =
|
||||||
|
```
|
||||||
|
|
||||||
|
## Fail2Ban Jail
|
||||||
|
|
||||||
|
Now we need the jail, create the jail file
|
||||||
|
```
|
||||||
|
sudo nano /etc/fail2ban/jail.d/bitwarden.local
|
||||||
|
```
|
||||||
|
and add:
|
||||||
|
```
|
||||||
|
[bitwarden]
|
||||||
|
enabled = true
|
||||||
|
port = 80,443,8081
|
||||||
|
filter = bitwarden
|
||||||
|
action = iptables-allports[name=bitwarden]
|
||||||
|
logpath = /path/to/bitwarden/log
|
||||||
|
backend = polling
|
||||||
|
maxretry = 3
|
||||||
|
bantime = 14400
|
||||||
|
findtime = 14400
|
||||||
|
```
|
||||||
|
Feel free to change the options as you see fit.
|
||||||
|
|
||||||
|
## Testing Fail2Ban
|
||||||
|
|
||||||
|
Now just try to login to bitwarden using any email (it doesnt have to be a valid email, just an email format)
|
||||||
|
If it works correctly and your IP is banned, you can unban the ip by running:
|
||||||
|
```
|
||||||
|
sudo fail2ban-client unban XX.XX.XX.XX bitwarden
|
||||||
|
```
|
Loading…
Reference in a new issue