mirror of
https://github.com/dani-garcia/vaultwarden
synced 2024-09-27 21:08:55 +02:00
Created Fail2Ban Setup (markdown)
parent
5b00357082
commit
28494e85ae
1 changed files with 54 additions and 0 deletions
54
Fail2Ban-Setup.md
Normal file
54
Fail2Ban-Setup.md
Normal file
|
@ -0,0 +1,54 @@
|
|||
As of release 1.5.0, bitwarden_rs supports logging to file. See [Logging](#logging) above for information on how to set this up.
|
||||
|
||||
## Logging Failed Login Attempts
|
||||
|
||||
After specifying the log file location, failed login attempts will appear in the logs in the following format:
|
||||
|
||||
```
|
||||
[YYYY-MM-DD hh:mm:ss][bitwarden_rs::api::identity][ERROR] Username or password is incorrect. Try again. IP: XXX.XXX.XXX.XXX. Username: email@domain.com.
|
||||
```
|
||||
|
||||
## Fail2Ban Filter
|
||||
|
||||
Create the filter file
|
||||
```
|
||||
sudo nano /etc/fail2ban/filter.d/bitwarden.conf
|
||||
```
|
||||
And add the following
|
||||
```
|
||||
[INCLUDES]
|
||||
before = common.conf
|
||||
|
||||
[Definition]
|
||||
failregex = ^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$
|
||||
ignoreregex =
|
||||
```
|
||||
|
||||
## Fail2Ban Jail
|
||||
|
||||
Now we need the jail, create the jail file
|
||||
```
|
||||
sudo nano /etc/fail2ban/jail.d/bitwarden.local
|
||||
```
|
||||
and add:
|
||||
```
|
||||
[bitwarden]
|
||||
enabled = true
|
||||
port = 80,443,8081
|
||||
filter = bitwarden
|
||||
action = iptables-allports[name=bitwarden]
|
||||
logpath = /path/to/bitwarden/log
|
||||
backend = polling
|
||||
maxretry = 3
|
||||
bantime = 14400
|
||||
findtime = 14400
|
||||
```
|
||||
Feel free to change the options as you see fit.
|
||||
|
||||
## Testing Fail2Ban
|
||||
|
||||
Now just try to login to bitwarden using any email (it doesnt have to be a valid email, just an email format)
|
||||
If it works correctly and your IP is banned, you can unban the ip by running:
|
||||
```
|
||||
sudo fail2ban-client unban XX.XX.XX.XX bitwarden
|
||||
```
|
Loading…
Reference in a new issue