fail2ban/config/filter.d/bitwarden.conf

# Fail2Ban filter for Bitwarden
# Detecting failed login attempts
# Logged in bwdata/logs/identity/Identity/log.txt

[INCLUDES]
before = common.conf

[Definition]
_daemon = Bitwarden-Identity
failregex = ^%(__prefix_line)s\s*\[(?:W(?:RN|arning)|Bit\.Core\.[^\]]+)\]\s+Failed login attempt(?:, 2FA invalid)?\. <ADDR>$

# DEV Notes:
# __prefix_line can result to an empty string, so it can support syslog and non-syslog at once.
Create bitwarden.conf 2019-11-25 21:05:29 +00:00			`# Fail2Ban filter for Bitwarden`
			`# Detecting failed login attempts`
			`# Logged in bwdata/logs/identity/Identity/log.txt`

Add Bitwarden syslog support 2020-10-18 17:56:30 +00:00			`[INCLUDES]`
			`before = common.conf`

Create bitwarden.conf 2019-11-25 21:05:29 +00:00			`[Definition]`
review and small tweaks (more precise and safe RE) 2020-11-09 12:43:59 +00:00			`_daemon = Bitwarden-Identity`
			`failregex = ^%(__prefix_line)s\s*\[(?:W(?:RN\|arning)\|Bit\.Core\.[^\]]+)\]\s+Failed login attempt(?:, 2FA invalid)?\. <ADDR>$`
Add Bitwarden syslog support 2020-10-18 17:56:30 +00:00
			`# DEV Notes:`
			`# __prefix_line can result to an empty string, so it can support syslog and non-syslog at once.`