review and small tweaks (more precise and safe RE)

4 years ago · 25e006e137
parent 2a18b82f5f
commit 25e006e137
2 changed files with 5 additions and 1 deletions
--- a/config/filter.d/bitwarden.conf
+++ b/config/filter.d/bitwarden.conf
@ -6,7 +6,8 @@
 before = common.conf

 [Definition]
-failregex = ^%(__prefix_line)s\s*\[[^\s]+\]\s+Failed login attempt(?:, 2FA invalid)?\. <HOST>$
+_daemon = Bitwarden-Identity
+failregex = ^%(__prefix_line)s\s*\[(?:W(?:RN|arning)|Bit\.Core\.[^\]]+)\]\s+Failed login attempt(?:, 2FA invalid)?\. <ADDR>$

 # DEV Notes:
 # __prefix_line can result to an empty string, so it can support syslog and non-syslog at once.
--- a/fail2ban/tests/files/logs/bitwarden
+++ b/fail2ban/tests/files/logs/bitwarden
@ -1,6 +1,9 @@
 # failJSON: { "time": "2019-11-25T18:04:49", "match": true , "host": "192.168.0.16" }
 2019-11-26 01:04:49.008 +08:00 [WRN] Failed login attempt. 192.168.0.16

+# failJSON: { "time": "2019-11-25T21:39:58", "match": true , "host": "192.168.0.21" }
+2019-11-25 21:39:58.464 +01:00 [WRN] Failed login attempt, 2FA invalid. 192.168.0.21
+
 # failJSON: { "time": "2019-11-25T21:39:58", "match": true , "host": "192.168.0.21" }
 2019-11-25 21:39:58.464 +01:00 [Warning] Failed login attempt, 2FA invalid. 192.168.0.21