mirror of https://github.com/fail2ban/fail2ban
commit
bfd80ce522
|
@ -71,6 +71,7 @@ ver. 1.1.1-dev-1 (20??/??/??) - development nightly edition
|
|||
by substitution of rich rule (gh-3815)
|
||||
* `filter.d/proxmox.conf` - add support to Proxmox Web GUI (gh-2966)
|
||||
* `filter.d/openvpn.conf` - new filter and jail for openvpn recognizing failed TLS handshakes (gh-2702)
|
||||
* `filter.d/vaultwarden.conf` - new filter and jail for Vaultwarden (gh-3979)
|
||||
|
||||
ver. 1.1.0 (2024/04/25) - object-found--norad-59479-cospar-2024-069a--altitude-36267km
|
||||
-----------
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
# Fail2Ban filter for unsuccessful Vaultwarden authentication attempts
|
||||
# Logged in /var/log/vaultwarden.log
|
||||
# Author: LearningSpot
|
||||
|
||||
[Definition]
|
||||
|
||||
failregex = ^\s*(?:\[\]\s*)?\[vaultwarden::api::(identity||admin||core::two_factor::authenticator)\]\[ERROR\] (Invalid admin token||Invalid TOTP code||Username or password is incorrect)[\.!](?:\s+(?!IP:)\S+)* IP: <ADDR>(?:\. Username: <F-USER>\S+</F-USER>)?
|
||||
ignoreregex =
|
|
@ -991,3 +991,7 @@ logpath = %(syslog_daemon)s
|
|||
[proxmox]
|
||||
port = https,http,8006
|
||||
logpath = /var/log/daemon.log
|
||||
|
||||
[vaultwarden]
|
||||
port = http,https
|
||||
logpath = /var/log/vaultwarden.log
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
# failJSON: { "time": "2024-08-31T02:11:22", "match": true , "host": "2001:db8::b6d3:95d7:1425:766d" }
|
||||
[2024-08-31 02:11:22.129][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com.
|
||||
|
||||
# failJSON: { "time": "2024-08-31T02:11:28", "match": true , "host": "80.187.85.94" }
|
||||
[2024-08-31 02:11:28.562][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 80.187.85.94. Username: test@example.com.
|
||||
|
||||
# failJSON: { "time": "2024-08-31T02:11:28", "match": true , "host": "80.187.85.94" }
|
||||
[2024-08-31 02:11:28.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 80.187.85.94
|
||||
|
||||
# failJSON: { "time": "2024-08-31T02:11:28", "match": true , "host": "2001:db8::b6d3:95d7:1425:766d" }
|
||||
[2024-08-31 02:11:28.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8::b6d3:95d7:1425:766d
|
||||
|
||||
# failJSON: { "time": "2024-08-31T02:11:28", "match": true , "host": "80.187.85.94" }
|
||||
[2024-08-31 02:11:28.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2024-08-31 02:11:28 UTC IP: 80.187.85.94
|
||||
|
||||
# failJSON: { "time": "2024-08-31T02:11:28", "match": true , "host": "2001:db8::b6d3:95d7:1425:766d" }
|
||||
[2024-08-31 02:11:28.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2024-08-31 02:11:28 UTC IP: 2001:db8::b6d3:95d7:1425:766d
|
||||
|
||||
# failJSON: { "time": "2024-08-30T20:11:28", "match": true , "host": "80.187.85.94" }
|
||||
[2024-08-31 02:11:28.892+0800][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2024-08-30 18:11:28 UTC IP: 80.187.85.94
|
||||
|
||||
# failJSON: { "time": "2024-08-30T20:11:28", "match": true , "host": "2001:db8::b6d3:95d7:1425:766d" }
|
||||
[2024-08-31 02:11:28.892+0800][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2024-08-30 18:11:28 UTC IP: 2001:db8::b6d3:95d7:1425:766d
|
Loading…
Reference in New Issue