External log file containing failed accesses to (Fail2)ban

Hi,

Would be nice for core application to generate a log file which would contain failed accesses.
This file should be made available to the host, so out of the docker container.
This log file should not contain only failures for existing users, but every failure (wrong user, wrong password, wrong token…) made from any IP.

We would then be able to ban bad IPs at host firewall level, using for example Fail2ban on a Linux host.

The following Fail2ban pattern could be used :

user \S* ?(not found|not authorized|password mismatch|sent invalid token|misbehaved|tried to break-in): .+

For example :

error_log(“[client a.b.c.d] user sent invalid token: Bitwarden”);
error_log(“[client x.y.z.t] user bob not found: Bitwarden”);
error_log(“[client 1.2.3.4] user admin password mismatch: Bitwarden”);

This would be a great security improvement !

Thank you !

This would be a great addition.

Work in progress / almost done : https://github.com/bitwarden/server/issues/604

2 Likes

Available in last version (see instructions in link above), great job @kspearrin, this can now safely be closed :+1:

1 Like