Aller au contenu

Tostaki

Membres
  • Compteur de contenus

    7
  • Inscription

  • Dernière visite

À propos de Tostaki

Visiteurs récents du profil

825 visualisations du profil

Tostaki's Achievements

Newbie

Newbie (1/14)

1

Réputation sur la communauté

  1. Il suffira de glisser les évolutions ici @.Shad. demandait si cela fonctionnait avec Bitwarden officiel. la réponse est oui. Il faut "juste" adapter l'accès au logs, le filtre, la prison.
  2. Fail2ban est indépendant donc oui. Il faut mettre à jour l'accès au fichier de logs et les filtres. Si vous voulez, poussez moi vos réglages, je mettrais à jour le dépôt
  3. J'ai fini par trouver la solution (enfin les...). je me suis basé sur Docker-compose qui permet des paramétrages plus avancés que l'interface graphique. Pour fail2ban, j'ai proposé ma solution là : https://github.com/sosandroid/docker-fail2ban-synology Pour bitwarden_rs, c'est là : https://github.com/sosandroid/docker-bitwarden_rs-caddy-synology
  4. Merci Je crois que le problème ne viens pas de Bitwarden_rs mais de l'interaction Fail2Ban et iptables sur le Synology. J'en suis arrivé à ce constat car BW loggue correctement l'échec, Fail2Ban le détecte et envoie la commande de ban. Cependant, rien ne se passe ensuite.
  5. Bonjour, EDIT : solution trouvée et partagée un peu plus bas. J'essaie de configurer Fail2ban pour protéger un contener Bitwarden des attaques en brute force. Cependant, je n'arrive pas à avoir un ban des IP présentant trop d'erreur. Avez vous déjà réussi à faire fonctionner le ban d'IP ? Merci Voici les logs et la config ```` Docker version 18.09.8, build 2c0a67b ```` Here the setup : - dani-garcia/bitwarden_rs - Mounting point: - docker/bw-data:/data/ - Extended_logging true - Log_file: /data/bitwarden.log - log level: error - TZ: Europe/Paris - crazy-max/docker-fail2ban - Run as root - Mounting points - docker/fail2ban:/data/ - docker/bw-data:/bitwarden/ Read-Only - TZ: Europe/Paris - F2B_IPTABLE_CHAIN: Input Selon le ticket 36 sur Fail2Ban (https://github.com/crazy-max/docker-fail2ban/issues/36) - DROP à la place de REJECT car non disponible sur Synology The jail : ```` [DEFAULT] ignoreip = 127.0.0.1/8 192.168.0.0/22 bantime = 6400 findtime = 86400 maxretry = 4 backend = auto action = iptables-allports[name=bitwarden] [bitwarden] enabled = true port = 80,81,443 filter = bitwarden logpath = /bitwarden/bitwarden.log ```` The filter: ```` [INCLUDES] before = common.conf [Definition] failregex = ^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$ ignoreregex = ```` Bitwarden log : ```` [2020-03-05 21:53:26][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: a@a.net. [2020-03-05 21:53:35][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: a@a.net. [2020-03-05 21:53:38][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: a@a.net. [2020-03-05 21:53:40][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: a@a.net. [2020-03-05 21:53:51][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: a@a.net. [2020-03-05 21:56:22][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: a@a.net. [2020-03-05 21:56:27][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: a@a.net. [2020-03-05 21:56:33][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: a@a.net. [2020-03-05 21:56:49][error][ERROR] Username or password is incorrect. Try again. IP: 80.XX.XX.XX. Username: a@a.net. ```` F2B Log: ```` 2020-03-09 23:43:04,736 fail2ban.CommandAction [1]: DEBUG Created 2020-03-09 23:43:04,736 fail2ban.CommandAction [1]: DEBUG Set actionstart = ' -N f2b-bitwarden\n -A f2b-bitwarden -j RETURN\n -I INPUT -p tcp -j f2b-bitwarden' 2020-03-09 23:43:04,736 fail2ban.CommandAction [1]: DEBUG Set actionstop = ' -D INPUT -p tcp -j f2b-bitwarden\n -F f2b-bitwarden\n -X f2b-bitwarden' 2020-03-09 23:43:04,736 fail2ban.CommandAction [1]: DEBUG Set actionflush = ' -F f2b-bitwarden' 2020-03-09 23:43:04,736 fail2ban.CommandAction [1]: DEBUG Set actioncheck = " -n -L INPUT | grep -q 'f2b-bitwarden[ \\t]'" 2020-03-09 23:43:04,737 fail2ban.CommandAction [1]: DEBUG Set actionban = ' -I f2b-bitwarden 1 -s -j ' 2020-03-09 23:43:04,737 fail2ban.CommandAction [1]: DEBUG Set actionunban = ' -D f2b-bitwarden -s -j ' 2020-03-09 23:43:04,737 fail2ban.CommandAction [1]: DEBUG Set name = 'bitwarden' 2020-03-09 23:43:04,737 fail2ban.CommandAction [1]: DEBUG Set actname = 'iptables-allports' 2020-03-09 23:43:04,737 fail2ban.CommandAction [1]: DEBUG Set chain = 'INPUT' 2020-03-09 23:43:04,737 fail2ban.CommandAction [1]: DEBUG Set port = 'ssh' 2020-03-09 23:43:04,738 fail2ban.CommandAction [1]: DEBUG Set protocol = 'tcp' 2020-03-09 23:43:04,738 fail2ban.CommandAction [1]: DEBUG Set blocktype = 'DROP' 2020-03-09 23:43:04,738 fail2ban.CommandAction [1]: DEBUG Set returntype = 'RETURN' 2020-03-09 23:43:04,738 fail2ban.CommandAction [1]: DEBUG Set lockingopt = '-w' 2020-03-09 23:43:04,738 fail2ban.CommandAction [1]: DEBUG Set iptables = 'iptables ' 2020-03-09 23:43:04,738 fail2ban.CommandAction [1]: DEBUG Set blocktype?family=inet6 = 'DROP' 2020-03-09 23:43:04,738 fail2ban.CommandAction [1]: DEBUG Set iptables?family=inet6 = 'ip6tables ' 2020-03-09 23:43:04,739 fail2ban.jail [1]: DEBUG Starting jail 'bitwarden' 2020-03-09 23:43:04,739 fail2ban.filterpyinotif [1]: DEBUG [bitwarden] filter started (pyinotifier) 2020-03-09 23:43:04,741 fail2ban.jail [1]: INFO Jail 'bitwarden' started 2020-03-09 23:43:04,741 fail2ban.transmitter [1]: DEBUG Status: ready 2020-03-09 23:44:37,877 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 64 2020-03-09 23:44:37,878 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x100 name=db.sqlite3-wal wd=1 > 2020-03-09 23:44:37,878 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x100 name=db.sqlite3-shm wd=1 > 2020-03-09 23:44:37,878 fail2ban.filterpyinotif [1]: DEBUG Ignoring creation of /bitwarden/db.sqlite3-wal we do not monitor 2020-03-09 23:44:37,879 fail2ban.filterpyinotif [1]: DEBUG Ignoring creation of /bitwarden/db.sqlite3-shm we do not monitor 2020-03-09 23:44:38,609 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16 2020-03-09 23:44:38,609 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 > 2020-03-09 23:44:38,615 fail2ban.filter [1]: DEBUG Processing line with time:1583793878.0 and ip:80.XX.XX.XX 2020-03-09 23:44:38,623 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 23:44:38 2020-03-09 23:44:38,623 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 1. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:1 2020-03-09 23:44:41,327 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16 2020-03-09 23:44:41,328 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 > 2020-03-09 23:44:41,329 fail2ban.filter [1]: DEBUG Processing line with time:1583793881.0 and ip:80.XX.XX.XX 2020-03-09 23:44:41,329 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 23:44:41 2020-03-09 23:44:41,329 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 2. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:2 2020-03-09 23:44:44,949 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16 2020-03-09 23:44:44,949 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 > 2020-03-09 23:44:44,950 fail2ban.filter [1]: DEBUG Processing line with time:1583793884.0 and ip:80.XX.XX.XX 2020-03-09 23:44:44,950 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 23:44:44 2020-03-09 23:44:44,951 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 3. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:3 2020-03-09 23:44:47,829 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16 2020-03-09 23:44:47,830 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 > 2020-03-09 23:44:47,831 fail2ban.filter [1]: DEBUG Processing line with time:1583793887.0 and ip:80.XX.XX.XX 2020-03-09 23:44:47,831 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 23:44:47 2020-03-09 23:44:47,831 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 4. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:4 2020-03-09 23:44:48,066 fail2ban.actions [1]: NOTICE [bitwarden] Ban 80.XX.XX.XX 2020-03-09 23:44:48,066 fail2ban.observer [1]: DEBUG [bitwarden] Observer: ban found 80.XX.XX.XX, 6400 2020-03-09 23:44:48,078 fail2ban.utils [1]: DEBUG 7fb73a032240 -- returned successfully 0 2020-03-09 23:44:48,087 fail2ban.utils [1]: DEBUG 7fb739a17a40 -- returned successfully 0 2020-03-09 23:44:48,095 fail2ban.utils [1]: DEBUG 7fb739a17ab0 -- returned successfully 0 2020-03-09 23:44:48,096 fail2ban.actions [1]: DEBUG Banned 1 / 1, 1 ticket(s) in 'bitwarden' 2020-03-09 23:44:55,188 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16 2020-03-09 23:44:55,189 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 > 2020-03-09 23:44:55,190 fail2ban.filter [1]: DEBUG Processing line with time:1583793895.0 and ip:80.XX.XX.XX 2020-03-09 23:44:55,190 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 23:44:55 2020-03-09 23:44:55,191 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 5. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:1 ````
×
×
  • Créer...

Information importante

Nous avons placé des cookies sur votre appareil pour aider à améliorer ce site. Vous pouvez choisir d’ajuster vos paramètres de cookie, sinon nous supposerons que vous êtes d’accord pour continuer.