Last active
May 14, 2019 00:23
-
-
Save hmoffatt/f261e43404edf3fd54611a82a0d72968 to your computer and use it in GitHub Desktop.
fail2ban filter for Keycloak
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Fail2Ban filter for Keycloak | |
| # Detecting unauthorized access to Keycloak-protected services | |
| # typically logged in /opt/keycloak-x.y.z/standalone/logs/server.log | |
| # | |
| # Installation instructions: | |
| # 1. Copy this file to /etc/fail2ban/filter.d/keycloak.conf | |
| # 2. Enable by adding to jail.local: | |
| # [keycloak] | |
| # enabled = true | |
| # logpath = /opt/keycloak-5.0.0/standalone/log/server.log | |
| [INCLUDES] | |
| # Read syslog common prefixes | |
| before = common.conf | |
| [Definition] | |
| # Sample log lines: | |
| # 2019-05-14 00:01:21,713 WARN [org.keycloak.events] (default task-9) type=LOGIN_ERROR, realmId=my realm, clientId=some_client, userId=null, ipAddress=169.197.108.30, error=invalid_redirect_uri, redirect_uri=https://103.236.162.153/_redirect_uri | |
| # 2019-05-14 10:16:48,197 WARN [org.keycloak.events] (default task-14) type=LOGIN_ERROR, realmId=my realm, clientId=some_client, userId=null, ipAddress=2403:::::503, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=https://my.company.com/_redirect_uri, code_id=07c2e837-cc0f-4f35-9f27-aed06be16e48, username=joe | |
| _daemon = keycloak | |
| failregex = ^.*type=LOGIN_ERROR,.*ipAddress=<HOST>.*$ | |
| ignoreregex = |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment