| 4 |
- |
1 |
# Fail2Ban filter for unsuccesfull MySQL authentication attempts
|
|
|
2 |
#
|
|
|
3 |
#
|
|
|
4 |
# To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld]:
|
|
|
5 |
# log-error=/var/log/mysqld.log
|
|
|
6 |
# log-warning = 2
|
|
|
7 |
#
|
|
|
8 |
# If using mysql syslog [mysql_safe] has syslog in /etc/my.cnf
|
|
|
9 |
|
|
|
10 |
[INCLUDES]
|
|
|
11 |
|
|
|
12 |
# Read common prefixes. If any customizations available -- read them from
|
|
|
13 |
# common.local
|
|
|
14 |
before = common.conf
|
|
|
15 |
|
|
|
16 |
[Definition]
|
|
|
17 |
|
|
|
18 |
_daemon = mysqld
|
|
|
19 |
|
| 71 |
- |
20 |
failregex = ^%(__prefix_line)s(?:\d+ |\d{6} \s?\d{1,2}:\d{2}:\d{2} )?\[\w+\] Access denied for user '[^']+'@'<HOST>' (to database '[^']*'|\(using password: (YES|NO)\))*\s*$
|
| 4 |
- |
21 |
|
|
|
22 |
ignoreregex =
|
|
|
23 |
|
|
|
24 |
# DEV Notes:
|
|
|
25 |
#
|
|
|
26 |
# Technically __prefix_line can equate to an empty string hence it can support
|
|
|
27 |
# syslog and non-syslog at once.
|
|
|
28 |
# Example:
|
|
|
29 |
# 130322 11:26:54 [Warning] Access denied for user 'root'@'127.0.0.1' (using password: YES)
|
|
|
30 |
#
|
|
|
31 |
# Authors: Artur Penttinen
|
|
|
32 |
# Yaroslav O. Halchenko
|