Rev 4 | Blame | Compare with Previous | Last modification | View Log | RSS feed
# Fail2Ban filter for unsuccesfull MySQL authentication attempts### To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld]:# log-error=/var/log/mysqld.log# log-warning = 2## If using mysql syslog [mysql_safe] has syslog in /etc/my.cnf[INCLUDES]# Read common prefixes. If any customizations available -- read them from# common.localbefore = common.conf[Definition]_daemon = mysqldfailregex = ^%(__prefix_line)s(?:\d+ |\d{6} \s?\d{1,2}:\d{2}:\d{2} )?\[\w+\] Access denied for user '[^']+'@'<HOST>' (to database '[^']*'|\(using password: (YES|NO)\))*\s*$ignoreregex =# DEV Notes:## Technically __prefix_line can equate to an empty string hence it can support# syslog and non-syslog at once.# Example:# 130322 11:26:54 [Warning] Access denied for user 'root'@'127.0.0.1' (using password: YES)## Authors: Artur Penttinen# Yaroslav O. Halchenko