fail2ban/config/filter.d/mysqld-auth.conf

33 lines
953 B
Plaintext
Raw Normal View History

2017-03-24 18:03:20 +00:00
# Fail2Ban filter for unsuccesful MySQL authentication attempts
2013-03-24 14:52:58 +00:00
#
#
# To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld]:
# log-error=/var/log/mysqld.log
2018-10-03 08:02:38 +00:00
# log-warnings = 2
#
# If using mysql syslog [mysql_safe] has syslog in /etc/my.cnf
2013-03-24 14:52:58 +00:00
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = mysqld
2013-03-24 14:52:58 +00:00
failregex = ^%(__prefix_line)s(?:(?:\d{6}|\d{4}-\d{2}-\d{2})[ T]\s?\d{1,2}:\d{2}:\d{2} )?(?:\d+ )?\[\w+\] (?:\[[^\]]+\] )*Access denied for user '<F-USER>[^']+</F-USER>'@'<HOST>' (to database '[^']*'|\(using password: (YES|NO)\))*\s*$
2013-03-24 14:52:58 +00:00
ignoreregex =
# DEV Notes:
#
# Technically __prefix_line can equate to an empty string hence it can support
# syslog and non-syslog at once.
# Example:
# 130322 11:26:54 [Warning] Access denied for user 'root'@'127.0.0.1' (using password: YES)
#
# Authors: Artur Penttinen
# Yaroslav O. Halchenko