2023-11-18 15:04:04 +00:00
|
|
|
# Fail2Ban filter for unsuccessful MySQL authentication attempts
|
2013-03-24 14:52:58 +00:00
|
|
|
#
|
|
|
|
#
|
2013-10-30 10:12:16 +00:00
|
|
|
# To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld]:
|
|
|
|
# log-error=/var/log/mysqld.log
|
2018-10-03 08:02:38 +00:00
|
|
|
# log-warnings = 2
|
2013-10-30 10:12:16 +00:00
|
|
|
#
|
|
|
|
# If using mysql syslog [mysql_safe] has syslog in /etc/my.cnf
|
2013-03-24 14:52:58 +00:00
|
|
|
|
|
|
|
[INCLUDES]
|
|
|
|
|
|
|
|
# Read common prefixes. If any customizations available -- read them from
|
|
|
|
# common.local
|
|
|
|
before = common.conf
|
|
|
|
|
|
|
|
[Definition]
|
|
|
|
|
2013-09-16 21:57:19 +00:00
|
|
|
_daemon = mysqld
|
2013-03-24 14:52:58 +00:00
|
|
|
|
2023-10-16 09:41:05 +00:00
|
|
|
failregex = ^%(__prefix_line)s(?:(?:\d{6}|\d{4}-\d{2}-\d{2})[ T]\s?\d{1,2}:\d{2}:\d{2} )?(?:\d+ )?\[\w+\] (?:\[[^\]]+\] )*Access denied for user '<F-USER>[^']+</F-USER>'@'<HOST>'(?:\s+(?:to database '[^']*'|\(using password: (?:YES|NO)\)){1,2})?\s*$
|
2013-03-24 14:52:58 +00:00
|
|
|
|
|
|
|
ignoreregex =
|
2013-10-30 13:02:59 +00:00
|
|
|
|
|
|
|
# DEV Notes:
|
|
|
|
#
|
|
|
|
# Technically __prefix_line can equate to an empty string hence it can support
|
|
|
|
# syslog and non-syslog at once.
|
|
|
|
# Example:
|
|
|
|
# 130322 11:26:54 [Warning] Access denied for user 'root'@'127.0.0.1' (using password: YES)
|
|
|
|
#
|
|
|
|
# Authors: Artur Penttinen
|
|
|
|
# Yaroslav O. Halchenko
|