github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Added support for MySQL logfiles

pull/150/merge^2
Artur Penttinen 2013-03-24 16:52:58 +02:00
parent 1330c7d4b8
commit 29d0df58be
3 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
config/filter.d/mysqld.conf Normal file
View File

@ -0,0 +1,32 @@
# Fail2Ban configuration file
#
# Author: Artur Penttinen
#
# $Revision$
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
#_daemon = mysqld
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
# 130322 11:26:54 [Warning] Access denied for user 'root'@'127.0.0.1' (using password: YES)
failregex = Access denied for user '\w+'@'<HOST>'
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

13
config/jail.conf
View File

@ -331,6 +331,19 @@ action = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
logpath = /var/log/asterisk/messages logpath = /var/log/asterisk/messages
maxretry = 10 maxretry = 10
# For log wrong MySQL access add to /etc/my.cnf:
# log-error=/var/log/mysqld.log
# log-warning = 2
[mysqld-iptables]
enabled = false
filter = mysqld
action = iptables[name=mysql, port=3306, protocol=tcp]
sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
logpath = /var/log/mysqld.log
maxretry = 5
# Jail for more extended banning of persistent abusers # Jail for more extended banning of persistent abusers
# !!! WARNING !!! # !!! WARNING !!!
# Make sure that your loglevel specified in fail2ban.conf/.local # Make sure that your loglevel specified in fail2ban.conf/.local

6
server/datedetector.py
View File

@ -155,6 +155,12 @@ class DateDetector:
template.setRegex("^<\d{2}/\d{2}/\d{2}@\d{2}:\d{2}:\d{2}>") template.setRegex("^<\d{2}/\d{2}/\d{2}@\d{2}:\d{2}:\d{2}>")
template.setPattern("<%m/%d/%y@%H:%M:%S>") template.setPattern("<%m/%d/%y@%H:%M:%S>")
self._appendTemplate(template) self._appendTemplate(template)
# MySQL: 130322 11:46:11
template = DateStrptime()
template.setName("MonthDayYear Hour:Minute:Second")
template.setRegex("^\d{2}\d{2}\d{2} +\d{1,2}:\d{2}:\d{2}")
template.setPattern("%y%m%d %H:%M:%S")
self._appendTemplate(template)
finally: finally:
self.__lock.release() self.__lock.release()