Added filter for phpMyAdmin+syslog (>=4.7.0). Closes #1713

7 years ago · 5b4bc2aafd
3 changed files with 20 additions and 0 deletions
--- a/1
+++ b/1
@ -30,6 +30,7 @@ releases.
 ### Enhancements
 * action.d/cloudflare.conf - Cloudflare API v4 implementation (gh-1651)
 * filter.d/kerio.conf - filter extended with new rules (see gh-1455)
 * filter.d/phpmyadmin-syslog.conf - new filter for phpMyAdmin using syslog for auth logging
 ver. 0.9.7 (2017/05/11) - awaiting-victory
--- a/config/filter.d/phpmyadmin-syslog.conf
+++ b/config/filter.d/phpmyadmin-syslog.conf
@ -0,0 +1,17 @@
 # Fail2Ban fitler for the phpMyAdmin-syslog
 #
 [INCLUDES]
 before = common.conf
 [Definition]
 _daemon = phpMyAdmin
 failregex = ^%(__prefix_line)suser denied: .* \(mysql-denied\) from <HOST>\s*$
 ignoreregex =
 # Author: Pavel Mihadyuk
--- a/fail2ban/tests/files/logs/phpmyadmin-syslog.conf
+++ b/fail2ban/tests/files/logs/phpmyadmin-syslog.conf
@ -0,0 +1,2 @@
 # failJSON: { "time": "2017-08-22T14:50:22", "match": true , "host": "81.62.21.201" }
 Aug 22 14:50:22 eurostream phpMyAdmin[16358]: user denied: root (mysql-denied) from 81.62.21.201
		`@ -0,0 +1,2 @@`
							`# failJSON: { "time": "2017-08-22T14:50:22", "match": true , "host": "81.62.21.201" }`
							`Aug 22 14:50:22 eurostream phpMyAdmin[16358]: user denied: root (mysql-denied) from 81.62.21.201`