github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Added filter for phpMyAdmin+syslog (>=4.7.0). Closes #1713

pull/1871/head
Pavel Mihadyuk 2017-08-22 18:19:55 +03:00
parent c540217844
commit 5b4bc2aafd
3 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -30,6 +30,7 @@ releases.
### Enhancements ### Enhancements
* action.d/cloudflare.conf - Cloudflare API v4 implementation (gh-1651) * action.d/cloudflare.conf - Cloudflare API v4 implementation (gh-1651)
* filter.d/kerio.conf - filter extended with new rules (see gh-1455) * filter.d/kerio.conf - filter extended with new rules (see gh-1455)
* filter.d/phpmyadmin-syslog.conf - new filter for phpMyAdmin using syslog for auth logging
ver. 0.9.7 (2017/05/11) - awaiting-victory ver. 0.9.7 (2017/05/11) - awaiting-victory

17
config/filter.d/phpmyadmin-syslog.conf Normal file
View File

@ -0,0 +1,17 @@
# Fail2Ban fitler for the phpMyAdmin-syslog
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = phpMyAdmin
failregex = ^%(__prefix_line)suser denied: .* \(mysql-denied\) from <HOST>\s*$
ignoreregex =
# Author: Pavel Mihadyuk

2
fail2ban/tests/files/logs/phpmyadmin-syslog.conf Normal file
View File

@ -0,0 +1,2 @@
# failJSON: { "time": "2017-08-22T14:50:22", "match": true , "host": "81.62.21.201" }
Aug 22 14:50:22 eurostream phpMyAdmin[16358]: user denied: root (mysql-denied) from 81.62.21.201