Merge pull request #1872 from kmzby/master

Added filter for phpMyAdmin+syslog
pull/1882/head
Serg G. Brester 7 years ago committed by GitHub
commit a287d0a05c

@ -32,6 +32,7 @@ releases.
### Enhancements ### Enhancements
* action.d/cloudflare.conf - Cloudflare API v4 implementation (gh-1651) * action.d/cloudflare.conf - Cloudflare API v4 implementation (gh-1651)
* filter.d/kerio.conf - filter extended with new rules (see gh-1455) * filter.d/kerio.conf - filter extended with new rules (see gh-1455)
* filter.d/phpmyadmin-syslog.conf - new filter for phpMyAdmin using syslog for auth logging
ver. 0.9.7 (2017/05/11) - awaiting-victory ver. 0.9.7 (2017/05/11) - awaiting-victory

@ -0,0 +1,18 @@
# Fail2Ban fitler for the phpMyAdmin-syslog
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = phpMyAdmin
failregex = ^%(__prefix_line)suser denied: (?:\S+|.*?) \(mysql-denied\) from <HOST>\s*$
ignoreregex =
# Author: Pavel Mihadyuk
# Regex fixes: Serg G. Brester

@ -860,3 +860,9 @@ logpath = /var/log/slapd.log
port = smtp,ssmtp port = smtp,ssmtp
filter = domino-smtp filter = domino-smtp
logpath = /home/domino01/data/IBM_TECHNICAL_SUPPORT/console.log logpath = /home/domino01/data/IBM_TECHNICAL_SUPPORT/console.log
[phpmyadmin-syslog]
port = http,https
filter = phpmyadmin-syslog
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s

@ -0,0 +1,2 @@
# failJSON: { "time": "2004-08-22T14:50:22", "match": true , "host": "192.0.2.1" }
Aug 22 14:50:22 eurostream phpMyAdmin[16358]: user denied: root (mysql-denied) from 192.0.2.1
Loading…
Cancel
Save