mirror of https://github.com/fail2ban/fail2ban
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 lines
1.2 KiB
38 lines
1.2 KiB
# Fail2Ban configuration file for unsuccesfull MySQL authentication attempts
|
|
#
|
|
# Authors: Artur Penttinen
|
|
# Yaroslav O. Halchenko
|
|
#
|
|
# To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld]:
|
|
# log-error=/var/log/mysqld.log
|
|
# log-warning = 2
|
|
#
|
|
# If using mysql syslog [mysql_safe] has syslog in /etc/my.cnf
|
|
|
|
[INCLUDES]
|
|
|
|
# Read common prefixes. If any customizations available -- read them from
|
|
# common.local
|
|
before = common.conf
|
|
|
|
|
|
[Definition]
|
|
|
|
_daemon = mysqld
|
|
|
|
# Option: failregex
|
|
# Notes.: regex to match the password failures messages in the logfile. The
|
|
# host must be matched by a group named "host". The tag "<HOST>" can
|
|
# be used for standard IP/hostname matching and is only an alias for
|
|
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
|
# Values: TEXT
|
|
# 130322 11:26:54 [Warning] Access denied for user 'root'@'127.0.0.1' (using password: YES)
|
|
#
|
|
failregex = ^%(__prefix_line)s(\d{6} \s?\d{1,2}:\d{2}:\d{2} )?\[Warning\] Access denied for user '\w+'@'<HOST>' (to database '[^']*'|\(using password: (YES|NO)\))*\s*$
|
|
|
|
# Option: ignoreregex
|
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
|
# Values: TEXT
|
|
#
|
|
ignoreregex =
|