Added support for MySQL logfiles

config/filter.d/mysqld.conf

@@ -0,0 +1,32 @@
# Fail2Ban configuration file
#
# Author: Artur Penttinen
#
# $Revision$
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf


[Definition]

#_daemon = mysqld

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
# 130322 11:26:54 [Warning] Access denied for user 'root'@'127.0.0.1' (using password: YES)
failregex = Access denied for user '\w+'@'<HOST>'

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex = 

config/jail.conf

@@ -331,6 +331,19 @@ action   = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
logpath  = /var/log/asterisk/messages
maxretry = 10

# For log wrong MySQL access add to /etc/my.cnf:
# log-error=/var/log/mysqld.log
# log-warning = 2
[mysqld-iptables]

enabled  = false
filter   = mysqld
action   = iptables[name=mysql, port=3306, protocol=tcp]
           sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
logpath  = /var/log/mysqld.log
maxretry = 5


# Jail for more extended banning of persistent abusers
# !!! WARNING !!!
#   Make sure that your loglevel specified in fail2ban.conf/.local

server/datedetector.py

@@ -155,6 +155,12 @@ def addDefaultTemplate(self):
			template.setRegex("^<\d{2}/\d{2}/\d{2}@\d{2}:\d{2}:\d{2}>")
			template.setPattern("<%m/%d/%y@%H:%M:%S>")
			self._appendTemplate(template)
			# MySQL: 130322 11:46:11
			template = DateStrptime()
			template.setName("MonthDayYear Hour:Minute:Second")
			template.setRegex("^\d{2}\d{2}\d{2} +\d{1,2}:\d{2}:\d{2}")
			template.setPattern("%y%m%d %H:%M:%S")
			self._appendTemplate(template)
		finally:
			self.__lock.release()