Added support for MySQL logfiles

fail2ban · Mar 24, 2013 · 29d0df58be4eba2cf7e241eb57a4d311dcff682a · 29d0df5
1 parent 1330c7d
commit 29d0df58be4eba2cf7e241eb57a4d311dcff682a
Unified Split

Showing with 51 additions and 0 deletions.

+32 −0 config/filter.d/mysqld.conf

+13 −0 config/jail.conf

+6 −0 server/datedetector.py
diff --git a/config/filter.d/mysqld.conf b/config/filter.d/mysqld.conf
@@ -0,0 +1,32 @@
+# Fail2Ban configuration file
+#
+# Author: Artur Penttinen
+#
+# $Revision$
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
+[Definition]
+
+#_daemon = mysqld
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+# 130322 11:26:54 [Warning] Access denied for user 'root'@'127.0.0.1' (using password: YES)
+failregex = Access denied for user '\w+'@'<HOST>'
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 
diff --git a/config/jail.conf b/config/jail.conf
@@ -331,6 +331,19 @@ action   = iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
 logpath  = /var/log/asterisk/messages
 maxretry = 10
 
+# For log wrong MySQL access add to /etc/my.cnf:
+# log-error=/var/log/mysqld.log
+# log-warning = 2
+[mysqld-iptables]
+
+enabled  = false
+filter   = mysqld
+action   = iptables[name=mysql, port=3306, protocol=tcp]
+           sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
+logpath  = /var/log/mysqld.log
+maxretry = 5
+
+
 # Jail for more extended banning of persistent abusers
 # !!! WARNING !!!
 #   Make sure that your loglevel specified in fail2ban.conf/.local

diff --git a/server/datedetector.py b/server/datedetector.py
@@ -155,6 +155,12 @@ def addDefaultTemplate(self):
 			template.setRegex("^<\d{2}/\d{2}/\d{2}@\d{2}:\d{2}:\d{2}>")
 			template.setPattern("<%m/%d/%y@%H:%M:%S>")
 			self._appendTemplate(template)
+			# MySQL: 130322 11:46:11
+			template = DateStrptime()
+			template.setName("MonthDayYear Hour:Minute:Second")
+			template.setRegex("^\d{2}\d{2}\d{2} +\d{1,2}:\d{2}:\d{2}")
+			template.setPattern("%y%m%d %H:%M:%S")
+			self._appendTemplate(template)
 		finally:
 			self.__lock.release()