You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fail2Ban version (including any possible distribution suffixes):
0.9.7-1
OS, including release name/version:
Centos 7
Fail2Ban installed via OS/distribution mechanisms
yum
You have not applied any additional foreign patches to the codebase
I have not.
Some customizations were done to the configuration (provide details below is so)
Yes, banaction was changed to "route".
The issue: mysqld-auth conf regex is not compatible with the mysqld 8.0.13 error log
The log output has two additional words in brackets after "[Note]", for instance on the system I am using it is, "[MY-010926] [Server]".
Steps to reproduce
Enable the mysqld-auth filter
Enable appropriate logging level in MySQL 8.0.13
(use "log-error-verbosity = 3" not "log_warnings = 2" in my.conf, [mysqld] section)
Emulate failed logins to MySQL
Expected behavior
Fail2Ban should ban the IP.
Observed behavior
Log entry is made but there isn't any expected behavior from fail2ban.
Any customizations done to /etc/fail2ban/ configuration
2019-01-03 08:28:37,593 fail2ban.server [2033]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.7
2019-01-03 08:28:37,594 fail2ban.database [2033]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2019-01-03 08:28:37,628 fail2ban.jail [2033]: INFO Initiated 'systemd' backend
2019-01-03 08:28:37,629 fail2ban.filter [2033]: INFO Set maxRetry = 5
2019-01-03 08:28:37,630 fail2ban.filter [2033]: INFO Set jail log file encoding to UTF-8
2019-01-03 08:28:37,630 fail2ban.actions [2033]: INFO Set banTime = 3600
2019-01-03 08:28:37,631 fail2ban.filter [2033]: INFO Set findtime = 600
2019-01-03 08:28:37,631 fail2ban.filter [2033]: INFO Set maxlines = 10
2019-01-03 08:28:37,699 fail2ban.jail [2033]: INFO Creating new jail 'mysqld-auth'
2019-01-03 08:28:37,722 fail2ban.jail [2033]: INFO Jail 'mysqld-auth' uses pyinotify {}
2019-01-03 08:28:37,728 fail2ban.jail [2033]: INFO Initiated 'pyinotify' backend
2019-01-03 08:28:37,730 fail2ban.filter [2033]: INFO Added logfile = /var/log/mysqld.log
2019-01-03 08:28:37,732 fail2ban.filter [2033]: INFO Set maxRetry = 5
2019-01-03 08:28:37,733 fail2ban.filter [2033]: INFO Set jail log file encoding to UTF-8
2019-01-03 08:28:37,733 fail2ban.actions [2033]: INFO Set banTime = 3600
2019-01-03 08:28:37,733 fail2ban.filter [2033]: INFO Set findtime = 600
2019-01-03 08:28:37,749 fail2ban.jail [2033]: INFO Jail 'mysqld-auth' started
Relevant lines from monitored log files in question:
sh-4.2# tail -f /var/log/mysqld.log
2019-01-03T08:50:04.634875Z 113 [Note] [MY-010926] [Server] Access denied for user 'root'@'c-76-121-8-146.hsd1.wa.comcast.net' (using password: NO)
2019-01-03T08:50:23.850165Z 114 [Note] [MY-010926] [Server] Access denied for user 'root'@'c-76-121-8-146.hsd1.wa.comcast.net' (using password: YES)
2019-01-03T08:50:28.300619Z 115 [Note] [MY-010926] [Server] Access denied for user 'root'@'c-76-121-8-146.hsd1.wa.comcast.net' (using password: NO)
2019-01-03T08:50:29.936365Z 116 [Note] [MY-010926] [Server] Access denied for user 'root'@'c-76-121-8-146.hsd1.wa.comcast.net' (using password: YES)
2019-01-03T08:50:32.921245Z 117 [Note] [MY-010926] [Server] Access denied for user 'root'@'c-76-121-8-146.hsd1.wa.comcast.net' (using password: NO)
2019-01-03T08:50:35.639557Z 118 [Note] [MY-010926] [Server] Access denied for user 'root'@'c-76-121-8-146.hsd1.wa.comcast.net' (using password: YES)
The text was updated successfully, but these errors were encountered:
Environment:
0.9.7-1
Centos 7
yum
I have not.
Yes, banaction was changed to "route".
The issue: mysqld-auth conf regex is not compatible with the mysqld 8.0.13 error log
The log output has two additional words in brackets after "[Note]", for instance on the system I am using it is, "[MY-010926] [Server]".
Steps to reproduce
Enable the mysqld-auth filter
Enable appropriate logging level in MySQL 8.0.13
(use "log-error-verbosity = 3" not "log_warnings = 2" in my.conf, [mysqld] section)
Emulate failed logins to MySQL
Expected behavior
Fail2Ban should ban the IP.
Observed behavior
Log entry is made but there isn't any expected behavior from fail2ban.
Any customizations done to /etc/fail2ban/ configuration
banaction = route
Configuration, dump and another helpful excerpts
Relevant parts of /var/log/fail2ban.log file:
Relevant lines from monitored log files in question:
The text was updated successfully, but these errors were encountered: