正如您所注意到的,Plesk没有为fail2ban本地集成MySQL过滤器,因此我们无法为该服务创建监狱。
有一种方法可以添加它,但不那么优雅。
我可以做些什么来添加对Plesk提供的MySQL on fail2ban的支持?
- 转到"工具&设置">
- 点击IP地址禁止(Fail2Ban(
- 点击选项卡";监狱
- 点击按钮";管理过滤器">
- 点击";添加过滤器">
设置标题";mysqld-auth";这个内容:
# Fail2Ban filter for unsuccessful MySQL authentication attempts
#
#
# To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld]:
# log-error=/var/log/mysqld.log
# log-warning = 2
#
# If using mysql syslog [mysql_safe] has syslog in /etc/my.cnf
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local before = common.conf
[Definition]
_daemon = mysqld
failregex = ^%(__prefix_line)s(?:d+ |d{6} s?d{1,2}:d{2}:d{2} )?[w+] Access denied for user '[^']+'@'<HOST>' (to database '[^']*'|(using password: (YES|NO)))*s*$
ignoreregex =
# DEV Notes:
#
# Technically __prefix_line can equate to an empty string hence it can support
# syslog and non-syslog at once.
# Example:
# 130322 11:26:54 [Warning] Access denied for user 'root'@'127.0.0.1' (using password: YES)
#
# Authors: Artur Penttinen
# Yaroslav O. Halchenko
保存并返回第3点。
点击";加监狱";并用新的过滤器填写表格,在文本区域执行此操作:
iptables-multiport[name="mysqld-auth", port="http,https,3306"]
*添加您想要的所有端口
- 设置MySQL日志位置,在我的情况下为
/var/log/mysql/error.log - 确保新监狱已经启动,如果没有启动的话
下一步由您决定。。。
保存并尝试破解自己看到故障2板日志:
tail -f /var/log/fail2ban.log