-1

如您所见,Plesk 没有为 fail2ban 原生集成 MySQL 过滤器,因此我们无法为该服务创建监狱。

有一种方法可以添加它,但不是那么优雅。

如何在 Plesk 提供的 fail2ban 上添加对 MySQL 的支持?

4

1 回答 1

0
  1. 转到“工具和设置”
  2. 单击 IP 地址禁止 (Fail2Ban)
  3. 点击标签“监狱”
  4. 点击“管理过滤器”按钮
  5. 点击“添加过滤器”

设置标题“mysqld-auth”和这个内容:

# Fail2Ban filter for unsuccessful MySQL authentication attempts
#
#
# To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld]:
# log-error=/var/log/mysqld.log
# log-warning = 2
#
# If using mysql syslog [mysql_safe] has syslog in /etc/my.cnf

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local before = common.conf

[Definition]

_daemon = mysqld

failregex = ^%(__prefix_line)s(?:\d+ |\d{6} \s?\d{1,2}:\d{2}:\d{2} )?\[\w+\] Access denied for user '[^']+'@'<HOST>' (to database '[^']*'|\(using password: (YES|NO)\))*\s*$

ignoreregex =

# DEV Notes:
#
# Technically __prefix_line can equate to an empty string hence it can support
# syslog and non-syslog at once.
# Example:
# 130322 11:26:54 [Warning] Access denied for user 'root'@'127.0.0.1' (using password: YES)
#
# Authors: Artur Penttinen
#          Yaroslav O. Halchenko
  1. 保存并返回第 3 点。

  2. 单击“添加监狱”并使用新过滤器完成表单,并在 textarea 上执行此操作:

    iptables-multiport[name="mysqld-auth", port="http,https,3306"]

*添加所有你想要的端口...

  1. 在我的情况下,设置您的 MySQL 日志位置/var/log/mysql/error.log
  2. 确保新监狱已激活,如果不激活它。

接下来的步骤取决于您...

保存并尝试破解自己查看 fail2ban 日志:

tail -f /var/log/fail2ban.log
于 2021-11-05T23:58:25.613 回答