/etc/fail2ban/filter.d/mysqld-auth.conf我使用fail2ban 服务的默认过滤器文件。但文件中有一些错误/var/log/fail2ban.log:
Found a match for '150815 10:42:54 [Warning] Access denied for user
'root'@'124.248.35.228' (using password: NO)' but no valid date/time found
for '150815 10:42:54 [Warning] Access denied for user 'root'@'124.248.35.228'
(using password: NO)'. Please contact the author in order to get support
for this format
作为过滤器文件中fail2ban中mysql的默认正则表达式,似乎没问题:
failregex = ^%(__prefix_line)s(\d{6} \s?\d{1,2}:\d{2}:\d{2} )?\[Warning\] Access denied for user '\w+'@'<HOST>' (to database '[^']*'|\(using password: (YES|NO)\))*\s*$
我需要提一下,我是/etc/mysql/my.cnf这样配置 mysql 的:
log-error = /var/log/mysql/mysql.err
log-warning = 2
failed2ban 中 mysql 的正确正则表达式是什么?