Friend, Good Morning! Thanks for answering! I tested his regular expression and it didn't work, unfortunately.
The output of my command was like this: [root@www ~]# fail2ban-regex tst /etc/fail2ban/filter.d/phpmyadmin.conf Running tests ============= Use failregex filter file : phpmyadmin, basedir: /etc/fail2ban Use single line : tst Results ======= Failregex: 0 total Ignoreregex: 0 total Date template hits: Lines: 1 lines, 0 ignored, 0 matched, 1 missed [processed in 0.05 sec] |- Missed line(s): | tst `- Is there anything else I can do to resolve this issue? I am grateful! Atenciosamente, Henrique Fagundes Analista de Suporte Linux [email protected] Skype: magnata-br-rj Linux User: 475399 https://www.aprendendolinux.com https://www.facebook.com/AprendendoLinux https://youtube.com/AprendendoLinux https://twitter.com/AprendendoLinux https://t.me/AprendendoLinux https://t.me/GrupoAprendendoLinux ______________________________________________________________________ Participe do Grupo Aprendendo Linux https://listas.aprendendolinux.com/listinfo/aprendendolinux Ou envie um e-mail para: [email protected] ---- Ativado Sáb, 15 fev 2020 05:24:41 -0300 Dudi Goldenberg <[email protected]> escreveu ---- > HI, > > I pasted the wrong line.... sorry. > > This works: > > failregex = user denied: .+ from <HOST>\s*$ > > =========== > > root@mail:~# fail2ban-regex tst /etc/fail2ban/filter.d/test.conf > > Running tests > ============= > > Use failregex file : /etc/fail2ban/filter.d/webmin-auth.conf > Use log file : tst > > > Results > ======= > > Failregex: 1 total > |- #) [# of hits] regular expression > | 4) [1] user denied: .+ from <HOST>\s*$ > `- > > Ignoreregex: 0 total > > Date template hits: > |- [# of hits] date format > | [1] MONTH Day Hour:Minute:Second > `- > > Lines: 1 lines, 0 ignored, 1 matched, 0 missed > > Regards, > > Dudi > > > -----Original Message----- > From: Henrique Fagundes [mailto:[email protected]] > Sent: Saturday, February 15, 2020 3:34 > To: fail2ban-users <[email protected]> > Subject: [Fail2ban-users] Help with Fail2Ban on PhpMyAdmin > > Dear Colleagues, > > I begin by apologizing for any communication error, as I am Brazilian and I > still try to adapt with the English language. > > I'm having a hard time getting Fail2Ban to work on phpmyadmin. > > I'm using CentOS 8.1.1911 and fail2ban 0.10.5-2. > My PhpMyAdmin is version 4.9.0.1. > > I noticed that PhpMyAdmin logs login failures in the “/var/log/ secure” file. > > And he has an output like this: > > Feb 14 21:40:37 www phpMyAdmin[3982]: user denied: root (mysql-denied) from > 177.122.254.10 Feb 14 21:42:07 www phpMyAdmin[3978]: user denied: root > (mysql-denied) from 177.122.254.10 Feb 14 21:42:09 www phpMyAdmin[3982]: > user denied: root (mysql-denied) from 177.122.254.10 Feb 14 21:48:06 www > phpMyAdmin[3981]: user denied: root (mysql-denied) from 177.122.254.10 > > So, I configured my “/etc/fail2ban/jail.conf” like this: > > [phpmyadmin] > enabled = true > port = http,https > filter = phpmyadmin > action = iptables-multiport[name=phpmyadmin, port="http,https", > protocol=tcp] sendmail-whois[name=PHPMYADMIN, [email protected]] > logpath = /var/log/secure maxretry = 3 > > And the filter configuration file (/etc/fail2ban/filter.d/phpmyadmin.conf), > the expressions are like this: > > [Definition] > denied = mysql-denied|allow-denied|root-denied|empty-denied > failregex = ^<HOST> -.*(?:%(denied)s)$ > ignoreregex = > > I believe I am not able to correctly form the expression, as Fail2Ban is not > blocking at all. > > Could someone help me in this matter? > > I'll be very grateful. > > > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
