Ich habe es zuerst via backend = systemd im jail versucht, nach Fail Tests sind die Fehl Logins im journal zwar vorhanden, aber F2B reagiert nicht darauf ...
Weil dies keinen Erfolg gebracht hat habe ich dann mysql auf file logging umgestellt und entsprechend das Jail auf Logfile gesetzt (backend = auto, mysql & fail2ban neu gestartet) .
Die Fail logs landen auch alle brav im error.log wie voher auch im journal
Code: Select all
# tail -n 100 /var/log/mysql/error.log
2023-10-17 18:01:31 59 [Warning] Access denied for user 'Gtabb74_SaXc'@'other.host.tld' (using password: YES)
2023-10-17 18:01:34 60 [Warning] Access denied for user 'Gtabb74_SaXc'@'other.host.tld' (using password: YES)
2023-10-17 18:08:10 83 [Warning] Access denied for user 'Gtabb74_SaXc'@'other.host.tld' (using password: YES)
2023-10-17 18:10:09 92 [Warning] Access denied for user 'Gtabb74_SaXc'@'other.host.tld' (using password: YES)
Code: Select all
# tail -n 100 /var/log/fail2ban.log
2023-10-17 18:07:47,647 fail2ban.filtersystemd [65173]: INFO [sshd] Jail is in operation now (process new journal entries)
2023-10-17 18:07:47,649 fail2ban.filtersystemd [65173]: INFO [postfix-rbl] Jail is in operation now (process new journal entries)
2023-10-17 18:07:47,653 fail2ban.jail [65173]: INFO Jail 'postfix-rbl' started
2023-10-17 18:07:47,654 fail2ban.jail [65173]: INFO Jail 'mysqld-auth' started
2023-10-17 18:07:47,655 fail2ban.jail [65173]: INFO Jail 'postfix-pregreet' started
2023-10-17 18:07:47,656 fail2ban.filtersystemd [65173]: INFO [keyhelp-postfix] Jail is in operation now (process new journal entries)
2023-10-17 18:07:47,656 fail2ban.jail [65173]: INFO Jail 'keyhelp-postfix' started
2023-10-17 18:07:47,657 fail2ban.filtersystemd [65173]: INFO [postfix-pregreet] Jail is in operation now (process new journal entries)
2023-10-17 18:07:47,657 fail2ban.jail [65173]: INFO Jail 'keyhelp-dovecot' started
2023-10-17 18:07:47,659 fail2ban.filtersystemd [65173]: INFO [keyhelp-dovecot] Jail is in operation now (process new journal entries)
2023-10-17 18:07:47,659 fail2ban.jail [65173]: INFO Jail 'keyhelp-proftpd' started
2023-10-17 18:07:47,660 fail2ban.filtersystemd [65173]: INFO [keyhelp-proftpd] Jail is in operation now (process new journal entries)
2023-10-17 18:07:47,661 fail2ban.jail [65173]: INFO Jail 'keyhelp-phpmyadmin' started
2023-10-17 18:07:47,662 fail2ban.jail [65173]: INFO Jail 'keyhelp-roundcube' started
2023-10-17 18:07:47,662 fail2ban.filtersystemd [65173]: INFO [keyhelp-phpmyadmin] Jail is in operation now (process new journal entries)
2023-10-17 18:07:47,663 fail2ban.filtersystemd [65173]: INFO [keyhelp-roundcube] Jail is in operation now (process new journal entries)
2023-10-17 18:07:47,850 fail2ban.actions [65173]: NOTICE [postfix-rbl] Restore Ban 147.78.103.27
2023-10-17 18:10:37,629 fail2ban.filter [65173]: INFO [keyhelp-proftpd] Found 152.32.245.44 - 2023-10-17 18:10:37
2023-10-17 18:20:03,880 fail2ban.filter [65173]: INFO [postfix-pregreet] Found 152.32.133.128 - 2023-10-17 18:20:03
2023-10-17 18:20:03,910 fail2ban.actions [65173]: NOTICE [postfix-pregreet] Ban 152.32.133.128