ubuntu – Using Fail2ban to Block MySQL on Localhost


I have fail2ban working on my server and it does ban SSH but I'm having problems banning users trying to access MariaDB using MySQL. I'm also using Adminer which is the main reason why I'm trying to configure fail2ban on mysql (and fail2ban does see fail attempts using adminer). It can see MySQL connections but since this is internally using localhost, it can't ban it.

I'm looking for a way to ban users when a user fails to login mysql.

This is what my log fail2ban.log sees:

2018-06-15 06:51:09,021 fail2ban.ipdns [4520]: 
WARNING Determined IP using DNS Lookup: 
localhost = ['', '', '::1']

This is my jail.local file:

enabled  = true
port     = 3306
filter =  mysqld-auth
logpath = /var/log/mysql/mysql.log

I've tried changing usedns = warn to usedns = no and it ignored the warning. I haven't made any changes to mysql-auth in my filter.d folder.

Best Answer

I'll assume that your real problem is the following:

You have Adminer (an alternative to PHPMYadmin) running on your server and you get illegal login attempts into the web interface (and in turn, MySQL).

If this is correct, you should under no circumstance try to use Fail2Ban to ban MySQL (in your case, this would lead to no one being able to use it if you block localhost). Instead, you have to configure Fail2Ban to block access to the web interface (e.g. port 80/443) if there are too many illegal login attempts into Adminer.

  • Configure Adminer to log illegal attempts
  • Configure Fail2Ban to scan these logs and block access to the bad clients
Related Topic