Fail2Ban
Documentation
PhpMyAdmin
Ajout d’un filtre pour PhpMyAdmin
1) modifier le fichier /etc/fail2ban/jail.local en ajoutant
[phpmyadmin] enabled = true port = http,https filter = phpmyadmin # action = sendmail-whois[name=HTTP] logpath = /var/log/phpmyadmin_auth.log maxretry = 4
2) Ajouter le fichier /var/log/phpmyadmin_auth.log
touch /var/log/phpmyadmin_auth.log chmod 600 /var/log/phpmyadmin_auth.log
3) Créer le fichier /etc/fail2ban/filter.d/phpmyadmin.conf
nano /etc/fail2ban/filter.d/phpmyadmin.conf
Ajouter
# phpmyadmin configuration file
#
# Author: Michael Robinson
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P\S+)
# Values: TEXT
#
# Count all bans in the logfile
failregex = phpMyadmin login failed with username: .*; ip: ;
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
# Ignore our own bans, to keep our counts exact.
# In your config, name your jail 'fail2ban', or change this line!
ignoreregex =
Mettre les bonnes permissions si ce n’est pas le cas
chmod 644 /etc/fail2ban/filter.d/phpmyadmin.conf
4) Relancer fail2ban
/etc/init.d/fail2ban restart