Connect with us

Business

How to Protect MySQL With Fail2Ban

Securing your MySQL server is crucial. Attackers often try brute force tactics to guess passwords and gain access. The good news? You can fight back using Fail2Ban! It’s an easy and effective way to block unwanted login attempts automatically.

What is Fail2Ban?

Fail2Ban is a security tool that watches log files for suspicious activity. If it detects repeated failed login attempts, it blocks the offender’s IP address for a set period.

This is perfect for protecting MySQL from brute-force attacks!

How to Install Fail2Ban

If you haven’t installed it yet, do so with this command:

sudo apt install fail2ban

For CentOS or RHEL, use:

sudo yum install fail2ban

Once installed, we just need to configure it for MySQL.

Setting Up Fail2Ban for MySQL

Fail2Ban needs rules to know when to block an IP. These rules are called jail configurations. Let’s create one for MySQL.

First, navigate to Fail2Ban’s config folder:

cd /etc/fail2ban

Now, copy the default jail file as a template:

sudo cp jail.conf jail.local

Edit the new file:

sudo nano jail.local

Find the [mysqld-auth] section (or add it if missing) and modify it like this:

[mysqld-auth]
enabled  = true
filter   = mysqld-auth
action   = iptables-multiport[name=mysql, port="3306", protocol=tcp]
logpath  = /var/log/mysql/error.log
maxretry = 5
bantime  = 1800

What do these settings mean?

  • enabled = true → Activates the rule.
  • filter = mysqld-auth → Uses a filter for MySQL authentication logs.
  • action → Blocks connections to port 3306 (MySQL default).
  • logpath → Points to the MySQL error log.
  • maxretry = 5 → Blocks IPs after 5 failed attempts.
  • bantime = 1800 → Blocks them for 30 minutes.

Save and close the file (CTRL+X, then Y, then Enter).

Creating the Filter for MySQL

Fail2Ban uses a filter to detect failed logins. Let’s create it:

sudo nano /etc/fail2ban/filter.d/mysqld-auth.conf

Add this content:

[Definition]
failregex = Access denied for user .* from '()'
ignoreregex =

This tells Fail2Ban to block IPs that cause “Access denied” errors.

Save and close the file.

Restart Fail2Ban

Apply the changes by restarting Fail2Ban:

sudo systemctl restart fail2ban

Testing Your Setup

Now, let’s check if it works!

Use this command to see active jails:

sudo fail2ban-client status

You should see mysqld-auth listed. To check banned IPs:

sudo fail2ban-client status mysqld-auth

Test blocking by entering MySQL with wrong credentials multiple times:

mysql -u fakeuser -p

After a few tries, you should be locked out.

Unbanning an IP

If you accidentally ban yourself, unblock your IP like this:

sudo fail2ban-client set mysqld-auth unbanip YOUR-IP

Replace YOUR-IP with your actual IP address.

Tuning Fail2Ban for Better Protection

Want better security? Try these tips:

  • Increase ban time to make attacks harder.
  • Lower maxretry to allow fewer failed attempts.
  • Use email alerts by adding an action = sendmail line in jail.local.

Conclusion

Fail2Ban is a simple yet powerful tool to protect MySQL from brute-force attacks. With just a few steps, you can block attackers automatically and keep your database safe.

Set it up today and sleep better knowing your MySQL server is secure!

Related Topics:
Exit mobile version