Install fail2ban
- Prevent hacker brute-force into server by public IP and public port
- Run these command to install fail2ban
sudo apt install fail2ban
sudo systemctl enable fail2ban --now
sudo systemctl status fail2ban
sudo fail2ban-client status
sudo fail2ban-client status sshd
sudo fail2ban-client status mysqld-auth
Expose database logs from container to host machine disk
- check existing logs in Docker container
docker logs some-mariadb-container-name
- map custom cnf folder to MariaDB/Mysql Docker volume according to https://hub.docker.com/_/mariadb
- see a complete list of available mariadb config.cnf options, just run
docker run -it --rm mariadb:latest --verbose --help
- add this line to your docker-compose.yml or portainer
volumes: - /home/ubuntu/mariadb/cnf-folder:/etc/mysql/conf.d
[mariadb]
log-basename=master1
log-warning=2
expire-logs-days=30
- log will wirte to disk at
/home/ubuntu/mariadb-mysqldata/master1.err
sudo vi /home/ubuntu/mariadb-mysqldata/master1.err
check running logs
- restart mariadb container
Add mariadb or mysql to fail2ban jail
sudo vi /etc/fail2ban/jail.local
[mysqld-auth]
enabled = true
port = 58968
filter = mysqld-auth
logpath = /home/ubuntu/mariadb-mysqldata/master1.err
findtime = 3600
maxretry = 2
bantime = 86400
- restart service
sudo systemctl restart fail2ban.service
- sudo fail2ban-client status
- sudo fail2ban-client status mysqld-auth
Like this:
Like Loading...
Related