I looked up on the internet and couldn’t find a guide for configuring fail2ban on linux for Microsoft SQL Server.
After installing fail2ban, you have to edit /etc/fail2ban/jail.conf and add mssqld daemon.
[mssqld] enabled = true logpath = /var/opt/mssql/log/errorlog maxfailures = 3 findtime = 600 bantime = 1800 filter = mssqld-auth port = 1433 action = iptables-allports backend=polling #!important
Backend option is for determining log files last changed attribute. Default pyinotify works on sshd but couldn’t work with SQL Server error log.
And create /etc/fail2ban/filter.d/mssqld-auth.conf file.
# Fail2Ban filter for unsuccesfull MSSQL authentication attempts [INCLUDES] before = common.conf [Definition] _daemon = mssqld failregex = Login failed for user .* \[CLIENT: <HOST>\] ignoreregex =
And don’t forget to restart your fail2ban service.