December 20, 2018

Fail2ban Microsoft SQL Server configuration

I looked up on the internet and couldn’t find a guide for configuring fail2ban on linux for Microsoft SQL Server.

After installing fail2ban, you have to edit /etc/fail2ban/jail.conf and add mssqld daemon.

[mssqld]
enabled = true
logpath = /var/opt/mssql/log/errorlog
maxfailures = 3
findtime = 600
bantime = 1800
filter = mssqld-auth
port = 1433
action = iptables-allports
backend=polling #!important

Backend option is for determining log files last changed attribute. Default pyinotify works on sshd but couldn’t work with SQL Server error log.

And create /etc/fail2ban/filter.d/mssqld-auth.conf file.

# Fail2Ban filter for unsuccesfull MSSQL authentication attempts

[INCLUDES]
before = common.conf

[Definition]
_daemon = mssqld
failregex = Login failed for user .* \[CLIENT: <HOST>\]
ignoreregex =

And don’t forget to restart your fail2ban service.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.