2013-10-30 09:05:49 +00:00
|
|
|
# Fail2Ban configuration file for generic SELinux audit messages
|
|
|
|
#
|
|
|
|
# This file is not intended to be used directly, and should be included into a
|
|
|
|
# filter file which would define following variables. See selinux-ssh.conf as
|
|
|
|
# and example.
|
|
|
|
#
|
|
|
|
# _type
|
|
|
|
# _uid
|
|
|
|
# _auid
|
|
|
|
# _subj
|
|
|
|
# _msg
|
|
|
|
#
|
|
|
|
# Also one of these variables must include <HOST>.
|
2013-10-30 13:02:59 +00:00
|
|
|
|
2013-10-30 09:05:49 +00:00
|
|
|
[Definition]
|
|
|
|
|
|
|
|
failregex = ^type=%(_type)s msg=audit\(:\d+\): (user )?pid=\d+ uid=%(_uid)s auid=%(_auid)s ses=\d+ subj=%(_subj)s msg='%(_msg)s'$
|
|
|
|
|
|
|
|
ignoreregex =
|
2013-10-30 13:02:59 +00:00
|
|
|
|
|
|
|
# Author: Daniel Black
|