github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

ENH: separate selinux and selinux-ssh

Browse Source
pull/374/head
Daniel Black 11 years ago
parent a1eaa5f755
commit 4649cf9608
4 changed files with 36 additions and 11 deletions
Show Stats Download Patch File Download Diff File

21
config/filter.d/selinux-ssh.conf
Unescape View File

@ -0,0 +1,21 @@
# Fail2Ban configuration file for SELinux ssh authentication errors
#
# Author: Daniel Black
#
#
[INCLUDES]
after = selinux.conf
[Definition]
_type = USER_(LOGIN|ERR|AUTH)
_uid = 0
_auid = \d+
_subj = (?:unconfined_u|system_u):system_r:sshd_t:s0-s0:c0\.c1023
_exe =/usr/sbin/sshd
_terminal = ssh
_msg = op=\S+ acct=(?P<_quote_acct>"?)\S+(?P=_quote_acct) exe="%(_exe)s" hostname=(\?|(\d+\.){3}\d+) addr=<HOST> terminal=%(_terminal)s res=failed

19
config/filter.d/selinux.conf
Unescape View File

@ -1,19 +1,18 @@
# Fail2Ban configuration file for generic Selinux Errors authentication errors # Fail2Ban configuration file for generic SELinux audit messages
# #
# Author: Daniel Black # Author: Daniel Black
# #
# #
[Definition] [Definition]
_type = USER_(LOGIN|ERR|AUTH) # Things you must set before including this file. See selinux-ssh as an example.
_uid = 0 # One of these must include a <HOST>.
_auid = \d+ #
_subj = (?:unconfined_u|system_u):system_r:sshd_t:s0-s0:c0\.c1023 # _type
# _uid
_exe =/usr/sbin/sshd # _auid
_terminal = ssh # _subj
# _msg
_msg = op=\S+ acct=(?P<_quote_acct>"?)\S+(?P=_quote_acct) exe="%(_exe)s" hostname=(\?|(\d+\.){3}\d+) addr=<HOST> terminal=%(_terminal)s res=failed
failregex = ^type=%(_type)s msg=audit\(:\d+\): user pid=\d+ uid=%(_uid)s auid=%(_auid)s ses=\d+ subj=%(_subj)s msg='%(_msg)s'$ failregex = ^type=%(_type)s msg=audit\(:\d+\): user pid=\d+ uid=%(_uid)s auid=%(_auid)s ses=\d+ subj=%(_subj)s msg='%(_msg)s'$

0
testcases/files/logs/selinux → testcases/files/logs/selinux-ssh
Unescape View File

5
testcases/samplestestcase.py
Unescape View File

@ -23,6 +23,7 @@ __copyright__ = "Copyright (c) 2013 Steven Hiscocks"
__license__ = "GPL" __license__ = "GPL"
import unittest, sys, os, fileinput, re, datetime, inspect import unittest, sys, os, fileinput, re, datetime, inspect
from ConfigParser import InterpolationMissingOptionError
if sys.version_info >= (2, 6): if sys.version_info >= (2, 6):
import json import json
@ -60,7 +61,11 @@ def testSampleRegexsFactory(name):
# Check filter exists # Check filter exists
filterConf = FilterReader(name, "jail", basedir=CONFIG_DIR) filterConf = FilterReader(name, "jail", basedir=CONFIG_DIR)
filterConf.read() filterConf.read()
try:
filterConf.getOptions({}) filterConf.getOptions({})
except InterpolationMissingOptionError:
# some filters like selinux aren't complete
return
for opt in filterConf.convert(): for opt in filterConf.convert():
if opt[2] == "addfailregex": if opt[2] == "addfailregex":

Write Preview
Loading…
Cancel
Save