mirror of https://github.com/fail2ban/fail2ban
Merge pull request #3 from grooverdan/selinux_ssh_filter
ENH: separate selinux and selinux-sshpull/374/head
Daniel Black
11 years ago
commit
d9e7bc67cd
@ -0,0 +1,21 @@
|
||||
# Fail2Ban configuration file for SELinux ssh authentication errors
|
||||
#
|
||||
# Author: Daniel Black
|
||||
#
|
||||
#
|
||||
[INCLUDES]
|
||||
|
||||
after = selinux.conf
|
||||
|
||||
[Definition]
|
||||
|
||||
_type = USER_(LOGIN|ERR|AUTH)
|
||||
_uid = 0
|
||||
_auid = \d+
|
||||
_subj = (?:unconfined_u|system_u):system_r:sshd_t:s0-s0:c0\.c1023
|
||||
|
||||
_exe =/usr/sbin/sshd
|
||||
_terminal = ssh
|
||||
|
||||
_msg = op=\S+ acct=(?P<_quote_acct>"?)\S+(?P=_quote_acct) exe="%(_exe)s" hostname=(\?|(\d+\.){3}\d+) addr=<HOST> terminal=%(_terminal)s res=failed
|
||||
|
||||
@ -1,19 +1,18 @@
|
||||
# Fail2Ban configuration file for generic Selinux Errors authentication errors
|
||||
# Fail2Ban configuration file for generic SELinux audit messages
|
||||
#
|
||||
# Author: Daniel Black
|
||||
#
|
||||
#
|
||||
[Definition]
|
||||
|
||||
_type = USER_(LOGIN|ERR|AUTH)
|
||||
_uid = 0
|
||||
_auid = \d+
|
||||
_subj = (?:unconfined_u|system_u):system_r:sshd_t:s0-s0:c0\.c1023
|
||||
|
||||
_exe =/usr/sbin/sshd
|
||||
_terminal = ssh
|
||||
|
||||
_msg = op=\S+ acct=(?P<_quote_acct>"?)\S+(?P=_quote_acct) exe="%(_exe)s" hostname=(\?|(\d+\.){3}\d+) addr=<HOST> terminal=%(_terminal)s res=failed
|
||||
# Things you must set before including this file. See selinux-ssh as an example.
|
||||
# One of these must include a <HOST>.
|
||||
#
|
||||
# _type
|
||||
# _uid
|
||||
# _auid
|
||||
# _subj
|
||||
# _msg
|
||||
|
||||
failregex = ^type=%(_type)s msg=audit\(:\d+\): user pid=\d+ uid=%(_uid)s auid=%(_auid)s ses=\d+ subj=%(_subj)s msg='%(_msg)s'$
|
||||
|
||||
|
||||
Loading…
Reference in new issue