# Fail2Ban configuration file for generic SELinux audit messages # # This file is not intended to be used directly, and should be included into a # filter file which would define following variables. See selinux-ssh.conf as # and example. # # _type # _uid # _auid # _subj # _msg # # Also one of these variables must include . [Definition] failregex = ^type=%(_type)s msg=audit\(:\d+\): (user )?pid=\d+ uid=%(_uid)s auid=%(_auid)s ses=\d+ subj=%(_subj)s msg='%(_msg)s'(?:\x1D|$) ignoreregex = datepattern = EPOCH # Author: Daniel Black