fail2ban/config/filter.d/selinux-common.conf

24 lines
549 B
Plaintext

# Fail2Ban configuration file for generic SELinux audit messages
#
# This file is not intended to be used directly, and should be included into a
# filter file which would define following variables. See selinux-ssh.conf as
# and example.
#
# _type
# _uid
# _auid
# _subj
# _msg
#
# Also one of these variables must include <HOST>.
[Definition]
failregex = ^type=%(_type)s msg=audit\(:\d+\): (?:user )?pid=\d+ uid=%(_uid)s auid=%(_auid)s ses=\d+ subj=%(_subj)s msg='%(_msg)s'(?:\x1D|$)
ignoreregex =
datepattern = EPOCH
# Author: Daniel Black