amend to #3405, eliminate catch-all

author: Sergey G. Brester <serg.brester@sebres.de> 2022-11-15 14:29:59 +0100
committer: GitHub <noreply@github.com> 2022-11-15 14:29:59 +0100
commit: ae5fe2e0032b8055a6a3c707f4cabfdd283f4245 (patch)
tree: e9f53a61dfe63172264fd1f579ca73be4479f683
parent: 36af3f2502cf0608fd569bb82cf24aa30324a6ec (diff)
download: fail2ban-ae5fe2e0032b8055a6a3c707f4cabfdd283f4245.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/config/filter.d/selinux-ssh.conf b/config/filter.d/selinux-ssh.conf
index e5793c0a..0e38eb11 100644
--- a/config/filter.d/selinux-ssh.conf
+++ b/config/filter.d/selinux-ssh.conf
@@ -15,7 +15,7 @@ _subj = (?:unconfined_u|system_u):system_r:sshd_t:s0-s0:c0\.c1023
 _exe  =/usr/sbin/sshd
 _terminal = ssh
 
-_anygrp = (?!acct=|exe=|addr=|terminal=|res=)\w+=(?:".*"|\S*)
+_anygrp = (?!acct=|exe=|addr=|terminal=|res=)\w+=(?:"[^"]+"|\S*)
 
 _msg = (?:%(_anygrp)s )*acct=(?:"<F-USER>[^"]+</F-USER>"|<F-ALT_USER>\S+</F-ALT_USER>) exe="%(_exe)s" (?:%(_anygrp)s )*addr=<ADDR> terminal=%(_terminal)s res=failed
author	Sergey G. Brester <serg.brester@sebres.de>	2022-11-15 14:29:59 +0100
committer	GitHub <noreply@github.com>	2022-11-15 14:29:59 +0100
commit	ae5fe2e0032b8055a6a3c707f4cabfdd283f4245 (patch)
tree	e9f53a61dfe63172264fd1f579ca73be4479f683
parent	36af3f2502cf0608fd569bb82cf24aa30324a6ec (diff)
download	fail2ban-ae5fe2e0032b8055a6a3c707f4cabfdd283f4245.tar.gz