Policies are patterns definitions facilitating proactive session monitoring. In case a defined pattern is detected, Fudo PAM can automatically pause or terminate given connection, block the user and send notification to Fudo PAM administrator.

Defining patterns


Fudo PAM supports POSIX extended regular expression.

  1. Select Management > Policies.
  2. Select Regular expressions tab.
  3. Click Add regular expression.
  1. Enter pattern name.
  2. Define the pattern itself.


  • Patterns can be defined as regular expressions.
  • Fudo PAM does not recognize expressions which use backslash character, e.g. \d, \D, \w, \W.
  1. Repeat steps 3-5 to define additional patterns.
  2. Click Save.


Regular expressions examples

Command rm


Command rm -rf (also -fr; -Rf; -fR)


Command rm file

(^|[^a-zA-Z])rm[[:space:]]+([^[:space:]]+[[:space:]]*)?/full/path/to/a/file([[:space:]]|\;|$) (^|[^a-zA-Z])rm[[:space:]]+.*justafilename

Defining policies

  1. Select Management > Policies.
  1. Click Add policy.
  1. Enter policy name.
  2. Select actions.
  • - send email notification to system administrator.
  • - pause connection.
  • - terminate connection.
  • - block user.


  • Sending email notifications requires configuring and enabling notification service as well as Session policy match notification enabled in safe configuration.
  • Note that blocking the user automatically terminates the connection.
  1. Select monitored patterns.
  2. Select policy severity.


Severity parameter value is included in the email notification message.

  1. Select the Match input only option to process input stream only.


In RDP, VNC and MySQL protocols only input data is processed.

  1. Click Save.


After defining a policy, you can assign it to a safe that is used to establish connections to servers.


Deleting patterns

  1. Select Management > Policies.
  2. Select the Regular expressions tab.
  3. Find desired pattern definition and select the Delete option.
  4. Click Save.

Deleting policies

To delete policy definition, proceed as follows.

  1. Select Management > Policies.
  1. Find desired policy definition and select corresponding Delete option.
  2. Click Save.

Related topics: