Regular expression-based policy

Note

Fudo Enterprise supports POSIX extended regular expression.

Follow the steps to configure a regular expression-based policy:

1. Select Management > Policies.
2. Select Regular expressions tab.
3. Click Add regular expression.

4. Enter pattern name.
5. Define the pattern itself.

Note

• Patterns can be defined as regular expressions.
• Fudo Enterprise does not recognize expressions which use backslash character, e.g. \d, \D, \w, \W.

6. Repeat steps 3-5 to define additional patterns.

7. Click Save and close.

Note

Regular expressions examples

Command rm

(^|[^a-zA-Z])rm[[:space:]]

Command rm -rf (also -fr; -Rf; -fR)

(^|[^a-zA-Z])rm[[:space:]]+-([rR]f|f[rR])

Command rm file

(^|[^a-zA-Z])rm[[:space:]]+([^[:space:]]+[[:space:]]*)?/full/path/to/a/file([[:space:]]|\;|$)
(^|[^a-zA-Z])rm[[:space:]]+.*justafilename

8. Go back to Policies tab.
9. Click Add policy.

10. Enter policy name.
11. Select policy severity.

Note

Severity parameter value is included in the email notification message.

12. Click the Regular expression button in the Policy type section.
13. In the Regular expressions field, select the previously created monitoring pattern.

14. Select the Match input only option to process input stream only.

Note

In RDP, VNC and MySQL protocols only input data is processed.

15. In the Policy Behaviour field, select desired actions to be taken:

• Send email send email notification to system administrator.
• SNMP Trap send SNMP TRAP notification to the receiver.
• - pause connection.
• - terminate session.
• - block user.

Note

• Sending email notifications requires configuring and enabling notification service as well as Session policy match notification enabled in safe configuration.

• Sending SNMP TRAP notifications requires configuring the SNMPv3 TRAP in the System tab. Check the SNMP page for more information.
• Note that blocking the user automatically terminates the connection.

16. Click Save.
17. After defining a policy, assign it to a safe that is used to establish connections to servers.

• Select Management > Safes.
• Edit the selected safe by clicking on its name.
• Go to the Policies tab and select the policy created in the previous step.
• Click Save.

Related topics:

• Artificial Intelligence - AI
• AI sessions processing
• Safes
• Terminating connection
• Notifications
• Security