forked from ossec/ossec-hids
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' of https://github.com/ossec/ossec-hids into rul…
…e_ids_update
- Loading branch information
Showing
3 changed files
with
75 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
[User login failed.] | ||
log 1 pass = Nov 11 22:46:29 localhost su(pam_unix)[23164]: authentication failure; logname= uid=1342 euid=0 tty= ruser=dcid rhost= user=osaudit | ||
|
||
rule = 5503 | ||
alert = 5 | ||
decoder = pam | ||
|
||
[Attempt to login with an invalid user.] | ||
log 1 pass = Nov 11 22:46:29 localhost vsftpd(pam_unix)[25073]: check pass; user unknown | ||
|
||
rule = 5504 | ||
alert = 5 | ||
decoder = pam | ||
|
||
[Login session opened.] | ||
log 1 pass = Nov 11 22:46:29 localhost su(pam_unix)[14592]: session opened for user news by (uid=0) | ||
|
||
rule = 5501 | ||
alert = 3 | ||
decoder = pam | ||
|
||
[Login session closed.] | ||
log 1 pass = Nov 11 22:46:29 localhost su(pam_unix)[14592]: session closed for user news | ||
|
||
rule = 5502 | ||
alert = 3 | ||
decoder = pam | ||
|
||
[User missed the password more than one time] | ||
log 1 pass = Nov 11 22:46:29 localhost sshd(pam_unix)[15794]: 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.3.1 user=root | ||
|
||
rule = 2502 | ||
alert = 10 | ||
decoder = pam | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters