-<!-- @(#) $Id: proftpd_rules.xml,v 1.17 2009/06/24 17:06:19 dcid Exp $
+<!-- @(#) $Id: ./etc/rules/proftpd_rules.xml, 2011/09/08 dcid Exp $
+
- Official Proftpd rules for OSSEC.
-
- Copyright (C) 2009 Trend Micro Inc.
-
- This program is a free software; you can redistribute it
- and/or modify it under the terms of the GNU General Public
- - License (version 3) as published by the FSF - Free Software
+ - License (version 2) as published by the FSF - Free Software
- Foundation.
-
- License details: http://www.ossec.net/en/licensing.html
<match>Refused PORT </match>
<description>Attempt to bypass firewall that can't adequately</description>
<description> keep state of FTP traffic.</description>
- <info>http://www.kb.cert.org/vuls/id/328867</info>
+ <info type="link">http://www.kb.cert.org/vuls/id/328867</info>
+ <info type="text">US-Cert Note VU#328867: Multiple vendors' firewalls do not adequately keep state of FTP traffic</info>
</rule>
<rule id="11210" level="10">
<if_sid>11200</if_sid>
<match>error setting IPV6_V6ONLY: Protocol not available|</match>
<match> - mod_delay/|PAM(setcred): System error|</match>
- <match>PAM(close_session): System error</match>
+ <match>PAM(close_session): System error|cap_set_proc failed|reverting to normal operation|error retrieving information about user</match>
<description>IPv6 error and mod-delay info (ignored).</description>
</rule>