+++ /dev/null
-<!-- Rules for detecting sensitive users in last logged in users list -->
-<!-- Set level 3 or higher at rule 535 in ossec_rules.xml and comment out <options>no_log</options> to get this working -->
-
-
-<group name="access-control,">
-
- <rule id="25000" level="7">
- <if_sid>535</if_sid>
- <match>root|reboot|admin|superuser|administrator|supervisor|toor</match>
- <description>sensitive login detected</description>
- </rule>
-
-</group>