X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=contrib%2Fossec-testing%2Ftests%2Fproftpd.ini;fp=contrib%2Fossec-testing%2Ftests%2Fproftpd.ini;h=84a26a281db4191ced0fd9cd573d833b082d994d;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=0000000000000000000000000000000000000000;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b;p=ossec-hids.git

diff --git a/contrib/ossec-testing/tests/proftpd.ini b/contrib/ossec-testing/tests/proftpd.ini
new file mode 100644
index 0000000..84a26a2
--- /dev/null
+++ b/contrib/ossec-testing/tests/proftpd.ini
@@ -0,0 +1,32 @@
+[unable to open incoming connection (reason may vary)]
+log 1 pass = Jan 04 22:51:57 server proftpd[26169] server.example.net: Fatal: unable to open incoming connection: Der Socket ist nicht verbunden
+rule = 11222
+alert = 4
+decoder = proftpd
+
+[FTP Authentication success]
+log 1 pass = Jan 04 22:51:57 hayaletgemi proftpd[26916]: hayaletgemi (85.101.218.135[85.101.218.135]) - ANON anonymous: Login successful.
+log 2 pass = Jan 04 22:51:57 juf01 proftpd[12564]: juf01 (pD9EE35B1.dip.t-dialin.net[217.238.53.177]) - USER jufu: Login successful
+log 3 pass = Jan 04 22:51:57 xx.yy.zz proftpd[30362] xx.yy.zz (aa.bb.cc[aa.bb.vv.dd]): USER backup: Login successful.
+rule = 11205
+alert = 3
+decoder = proftpd
+
+[Connection refused by TCP Wrappers]
+log 1 pass = Jan 04 22:51:57 server proftpd[2344]: refused connect from 192.168.1.2 (192.168.1.2)
+rule = 11207
+alert = 5
+decoder = proftpd
+
+[Connection denied by ProFTPD configuration]
+log 1 pass = Jan 04 22:51:57 valhalla proftpd[15181]: valhalla (crawl-66-249-66-80.googlebot.com[66.249.66.80]) - Connection from crawl-66-249-66-80.googlebot.com [66.249.66.80] denied.
+rule = 11206
+alert = 5
+decoder = proftpd
+
+[Login failed accessing the FTP server]
+log 1 pass = 2015-04-16 21:51:02,805 zuse proftpd[26189] zuse.domain.com (182.100.67.115[182.100.67.115]): USER root (Login failed): Incorrect password
+rule = 11204
+alert = 5
+decoder = proftpd
+