X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=contrib%2Fossec-testing%2Ftests%2Fvsftpd.ini;fp=contrib%2Fossec-testing%2Ftests%2Fvsftpd.ini;h=32edb78c353281b776ce3ce8616283cf2597ff8d;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=0000000000000000000000000000000000000000;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b;p=ossec-hids.git

diff --git a/contrib/ossec-testing/tests/vsftpd.ini b/contrib/ossec-testing/tests/vsftpd.ini
new file mode 100644
index 0000000..32edb78
--- /dev/null
+++ b/contrib/ossec-testing/tests/vsftpd.ini
@@ -0,0 +1,16 @@
+[CONNECT]
+log 1 pass = Wed Jul 27 18:32:27 2016 [pid 2] CONNECT: Client "fe80::baac:6fff:fe7d:d2e0"
+log 2 pass = Wed Jul 27 18:32:27 2016 [pid 2] CONNECT: Client "10.11.12.13"
+
+rule = 11401
+alert = 3
+decoder = vsftpd
+
+[LOGIN]
+log 1 pass = Mon Oct 24 11:32:53 2016 [pid 1] [$ALOC$] FAIL LOGIN: Client "10.55.112.101"
+log 2 pass = Mon Oct 24 11:32:53 2016 [pid 1] [$ALOC$] FAIL LOGIN: Client "fe80::baac:6fff:fe7d:d2e0"
+
+rule = 11403
+alert = 5
+decoder = vsftpd
+