X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fsudo.ini;fp=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fsudo.ini;h=0000000000000000000000000000000000000000;hb=946517cefb8751a43a89bda4220221f065f4e5d1;hp=f0eedc5e9f996e186a47d66158c68c2db9fa263c;hpb=3f728675941dc69d4e544d3a880a56240a6e394a;p=ossec-hids.git

diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/sudo.ini b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/sudo.ini
deleted file mode 100644
index f0eedc5..0000000
--- a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/sudo.ini
+++ /dev/null
@@ -1,38 +0,0 @@
-[sudo: all]
-log 1 pass = Apr 27 15:22:23 niban sudo:     dcid : TTY=pts/4 ; PWD=/home/dcid ; USER=root ; COMMAND=/usr/bin/tail /var/log/snort/alert.fast
-log 2 pass = Apr 14 10:59:01 enigma sudo:     dcid : TTY=ttyp3 ; PWD=/home/dcid/ossec-hids.0.1a/src/analysisd ; USER=root ; COMMAND=/bin/cp -pr ../../bin/addagent ../../bin/osaudit-logaudit ../../bin/ossec-execd ../../bin/ossec-logcollector ../../bin/ossec-maild ../../bin/ossec-remoted /var/ossec/bin
-log 3 pass = Apr 19 14:52:02 enigma sudo:     dcid : TTY=ttyp3 ; PWD=/var/www/alex ; USER=root ; COMMAND=/sbin/chown dcid.dcid .
-log 4 pass = Dec 30 19:36:11 rheltest sudo: cplummer : TTY=pts/2 ; PWD=/home/cplummer1 ; USER=root ; TSID=0000UM ; COMMAND=/bin/bash
-
-rule = 5403
-alert = 4
-decoder = sudo 
-
-[Failed attempt to run sudo]
-log 1 pass = Jun 25 15:51:13 precise32 sudo:     mike : 1 incorrect password attempt ; TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/ls
-
-rule = 5401
-alert = 5
-decoder = sudo
-
-[First time user executed sudo]
-log 1 pass = Jun 25 15:48:21 precise32 sudo:  mike : TTY=pts/0 ; PWD=/home/vagrant ; USER=root ; COMMAND=/bin/su -
-
-rule = 5403
-alert = 4
-decoder = sudo
-
-[3 incorrect password attempts]
-log 1 pass = Jun 25 16:15:45 precise32 sudo:     mike : 3 incorrect password attempts ; TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/ls
-
-rule = 5404
-alert = 10
-decoder = sudo
-
-[unauthorized user]
-log 1 pass = Apr 13 08:36:31 ix sudo:     ddp2 : user NOT in sudoers ; TTY=ttypZ ; PWD=/home/ddp2 ; USER=root ; COMMAND=/bin/ls
-
-rule = 5405
-alert = 5
-decoder = sudo
-